CONSULTING & ENGINEERING
Jean-François CADUDAL
Head of Consulting & Engineering
Consulting & Engineering is the historical team of I-TRACING and has developed many cybersecurity expertises over the course of its 15 years of existence.
Clients-oriented, attentiveness, perfect understanding are our consultants’ key values.
Thanks to a constant technology watch, lab environment, training and sharing culture, Consulting & Engineering brings out its expertise and field experience.
Our methods allow us to adapt to your needs and specifications in order to guide you through the different aspects of cybersecurity:
- ISS Governance
- Audit, control and remediation
- Project owner, project management
- Consulting and security solutions selection
- Implementation and integration in your environment, transitional coaching and operation
These expertises are organized in teams :
• Part-Time CISO
• Governance, Risks and Compliance
• Cloud Security
• Data Protection
• Architecture and Security Expertise
• Security Development
• Training and Awareness
Jean-François CADUDAL
Head of Consulting & Engineering
Consulting & Engineering is the historical team of I-TRACING and has developed many cybersecurity expertises over the course of its 15 years of existence.
Clients-oriented, attentiveness, perfect understanding are our consultants’ key values.
Thanks to a constant technology watch, lab environment, training and sharing culture, Consulting & Engineering brings out its expertise and field experience.
Our methods allow us to adapt to your needs and specifications in order to guide you through the different aspects of cybersecurity:
- ISS Governance
- Audit, control and remediation
- Project owner, project management
- Consulting and security solutions selection
- Implementation and integration in your environment, transitional coaching and operation
These expertises are organized in teams :
• Part-Time CISO
• Governance, Risks and Compliance
• Cloud Security
• Data Protection
• Architecture and Security Expertise
• Security Development
• Training and Awareness
CISO Part-Time
-
IS security maturity evaluation and roadmap definition
-
Definition and implementation of Informatin Security Management System (ISMS)
-
Project management and actions follow-up
-
Management and user security awareness
-
Audit and continuous control
-
Security incident response
-
Disaster recovery and business continuity planning
CISO Part-Time
-
IS security maturity evaluation and roadmap definition
-
Definition and implementation of Informatin Security Management System (ISMS)
-
Project management and actions follow-up
-
Management and user security awareness
-
Audit and continuous control
-
Security incident response
-
Disaster recovery and business continuity planning
Risks and Compliance
-
Project Owner management: strategy, budget and project validation, ROI
-
ISSP definition for companies and groups, charters, policies and directives
-
Compliance upgrade: planning, SMSI build, preliminary declaration for certification
-
Risk mapping and analysis (functional mapping and job processes)
-
Creation of evaluation and diagnostic’s tools
-
Cyber resilience planning
-
Disaster recovery and business continuity planning
-
Training and awareness campaigns and planning
-
Project management to pilot the cybersecurity’s organizational and operational implementation
-
Project management for SMSI and operational and strategic’ indicators
-
Organizational, compliance and security audits
-
Indicators surveillance
-
Continuous security improvement planning
-
Recommendations and remediations plan
-
From strategic scenarios to operational scenarios
Risks and Compliance
-
Project Owner management: strategy, budget and project validation, ROI
-
ISSP definition for companies and groups, charters, policies and directives
-
Compliance upgrade: planning, SMSI build, preliminary declaration for certification
-
Risk mapping and analysis (functional mapping and job processes)
-
Creation of evaluation and diagnostic’s tools
-
Cyber resilience planning
-
Disaster recovery and business continuity planning
-
Training and awareness campaigns and planning
-
Project management to pilot the cybersecurity’s organizational and operational implementation
-
Project management for SMSI and operational and strategic’ indicators
-
Organizational, compliance and security audits
-
Indicators surveillance
-
Continuous security improvement planning
-
Recommendations and remediations plan
-
From strategic scenarios to operational scenarios
-
Legal Compliance : Military Planning Law ( LPM ), GDPR, National Commission on Informatics and Liberty (CNIL) The National Cybersecurity Agency of France ( ANSSI ), PCI-DSS, PSD2, SOX, HIPAA, Regulatory authority for online games (ARJEL), ISO 2700x, The General Security Referential (RGS), Health Data Hosting (HDS)
-
ISSP definition and control of security policies
-
Conformity check of Firewalls configurations
Data Protection
-
Defining security engineering for IaaS solutions, as well as PaaS for principal cloud brokers
-
Implementation of IaaS / PaaS usage control and monitoring strategies
-
Cloud application control, discovery and remediation shadow IT, shadow data, security O365
-
Security support for cloud migration (Risks, Security Measures, Controls, Detection regulations, etc.)
-
Security of DevOps continuous integration chains (identities, secrets, orchestration, libraries, etc.)
Data Protection
-
Defining security engineering for IaaS solutions, as well as PaaS for principal cloud brokers
-
Implementation of IaaS / PaaS usage control and monitoring strategies
-
Cloud application control, discovery and remediation shadow IT, shadow data, security O365
-
Security support for cloud migration (Risks, Security Measures, Controls, Detection regulations, etc.)
-
Security of DevOps continuous integration chains (identities, secrets, orchestration, libraries, etc.)
Cloud Security
-
Security audits for Microsoft Azure, Amazon Web Services, Google Cloud Platform, Microsoft 365 platforms
-
Definition and implementation of public clouds security engineering
-
Implementation of usage and access protection solutions (CASB and ZTNA)
-
Implementation of data protection solutions
-
Shadow IT detection and data leak prevention protection
-
Support in the evolution of the security governance
-
Implementation of cloud compliance management solutions (CSPM)
-
Continuous integrations chains security
Cloud Security
-
Security audits for Microsoft Azure, Amazon Web Services, Google Cloud Platform, Microsoft 365 platforms
-
Definition and implementation of public clouds security engineering
-
Implementation of usage and access protection solutions (CASB and ZTNA)
-
Implementation of data protection solutions
-
Shadow IT detection and data leak prevention protection
-
Support in the evolution of the security governance
-
Implementation of cloud compliance management solutions (CSPM)
-
Continuous integrations chains security
Architecture and Security Expertise
-
Studies and technical qualifications of security solutions: comparison, prototyping, PoC, technical demonstration
-
Analysis and audit, optimization recommendations and architecture securization
-
Studies and decision assistance on products and architectures to implement
-
Engineering and integration of products and security architectures: technical and functional specifications, deployment and configuration, architecture validation and verification, SOC tooling, architecture renovation and improvement propositions
-
Training and transfer of skills: training sessions for our clients, corpus of documents
-
Project Owner Assistance / Project Manager Assistance: technical expertise on security solutions and clients projects, compliance, technical management
Architecture and Security Expertise
-
Studies and technical qualifications of security solutions: comparison, prototyping, PoC, technical demonstration
-
Analysis and audit, optimization recommendations and architecture securization
-
Studies and decision assistance on products and architectures to implement
-
Engineering and integration of products and security architectures: technical and functional specifications, deployment and configuration, architecture validation and verification, SOC tooling, architecture renovation and improvement propositions
-
Training and transfer of skills: training sessions for our clients, corpus of documents
-
Project Owner Assistance / Project Manager Assistance: technical expertise on security solutions and clients projects, compliance, technical management
Security Development
-
Secured applications development
-
Remediation assistance following application security audits
-
Secured applications development training (OWASP)
-
Support and implementation of tools and secured applications process (SAST, DAST, Dependency Check, Security Requirement, Security Check List)
Security Development
-
Secured applications development
-
Remediation assistance following application security audits
-
Secured applications development training (OWASP)
-
Support and implementation of tools and secured applications process (SAST, DAST, Dependency Check, Security Requirement, Security Check List)
Training and Awareness
-
Communication and awareness material
-
Phishing campaigns
-
Personalized training plan: developers, administrators, top management
-
Cybersecurity workshops
Training and Awareness
-
Communication and awareness material
-
Phishing campaigns
-
Personalized training plan: developers, administrators, top management
-
Cybersecurity workshops
Identity and Access Management
-
Consulting and Identity Project Management : Identity Management, Governance, CIAM
-
Consulting and Access Management Project Management : e-sso, Web SSO, MFA, PAM
-
Managed Services : IAM, MCI and evolutions
Identity and Access Management
-
Consulting and Identity Project Management : Identity Management, Governance, CIAM
-
Consulting and Access Management Project Management : e-sso, Web SSO, MFA, PAM
-
Managed Services : IAM, MCI and evolutions
Discover our other expertises
Discover our other expertises
