---

title: 'Thibault Normand' website: http://zenithar.org street: postcode: 0 city: Toulouse phone: +33 668 666 396 email: thibault.normand@gmail.com date: 1983-05-31 ...

Cyber Security Architect / Ninja Developer / SecOps

Resume

Former developer and security enthousiast, I like to deal with projects combining these two skill sets. My experience in development, as well as my curiosity for new technologies, allow me to have a look forward to the future. I put real importance in sharing knowledge and skills within my job environment. Eager for knowledge, I'm always looking for challenges and exploitation of new knowledges.

• Career objectives : Cyber Security Architect; Instructor; Technical Expert; DevSecOps; Slasher;
• Domains : Cyber Security; Big Data; IoT; Blockchain;

Follow me on blog; facebook; github; linkedin; mastodon; twitter;

Download PDF.

Work Experience

• Continental Digital Services - Automotive (R&D) - Toulouse, France

  • Cyber Security Architect / Ninja Developer / SecOps / PO - Since June,2017

    • Product Owner for internal security products.
    • Technical leader / Golang guru.
    • Cyber risk monitoring services definition (AWS).
    • Production platform definition (Data, Services, Products, Operations).
    • Security By Design strategy definition.
    • Secured communication gateway Connected Cars <-> Cloud. (HTTP, MQTT, CoAP)
    • Identification, authorization and accounting platform. (AWS, Go, OIDC / SAML2)
    • Privacy proof authentication protocol. (Crypto, ZKP)
    • Private blockchain integration. (Etherem, Data Sharing, Licensing)
    • Privacy engineering. (Crypto, Go, Java, Scala)
    • Hardening guides writeups. (AWS, Docker / K8S)
    • Architecture audits and consulting. (Threat Modeling)
    • Security code review. (Java / J2EE, NodeJS, Python, Go, Crypto)
    • Formation / Awareness. (Go, Crypto, Blockchain)

• Sogeti ESEC - Security (ESN) - Toulouse, France

  • Cyber Security Expert / Data Architect / Full Stack Developer / DevOps - From October,2013 to June,2017

    • CERT / SOC tooling.
    • Incident management bridge Jira / QRadar (Go, Javascript, RethinkDB)
    • Automated malware analysis platform for IoC extraction. (Go, RethinkDB, RabbitMQ, Docker, Cuckoo, VirusTotal, Yara, AngularJS 2)
    • Threat intelligence platform (Go, RabbitMQ, ElasticSearch, Neo4j, AngularJS)
    • Vulnerability monitoring and followup platform. (Go, RabbitMQ, MongoDB, AngularJS)
    • Embbeded automated virus detection box for USB devices. (Go, AngularJS, Qt, ZMQ, Docker)
    • Microservices: email (composition, sending, signatures), identification / authorization, tokens, licences (Go, gRPC, Consul, Vault, Docker, Rancher)
    • Security code review. (Java / J2EE)
    • Trainee mentoring.

• Infotel - Mainframe (Editor / R&D) - Toulouse, France

  • Engineer R&D / Scrum Master - From January,2010 to October,2013

    • Digital Safe platform. (RabbitMQ, Protobuf, Scala/AKKA, Java, Spring, ElasticSearch, AngularJS)
    • Identification, authorization and accounting platform. (Java, Spring, JWT, PKI, PKCS#11, HOTP)
    • Documentation toolchain. (Git, Jenkins, Maven, Docbook5, XSLT, FOP)
    • Code review. (Java, J2EE)
    • Applicative maintenance. (ClearCase, Java, Struts2, Eclipse RCP, Z/OS)
    • Trainee mentoring.

• SCASSI Conseil - Security (ESN / Consulting) - Toulouse, France

  • Cyber Security Expert - From July,2008 to December,2009

    • EBIOS method risk analysis tool (SOA, J2EE, .Net)
    • Metamodeling for risk modeling applied on software designs (UML)
    • Code review (Java/J2EE, C/C++, PHP)
    • Reverse engineering (Crackme)
    • SoC Analyst
    • Instructor for Virtualisation / Firewall & Access controls workshops

Education

• IUP ISI, Toulouse, France

  • 2008 - Master's degree in Computer Science - 2nd year

    UML Metamodel; Realtime programming (ADA, C, SCADE); J2EE; Law;

  • 2007 - Master's degree in Computer Science - 1st year

    UML Modeling; Distributed programming (Java / J2EE, C); Databases; Mathematics; Mangement / Economy;

  • 2006 - License's degree in Computer Science

    UML Modeling; Languages (Java / C++ / C / ASM); Databases; Mathematics; Mangement / Economy;

• IUT Informatique, Nice, France

  • 2005 - License's degree in Network and System administration

    Network administration; System administration (Unix, Windows); Database administration (Oracle); Mathematics; Management / Economy; Law;

  • 2004 - Associate's degree in Computer Science

    Database; Languages (Java / C++ / C); Network; Mathematics; Management / Law;

• Lycée Albert Camus, Fréjus, France

  • 2002 - High School'degree in Science and Enginnering, option Mathematics

    Mathematics; Mecanic; Electronic; Computer Science;

Languages

• Français - Langue maternelle
• Anglais - Lu, écrit et parlé

Skills

5: Expertise, 4: I know, 3: I can do, 2: I'm learning, 1: Only if really needed !

• Non-Technicals

  • (5/5) : Creative Thinking; Technology watch; Slasher;
  • (4/5) : Project Management / Scrum Master; Meeting lead; Pedagogy / Vulgarisation;
  • (3/5) : Scientific publication writeup; Public talks;

• Security

  • (5/5) : Defensive Programming; Security Threat Countermeasures; OWASP Top 10; SANS Top 25;
  • (4/5) : Code audit; Cryptography / Cipher; Container / Software Hardening; Threat Modeling (DFD, AT); Threat Intelligence; Cuckoo Sandbox;
  • (3/5) : Risk Analysis (EBIOS); GDPR; Suricata; Bro IDS; Honeypots (Cowerie / Kippo); Sinkhole; QRadar SIEM; Splunk; ElasticSearch / LogStash / Kibana;
  • (2/5) : Reverse Engineering; Penetration Testing;

• Languages

  • (5/5) : Go; JavaScript; Java;
  • (4/5) : C/C++; Rust; Ruby; Python;
  • (3/5) : Scala; ASM (x86, ARM7); PHP;
  • (2/5) : Elixir; Erlang;

• Data Engineering

  • (5/5) : Semantic Modeling; Data Preparation; Data Wrangling; Data Scraping;
  • (4/5) : Protégé; Anonymisation; ElasticSearch / LogStash / Kibana;
  • (3/5) : Digital signal processing; Anomaly detection; Statistics; Python / Jupyter / Pandas; SciKit Learn; Machine learning (SVM, PNN, RF, GBM); H2o;

• FullStack Affinities

  • (5/5) : Backend Development; DevOps;
  • (4/5) : Frontend Development;
  • (1/5) : UI/UX Desginer;

• Backend Framework

  • (5/5) : Clean Achitecture; Microservices Patterns; Resilience Patterns; gRPC / Protobuf; REST / GraphQL;
  • (4/5) : NodeJS; Express;
  • (3/5) : Ruby on Rails;

• Cloud

  • (5/5) : RabbitMQ; NATS; NSQ; ZMQ; WebSocket; Serverless;
  • (4/5) : MQTT / eMQTTd; Apache Kafka; Amazon IAM / Cognito; Amazon EC2;
  • (3/5) : Amazon SNS; Amazon IoT; Amazon API Gateway / Lambda; CoAP / DTLS;

• DevOps

  • (5/5) : Docker; Rancher; Prometheus; Consul; Vault;
  • (4/5) : Grafana; GitlabCI; Kubernetes; Helm; Istio / Envoy; Sentry;
  • (3/5) : Jenkins; Terraform;
  • (2/5) : Ansible;

• Frontend / UX

  • (4/5) : VueJS / Vuex; Apollo;
  • (3/5) : HTML5; CSS3 / SASS / LESS; WebAssembly;

• Blockchain

  • (4/5) : General concepts (Proofs, Algorithms, Protocols); Ethereum;
  • (3/5) : J.P. Morgan Quorum; IBM Hyperledger; Parity;
  • (2/5) : Smart Contract; Solidity;

References

Available upon requests.

Miscelaneous

• Instruments musique: Batterie & Saxophone
• Amélioration continuelle grâce à la veille technologique, l'expérimentation et les projets personnels (Sécurité, Logiciels, Techniques de management)
• Rédacteur (Blog)
• Explorateur technologique
• Impression 3D
• Domotique
• Développement personnel
• Cuisine du monde
• Microbrasserie
• Pâtisserie / Boulangerie
• Rénovation maison (Maçonnerie, Isolation, Electricité)