À propos de Cyril
Ingénieur CyberSec et DevSecOps avec 8ans d'expérience, spécialisé en Sécurité, protection et souveraineté des données.
Diplômé Mines-Télécom et INSEAD. Freelance depuis 2022. Expérience grands comptes (Défense) et Startups.
IA opérationnelle: j'intègre les meilleurs outils IA du moment (ClaudeCode, Cursor, BMad, Skills) dans mes missions et pipelines clients — productivité accrue, confidentialité respectée (avec accord du client).
🔐 Sécurité IT & Conformité:
- DevSecOps & CICDs → Pipelines sécurisés, scanning, image signing, shift-left security
- Supply Chain Security → SLSA Level 1-3, Chainloop, SBOM (Syft/Tern)
- Container Security → K8s RBAC, OPA/Kyverno, admission controllers
- Corporate Security → CrowdStrike/SentinelOne, Splunk, pfSense/NextDNS, Jamf
- Vulnérabilités → DefectDojo, scanning continu, SAST/DAST, AI pipelines for autonomous vuln discovery
- Zero Trust → Twingate, ZeroTier, OpenZiti, Cloudflare Access
- IAM → Teleport, OIDC/OAuth, Okta, Azure AD/Entra ID, Yubikeys
- Encryption → BYOK, CMK, envelope encryption, KMS/HSM (France), TEEs
- Conformité → RGPD, SOC2 Type II, ISO 27001, NIST
☁️ DevOps & Infra Cloud:
- Cloud → GCP, AWS, Hetzner, multi-cloud
- IaC → Terraform, Ansible, GitOps
- Containers → Kubernetes, Helm, Kustomize
- Dev → Go, Python, Shell
- Ops → Monitoring, logging, alerting, tracing, disaster recovery, backup
🔒 Confidentialité & Souveraineté Numérique:
- Self-Hosted → Vaultwarden, GitLab, Mattermost, Supabase, NextCloud
- Database Security → Field-level encryption, searchable encryption
- Secrets → Cold storage (root CAs, master keys), secret mgmt
- Privacy Tools → DNS chiffré, SimpleX, obfuscation
- Confidential Compute → MPC, TEEs
🤖 Sécurité IA & LLMs:
- Guardrails → filtrage contenu, PII redaction
- Conformité → RGPD, EU AI Act
- Souveraineté → confidential AI training and inference (in enclaves)
→ 📞 Je suis disponible pour discuter de votre projet exemble par Visio
Français
Bilingue ou natif
Anglais
Bilingue ou natif
Accepte de travailler sur site
Toulon (jusqu’à 50 km), Aix-en-Provence (jusqu’à 50 km), Paris (jusqu’à 30 km), Montpellier (jusqu’à 50 km), Nice (jusqu’à 50 km)
Expériences
- Katvio.comFounder (freelancing company)HIGH TECHdécembre 2020 - Aujourd'hui (5 ans et 6 mois)Toulon, FranceHelping businesses meet defense and military-grade security standards:
- DevSecOps: Security-first development practices and CI/CD security
- Supply Chain Security: SLSA Level 1-3 compliance implementation, Chainloop for attestation
- Code Analysis: SBOM generation with Syft/Tern, dependency scanning
- Container Security: K8S RBAC, OPA/Kyverno policies, admission controllers, Run containers in TEEs
- Corporate Security Tools: Jamf Pro (MDM), CrowdStrike & SentinelOne (EDR), Splunk (SIEM), pfSense & NextDNS & LittleSnitch & LuLu (firewalls)
- Vulnerability Management: DefectDojo integration, continuous scanning
- Infrastructure Security: Cloud native security, bare metal hardening, AppArmor
- Zero Trust: Network policies with Twingate, ZeroTier, OpenZiti, Cloudflare Access, Zscaler
- Access Management: Teleport, OIDC, Identity Providers (Okta & Azure AD/Entra ID & GoogleWorkspace), Yubikeys
- Key Management: BYOK, CMK, envelope encryption, TEEs
- Database Security: Implement a proxy that sits btw your app and your DB offering Field-level encryption & searchable encryption
- Cold Secret Storage: cold storage and long-term backup of critical digital assets like root CA or Backup encryption master keys
->See https://katvio.com - NAVAL GROUPDevSecOps Engineerdécembre 2020 - juillet 2022 (1 an et 7 mois)→ In the Tooling & DevSecOps division.→ Project details subject to NDA; available upon request.Contributed to the development and enhancement of an enterprise-grade build automation and security platform:Security & Compliance:
- Integrated SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) engines for continuous security scanning
- Implemented SCA (Software Component Analysis) for vulnerability detection in dependencies
- Automated SBOM (Software Bill of Materials) generation for supply chain transparency
- Code signing and artifact signing for build integrity verification
- Dependency pinning and hash verification to prevent supply chain attacks
CI/CD & Build Infrastructure:- Distributed parallel build orchestration across multiple geographic sites
- Multi-language support (various programming languages, COTS & OSS components)
- Automated code coverage analysis and quality gates
Repository & Artifact Management:- Secure binary and Docker registry management with image signing
- Container image scanning and vulnerability assessment
Supply Chain Security:* Dependency graph analysis and vulnerability tracking- Protection against typosquatting, dependency confusion, and package masquerading attacks
- PeopleSpheres
Sur Malt
Architecture Sécurité d'un SaaS (chiffrement de données)EDITION DE LOGICIELSmars 2024 - juillet 2024 (4 mois)Montpellier, France- Projet 1: Rédaction d'un document d'architecture Sécurité décrivant un système de chiffrement au niveau applicatif de type 'enveloppe encryption' s'appuyant sur un KMS provider pour stockage de clés. Ainsi que l'ensemble de la sécurité autour: cloud native, IAM, au niveau des servers, networking, etc.
- Projet 2: Mise en place d'une solution de feature flagging (feature toggle).
- Projet 3: Création d'un document d'exigences (request for proposals) pour migration de cloud privé (on-premise) vers cloud publics (GCP, AWS, Azure).
- Projet 4: Migration de pipelines CircleCI vers GithubActions.
Avis
Recommandations
FG
Ces profils de freelance correspondent également à vos critères
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Formations
- Engineering degree, Computer ScienceEcole des Mines d'Alès2019Computer Science, Software Development, CyberSecurity, DevOps and Infra
- Executive Education, Change ManagementINSEAD2020Executive Education, Change Management
Certifications
- Created a portable secure file encryption tool for securely cold storing critical informationProtect your most critical assets—crypto wallets, SSH keys, passwords, and sensitive documents—with information-theoretic security designed for safe long-term storage. A robust long-term backup solution that combines AES-256-GCM encryption with Shamir's mathematically proven secret sharing.
- Early warning system against crypto platform collapses.Built system monitors for unusual patterns, negative sentiment spikes, and other risk indicators that often precede platform failures. • SwanWatch uses advanced AI to analyze social media sentiment and on-chain data, 24/7. → Tech Stack: Next.js, React, TS, Tailwind CSS, Node.js, Python, Supabase, custom AI and NLP models, Blockchain RPC nodes and indexers, Ansible.