Menu

Jérôme LÉONARD

BRUNOY

En résumé

I have been involved in Information Security for almost 12 years now, and developped many skills and knowledge on the following particular areas :
- Digital Forensic & Incident Response,
- Vulnerability Assessment & Management,
- Patch Management,
- Infrastructure Security,
- Security metrics & dashboard,
- Data visualization,
- Security Policy and Hardening Guides (OS & Apps),
- Security integration in business projects, risks analysis,
- Compliance & technical audits (PCI-DSS, Security Policy, Hardening guides, Best Practice)
- Training.


Since mid-2010, as an independent consultant, I work for many customers in various domains of activity such as Bank, Insurance, Industry, Technical Service or Online gambling.

--
* 2011 : GCFA (GIAC Certified Forensic Analyst)
* 2009-2011 : LEAD AUDITOR NF ISO/IEC 27001 :2007

Mes compétences :
IT Security
Forensics
Audit

Entreprises

  • Freelance - Information Security Consultant

    2010 - maintenant Have been part of CSO teams of different customers :
    - Incident handling,
    - Post-incident investigation and malware behavior analysis,
    - Definition and implementation of security metrics & dashboards,
    - Definition and implementation of vulnerability assessement processes and tools (Qualys),
    - Systems security improvement : coordinate teams to follows OS hardening guide and implement security rules,
    - Definition and coordination of the implementation of the Patch Manamgenent process in technicals teams,
    - Compliance audits highlighing issues in technical & organizational processes ; programatic and adjusted solutions to improve the global security,
    - Security Policy, technical guides,
    - Security integration in business projects and risks analysis.

  • Hapsis - Information Security Consultant

    2005 - 2010 Have been part of CSO team of different customers :
    - Incident handling,
    - Post-incident investigation,
    - Malware behavior analysis,
    - OS & Application Hardening : wrote hardening guide of Unix & Windows OS and Databases for technical teams,
    - Vulnerability & Compliance Assessment with Qualys (developped tools to automatically export & visualize the distribution of vulnerability through different criterias (Business Unit, OS, Technical teams ...),
    - Security Project Management : SIEM, Log Management, Vulnerability Asssessement solutions.
    - Security integration in business projects : meet businesses and helped identified most pragmatic and adapted solutions regarding their goals & security policy,
    - Product evaluation (security point of view).
    - Technical audits : Visited many different business units of a bank in Europe and assessed the Security Level of their system & network architecture (regarding best practices)

  • Aequalis - IT Security Consultant

    2004 - 2005 Member of a CSO team :
    - Incident Handling : highlighted technical issues in business processes (internal frauds),
    - Coordination of the implementation of corrections after audits.
    Member of a security administrators team :
    - DNS & SMTP gateways security administrator.

  • Neurocom - IT Security Consultant

    neuilly sur seine 2001 - 2004 - Member of the Audit & Penetration tests team,
    - Integration & installation of security solutions & products,

Formations

  • Sans (Amsterdam)

    Amsterdam 2011 - 2011 GCFA (GIAC Certified Forensic Analyst)

    Forensic Analyst

  • HSC

    Levallois Perret 2009 - 2009 LEAD AUDITOR NF ISO/IEC 27001 :2007

    ISO 27001 - Lead Auditor - April 2009-October 2010

Réseau

Annuaire des membres :