Cybersecurity Expert & IAM Functional SPOC
(Banks and financial services, 1000-5000 employees)
Keywords
Identity Management
Auditing
Consulting
Project Planning
Ping (Networking Utility)
Cyberark
Budgeting
Privileged Access Management
Skills
Cybersecurity consultant with 9 years of experience.
I'm specialised in identity and access management (IAM) and privileged access management (PAM)
Experience in the deployment of numerous IAM solutions (Wallix, Ping Federate / PingID, Brainwave, CyberArk, InWebo...):
- as an integrator / expert
- as an architect
- as a project manager
Experience in consulting / audit including activities like the :
- analysis of the existing system
- collection of needs
- definition/analysis of the possible scenarios (planning, budget, workload, etc.)
- recommendation of a complete project plan
I'm specialised in identity and access management (IAM) and privileged access management (PAM)
Experience in the deployment of numerous IAM solutions (Wallix, Ping Federate / PingID, Brainwave, CyberArk, InWebo...):
- as an integrator / expert
- as an architect
- as a project manager
Experience in consulting / audit including activities like the :
- analysis of the existing system
- collection of needs
- definition/analysis of the possible scenarios (planning, budget, workload, etc.)
- recommendation of a complete project plan
Project history
03/2019
-
05/2022
Functional representative for the IAM solution & functional SPOC for the CyberArk deployment for OS and Oracle access
(France + Italy)
Main activities:
- Least privilege: rationalization of the IAM model and of the access rights of all the IT teams
- Implementation & execution of access controls and recertifications
- Definition of the functional model for access via CyberArk including the privileges by population, the specification of
new objects (accounts, profiles...) and presentation to the business + top management
- Business support during the transition to the use of CyberArk and in the deletion of all the legacy access
- Project manager for the CyberArk deployment for Oracle access on the entire regulatory scope
- Gathering the IT + Business needs and accompanying for integration in the IAM + CyberArk solution
(France + Italy)
Main activities:
- Least privilege: rationalization of the IAM model and of the access rights of all the IT teams
- Implementation & execution of access controls and recertifications
- Definition of the functional model for access via CyberArk including the privileges by population, the specification of
new objects (accounts, profiles...) and presentation to the business + top management
- Business support during the transition to the use of CyberArk and in the deletion of all the legacy access
- Project manager for the CyberArk deployment for Oracle access on the entire regulatory scope
- Gathering the IT + Business needs and accompanying for integration in the IAM + CyberArk solution
06/2018
-
03/2019
Project Manager & CyberArk "referent"
Support, audit, challenge and advice on the currently deployed privileged account management solution (CyberArk)
Supervision of a team of 2 consultants
Main activities:
- Writing technical and commercial proposals
- Analysis of the existing, collection of needs and recommendations: preparation and animation of workshops
- Perspective of the coverage of needs to the current situation
- Technical audit
- Definition of a clear strategy on the management of privileged accounts
- Presentation of the state of the art of the market in similar contexts ..........
- Proposal of a short-term strategy taking into account functional, financial aspects and impacts on the existing
- Definition of a complete project plan for implementing recommendations
- Writing and presentation of the results.
Supervision of a team of 2 consultants
Main activities:
- Writing technical and commercial proposals
- Analysis of the existing, collection of needs and recommendations: preparation and animation of workshops
- Perspective of the coverage of needs to the current situation
- Technical audit
- Definition of a clear strategy on the management of privileged accounts
- Presentation of the state of the art of the market in similar contexts ..........
- Proposal of a short-term strategy taking into account functional, financial aspects and impacts on the existing
- Definition of a complete project plan for implementing recommendations
- Writing and presentation of the results.
06/2018
-
03/2019
Project Manager / PAM Expert
(Other, 500-1000 employees)
Consulting and support on an opportunity study around privileged account management Supervision of a team of 2
consultants.
Main activities:
- Writing technical and commercial proposals
- Analysis of the existing and needs collection: preparation and animation of workshops
- Presentation of the state of the art of the market in similar contexts
- Proposal of scenarios considering the different perimeters, functional aspects and impacts on the existing
- Presentation of the leading PAM solutions on the market with a focus on the customer context
- Definition of a complete project plan for implementation and deployment
- Writing and presentation of the results
consultants.
Main activities:
- Writing technical and commercial proposals
- Analysis of the existing and needs collection: preparation and animation of workshops
- Presentation of the state of the art of the market in similar contexts
- Proposal of scenarios considering the different perimeters, functional aspects and impacts on the existing
- Presentation of the leading PAM solutions on the market with a focus on the customer context
- Definition of a complete project plan for implementation and deployment
- Writing and presentation of the results
01/2013
-
01/2019
Cybersecurity Consultant - IAM / PAM Project Manager
SYNETIS
(Internet and Information Technology, 50-250 employees)
Expert & Project Manager + Level 3 Support
Expert / Architect / Project Manager for deployment &
advisory missions (IAG, PAM, Identity Federation)
Management of 3 consultants
Expert / Architect / Project Manager for deployment &
advisory missions (IAG, PAM, Identity Federation)
Management of 3 consultants
05/2018
-
12/2018
Project Manager / Brainwave Expert
Maintenance in operational condition and development on Brainwave platform, through a service center: all related
activities are done remotely from Synetis office
Role: Service center steering, Project manager and and management of 2 consultants
Main activities:
- Project Management (dashboard etc)
- Project & steering committee animation
- Regular communication with the customer
- Redaction of the evolution quotation
- Monitoring & maintenance of skills
- Mission performance monitoring (SLA, KPI etc)
activities are done remotely from Synetis office
Role: Service center steering, Project manager and and management of 2 consultants
Main activities:
- Project Management (dashboard etc)
- Project & steering committee animation
- Regular communication with the customer
- Redaction of the evolution quotation
- Monitoring & maintenance of skills
- Mission performance monitoring (SLA, KPI etc)
01/2018
-
12/2018
Project Manager / Wallix Expert
(Transport and Logistics, 1000-5000 employees)
This project's goal is the implementation of Wallix Admin Bastion (Virtualized Environment)
Team management: 2 consultants
Implementation of the following features:
- Privileged Account Management (PAM)
- Management & Access control
- Single authentication with Sign&Go IDP
- Audit & Tracability
- Real time monitoring
- High availability
- Access-manager webportal for the external users
- Integration with SailPoint Identity IQ
Main activities:
- Project management
- Workshop, project & steering committee animation
- Bastion implementation and configuration
- Documentation
Software and technologies: Wallix Admin Bastion, Wallix Access Manager, Active Directory
Team management: 2 consultants
Implementation of the following features:
- Privileged Account Management (PAM)
- Management & Access control
- Single authentication with Sign&Go IDP
- Audit & Tracability
- Real time monitoring
- High availability
- Access-manager webportal for the external users
- Integration with SailPoint Identity IQ
Main activities:
- Project management
- Workshop, project & steering committee animation
- Bastion implementation and configuration
- Documentation
Software and technologies: Wallix Admin Bastion, Wallix Access Manager, Active Directory
09/2017
-
08/2018
Project Manager / Wallix Expert
(Other, 500-1000 employees)
This project's goal is the implementation of Wallix Admin Bastion appliances on two Defense scopes
Scope :
- 900 admins
- 10500 targets
Implementation of the following features:
- Privileged Access Management (PAM)
- Management and access control
- Single authentication
- Audit and tracability
- High Availability
- Real time monitoring
Main activities:
- Project management
- Workshop, project & steering committee animation
- Bastion implementation and configuration
- Documentation
Scope :
- 900 admins
- 10500 targets
Implementation of the following features:
- Privileged Access Management (PAM)
- Management and access control
- Single authentication
- Audit and tracability
- High Availability
- Real time monitoring
Main activities:
- Project management
- Workshop, project & steering committee animation
- Bastion implementation and configuration
- Documentation
11/2017
-
04/2018
Project Manager / InWebo solution
Brainwave GRC
This project's goal is the implementation of the cloud strong authentication solution, inWebo, with the objective to
enhance globally and sustainably the IS security
Scope:
- Creation and configuration of inWebo tenant
- Installation and configuration of the inWebo Directory Sync tool
- Connection with NetIQ Access Manager IDP
- Installation and deployment of inWebo in UAT
- Go live assistance
Implementation of the following features:
- Multi factor authentication, based on:
« Soft token »
Web browser
- InWebo SaaS portal configuration
Main activities:
- Project management
- Workshop, project & steering committee animation
- Configuration of the authentication with NetIQ IDP
- Flows configuration with the LDAP Directory
- Unit tests
- Documentation
- Skills transfer
Software and technologies: LDAP Directory, inWebo, NetIQ Access Manager
enhance globally and sustainably the IS security
Scope:
- Creation and configuration of inWebo tenant
- Installation and configuration of the inWebo Directory Sync tool
- Connection with NetIQ Access Manager IDP
- Installation and deployment of inWebo in UAT
- Go live assistance
Implementation of the following features:
- Multi factor authentication, based on:
« Soft token »
Web browser
- InWebo SaaS portal configuration
Main activities:
- Project management
- Workshop, project & steering committee animation
- Configuration of the authentication with NetIQ IDP
- Flows configuration with the LDAP Directory
- Unit tests
- Documentation
- Skills transfer
Software and technologies: LDAP Directory, inWebo, NetIQ Access Manager
10/2016
-
09/2017
Project Manager / Ping Federate expert
As a member of the Security team, I am mainly in charge of the federation identity platform, Ping Federate
Actions related to the mission:
- Maintenance in operational condition
- Identification of the needs around the platform
- Applications' migration to Ping Federate
- Level 2 Support
- Coordinate internal actions
- Participation in workshops related to the merge between the client and another US based company
- Upgrade of Ping Federate infrastructure
- Ping One implementation for the application portal & Ping ID for the multi factor authentication
Software and technologies: Ping Federate, Ping ID,Active Directory
romain.devauchelle@pm.me
25 days contract
Project Manager / Brainwave Expert
This project's goal is the 'go live' of Brainwave GRC (2015 version) on an existing functional perimeter
Principal missions :
- Development of several access roles on the webportal
- Update of configuration's elements
- Documentation update
- Assistance for acceptance and production
Actions related to the mission:
- Maintenance in operational condition
- Identification of the needs around the platform
- Applications' migration to Ping Federate
- Level 2 Support
- Coordinate internal actions
- Participation in workshops related to the merge between the client and another US based company
- Upgrade of Ping Federate infrastructure
- Ping One implementation for the application portal & Ping ID for the multi factor authentication
Software and technologies: Ping Federate, Ping ID,Active Directory
romain.devauchelle@pm.me
25 days contract
Project Manager / Brainwave Expert
This project's goal is the 'go live' of Brainwave GRC (2015 version) on an existing functional perimeter
Principal missions :
- Development of several access roles on the webportal
- Update of configuration's elements
- Documentation update
- Assistance for acceptance and production
07/2016
-
10/2016
Project Manager / Brainwave Expert
Brainwave GRC
This project's goal is the realization of a pilot for the AMC (Access Monitoring Center) project for the client ; this is
achieved thanks to Brainwave GRC deployment. The main objectives are:
- Monitor IAM services
- Detect anomalies, highlight risks and provide means to launch remediation action plans for mitigating/reducing
those risks;
- Obtain a cartography and a global vision of the IS
- Ensure compliance of IAM services in accordance to internal policies
Main activities:
- Analysis of the inputs to collect
- Workshops to describe Brainwave GRC solution
- Collect's development
- Definition & development of controls (around 20 including orphan accounts, SoD, theoretical rights)
- Development of custom reports
- Development of several access roles on the webportal
- Project & collects documentation
Software and technologies: Brainwave GRC
Ponctual romain.devauchelle@pm.me
Security consultant
This project's goal is an audit of the recertification process already in place
Main activities:
- Interview workshops of the different teams
- Documentation on the 'AS-IS' situation and review of needs
- Definition / analysis of the main possible scenarios in Bouygues Telecom context
Recommendation on a full project plan to enhance the recertification process
achieved thanks to Brainwave GRC deployment. The main objectives are:
- Monitor IAM services
- Detect anomalies, highlight risks and provide means to launch remediation action plans for mitigating/reducing
those risks;
- Obtain a cartography and a global vision of the IS
- Ensure compliance of IAM services in accordance to internal policies
Main activities:
- Analysis of the inputs to collect
- Workshops to describe Brainwave GRC solution
- Collect's development
- Definition & development of controls (around 20 including orphan accounts, SoD, theoretical rights)
- Development of custom reports
- Development of several access roles on the webportal
- Project & collects documentation
Software and technologies: Brainwave GRC
Ponctual romain.devauchelle@pm.me
Security consultant
This project's goal is an audit of the recertification process already in place
Main activities:
- Interview workshops of the different teams
- Documentation on the 'AS-IS' situation and review of needs
- Definition / analysis of the main possible scenarios in Bouygues Telecom context
Recommendation on a full project plan to enhance the recertification process
03/2014
-
07/2016
Security Consultant - Brainwave & IGA "referent"
(Banks and financial services, 1000-5000 employees)
The goal of this project is to map application accesses, produce controls on the IS, perform identity and acess reviews
(using workflows) by application and organization, and also to perform SoD (Segregation of Duties) controls.
Two softwares are mainly used: Talend Open Studio (for the identity repository construction) and Brainwave iGRC
Analytics for controls production and reviews.
Actions related to the mission:
- Weekly production of delivery:
central identity repository using several sources (Talend) and associated reporting (iReport) to monitor
trends
collect in Braiwave of more than 300 organizations, more than 2000 identities, dozens of applications,
and thousands of accounts and permissions.
- In charge of the whole Brainwave's platform: evolutions, technical updates...
- Development of controls into the webportal: remote access control (RSA tokens), local admin rights,
organization's controls...
- Development of personalised reports for reglementary controls (orphan accounts, service accounts...)
- Integration of SoD controls and theorical rights controls
- Integration of new applications in Brainwave
- Development of reviews by organization: on identities, access, shared folders...
- Development of several access roles (manager, controller...) on the webportal with dashboards
- Project management & monitoring with JIRA
- Interaction between Brainwave & other tools (JIRA...) using webservice calls
- Creation of a service center: externalization of Brainwave's tasks in Synetis office (skill transfer...)
Software and technologies: Brainwave iGRC Analytics (v2012, v2014 et v2015), SQL Server 2008/2012, Apache
Tomcat 7, JIRA, Talend Open studio, iReport, BIRT, Java, JavaScript, PostgreSQL
(using workflows) by application and organization, and also to perform SoD (Segregation of Duties) controls.
Two softwares are mainly used: Talend Open Studio (for the identity repository construction) and Brainwave iGRC
Analytics for controls production and reviews.
Actions related to the mission:
- Weekly production of delivery:
central identity repository using several sources (Talend) and associated reporting (iReport) to monitor
trends
collect in Braiwave of more than 300 organizations, more than 2000 identities, dozens of applications,
and thousands of accounts and permissions.
- In charge of the whole Brainwave's platform: evolutions, technical updates...
- Development of controls into the webportal: remote access control (RSA tokens), local admin rights,
organization's controls...
- Development of personalised reports for reglementary controls (orphan accounts, service accounts...)
- Integration of SoD controls and theorical rights controls
- Integration of new applications in Brainwave
- Development of reviews by organization: on identities, access, shared folders...
- Development of several access roles (manager, controller...) on the webportal with dashboards
- Project management & monitoring with JIRA
- Interaction between Brainwave & other tools (JIRA...) using webservice calls
- Creation of a service center: externalization of Brainwave's tasks in Synetis office (skill transfer...)
Software and technologies: Brainwave iGRC Analytics (v2012, v2014 et v2015), SQL Server 2008/2012, Apache
Tomcat 7, JIRA, Talend Open studio, iReport, BIRT, Java, JavaScript, PostgreSQL
12/2013
-
03/2014
Security Consultant - Brainwave Expert
Implementation of Brainwave iGRC Analytics solution for the automatization of controls on identities, accounts,
habilitations, profiles, rights and permissions for several repositories and critical applications of the IS.
Main activities:
- Deployment of Brainwave iGRC Analytics solution
- Deployment of the webportal
- The drafting of functional and technical specifications
- Development of personalised reports
- Assistance for acceptance
- Assistance for production
- Skills transfer
Software and technologies: Brainwave iGRC Analytics (v2012), SQL Server 2008, OracleDB 11gR2, Apache Tomcat 7
habilitations, profiles, rights and permissions for several repositories and critical applications of the IS.
Main activities:
- Deployment of Brainwave iGRC Analytics solution
- Deployment of the webportal
- The drafting of functional and technical specifications
- Development of personalised reports
- Assistance for acceptance
- Assistance for production
- Skills transfer
Software and technologies: Brainwave iGRC Analytics (v2012), SQL Server 2008, OracleDB 11gR2, Apache Tomcat 7
Local Availability
Only available in these countries:
France
Europe : 1x/month maximum
Worldwide : 1x/quarter maximum
Worldwide : 1x/quarter maximum
