CONSULTING & ENGINEERING

Jean-François CADUDAL

Jean-François CADUDAL

Head of Consulting & Engineering

Consulting & Engineering is the historical team of I-TRACING and has developed many cybersecurity expertises over the course of its 15 years of existence.

Clients-oriented, attentiveness, perfect understanding are our consultants’ key values.

Thanks to a constant technology watch, lab environment, training and sharing culture, Consulting & Engineering brings out its expertise and field experience.

Our methods allow us to adapt to your needs and specifications in order to guide you through the different aspects of cybersecurity:

  • ISS Governance
  • Audit, control and remediation
  • Project owner, project management
  • Consulting and security solutions selection
  • Implementation and integration in your environment, transitional coaching and operation

These expertises are organized in teams :

• Part-Time CISO
• Governance, Risks and Compliance
• Cloud Security
• Data Protection
• Architecture and Security Expertise
• Security Development
• Training and Awareness

Jean-François CADUDAL

Jean-François CADUDAL

Head of Consulting & Engineering

Consulting & Engineering is the historical team of I-TRACING and has developed many cybersecurity expertises over the course of its 15 years of existence.

Clients-oriented, attentiveness, perfect understanding are our consultants’ key values.

Thanks to a constant technology watch, lab environment, training and sharing culture, Consulting & Engineering brings out its expertise and field experience.

Our methods allow us to adapt to your needs and specifications in order to guide you through the different aspects of cybersecurity:

  • ISS Governance
  • Audit, control and remediation
  • Project owner, project management
  • Consulting and security solutions selection
  • Implementation and integration in your environment, transitional coaching and operation

These expertises are organized in teams :

• Part-Time CISO
• Governance, Risks and Compliance
• Cloud Security
• Data Protection
• Architecture and Security Expertise
• Security Development
• Training and Awareness

CISO Part-Time

  • IS security maturity evaluation and roadmap definition

  • Definition and implementation of Informatin Security Management System (ISMS)

  • Project management and actions follow-up

  • Management and user security awareness

  • Audit and continuous control

  • Security incident response

  • Disaster recovery and business continuity planning

CISO Part-Time

  • IS security maturity evaluation and roadmap definition

  • Definition and implementation of Informatin Security Management System (ISMS)

  • Project management and actions follow-up

  • Management and user security awareness

  • Audit and continuous control

  • Security incident response

  • Disaster recovery and business continuity planning

Risks and Compliance

  • Project Owner management: strategy, budget and project validation, ROI

  • ISSP definition for companies and groups, charters, policies and directives

  • Compliance upgrade: planning, SMSI build, preliminary declaration for certification

  • Risk mapping and analysis (functional mapping and job processes)

  • Creation of evaluation and diagnostic’s tools

  • Cyber resilience planning

  • Disaster recovery and business continuity planning

  • Training and awareness campaigns and planning

  • Project management to pilot the cybersecurity’s organizational and operational implementation

  • Project management for SMSI and operational and strategic’ indicators

  • Organizational, compliance and security audits

  • Indicators surveillance

  • Continuous security improvement planning

  • Recommendations and remediations plan

  • From strategic scenarios to operational scenarios

Risks and Compliance

  • Project Owner management: strategy, budget and project validation, ROI

  • ISSP definition for companies and groups, charters, policies and directives

  • Compliance upgrade: planning, SMSI build, preliminary declaration for certification

  • Risk mapping and analysis (functional mapping and job processes)

  • Creation of evaluation and diagnostic’s tools

  • Cyber resilience planning

  • Disaster recovery and business continuity planning

  • Training and awareness campaigns and planning

  • Project management to pilot the cybersecurity’s organizational and operational implementation

  • Project management for SMSI and operational and strategic’ indicators

  • Organizational, compliance and security audits

  • Indicators surveillance

  • Continuous security improvement planning

  • Recommendations and remediations plan

  • From strategic scenarios to operational scenarios

  • Legal Compliance : Military Planning Law ( LPM ), GDPR, National Commission on Informatics and Liberty (CNIL) The National Cybersecurity Agency of France ( ANSSI ), PCI-DSS, PSD2, SOX, HIPAA, Regulatory authority for online games (ARJEL), ISO 2700x, The General Security Referential (RGS), Health Data Hosting (HDS)

  • ISSP definition and control of security policies

  • Conformity check of Firewalls configurations

Data Protection

  • Defining security engineering for IaaS solutions, as well as PaaS for principal cloud brokers

  • Implementation of IaaS / PaaS usage control and monitoring strategies

  • Cloud application control, discovery and remediation shadow IT, shadow data, security O365

  • Security support for cloud migration (Risks, Security Measures, Controls, Detection regulations, etc.)

  • Security of DevOps continuous integration chains (identities, secrets, orchestration, libraries, etc.)

Data Protection

  • Defining security engineering for IaaS solutions, as well as PaaS for principal cloud brokers

  • Implementation of IaaS / PaaS usage control and monitoring strategies

  • Cloud application control, discovery and remediation shadow IT, shadow data, security O365

  • Security support for cloud migration (Risks, Security Measures, Controls, Detection regulations, etc.)

  • Security of DevOps continuous integration chains (identities, secrets, orchestration, libraries, etc.)

Cloud Security

  • Security audits for Microsoft Azure, Amazon Web Services, Google Cloud Platform, Microsoft 365 platforms

  • Definition and implementation of public clouds security engineering

  • Implementation of usage and access protection solutions (CASB and ZTNA)

  • Implementation of data protection solutions

  • Shadow IT detection and data leak prevention protection 

  • Support in the evolution of the security governance 

  • Implementation of cloud compliance management solutions (CSPM)

  • Continuous integrations chains security

Cloud Security

  • Security audits for Microsoft Azure, Amazon Web Services, Google Cloud Platform, Microsoft 365 platforms

  • Definition and implementation of public clouds security engineering

  • Implementation of usage and access protection solutions (CASB and ZTNA)

  • Implementation of data protection solutions

  • Shadow IT detection and data leak prevention protection 

  • Support in the evolution of the security governance 

  • Implementation of cloud compliance management solutions (CSPM)

  • Continuous integrations chains security

Architecture and Security Expertise

  • Studies and technical qualifications of security solutions: comparison, prototyping, PoC, technical demonstration

  • Analysis and audit, optimization recommendations and architecture securization

  • Studies and decision assistance on products and architectures to implement

  • Engineering and integration of products and security architectures: technical and functional specifications, deployment and configuration, architecture validation and verification, SOC tooling, architecture renovation and improvement propositions

  • Training and transfer of skills: training sessions for our clients, corpus of documents

  • Project Owner Assistance / Project Manager Assistance: technical expertise on security solutions and clients projects, compliance, technical management

Architecture and Security Expertise

  • Studies and technical qualifications of security solutions: comparison, prototyping, PoC, technical demonstration

  • Analysis and audit, optimization recommendations and architecture securization

  • Studies and decision assistance on products and architectures to implement

  • Engineering and integration of products and security architectures: technical and functional specifications, deployment and configuration, architecture validation and verification, SOC tooling, architecture renovation and improvement propositions

  • Training and transfer of skills: training sessions for our clients, corpus of documents

  • Project Owner Assistance / Project Manager Assistance: technical expertise on security solutions and clients projects, compliance, technical management

Security Development

  • Secured applications development

  • Remediation assistance following application security audits

  • Secured applications development training (OWASP)

  •  Support and implementation of tools and secured applications process (SAST, DAST, Dependency Check, Security Requirement, Security Check List)

Security Development

  • Secured applications development

  • Remediation assistance following application security audits

  • Secured applications development training (OWASP)

  •  Support and implementation of tools and secured applications process (SAST, DAST, Dependency Check, Security Requirement, Security Check List)

Training and Awareness

  • Communication and awareness material

  • Phishing campaigns

  • Personalized training plan: developers, administrators, top management

  • Cybersecurity workshops

Training and Awareness

  • Communication and awareness material

  • Phishing campaigns

  • Personalized training plan: developers, administrators, top management

  • Cybersecurity workshops

Identity and Access Management

  • Consulting and Identity Project Management : Identity Management, Governance, CIAM

  • Consulting and Access Management Project Management : e-sso, Web SSO, MFA, PAM

  • Managed Services : IAM, MCI and evolutions

Identity and Access Management

  • Consulting and Identity Project Management : Identity Management, Governance, CIAM

  • Consulting and Access Management Project Management : e-sso, Web SSO, MFA, PAM

  • Managed Services : IAM, MCI and evolutions

Pin It on Pinterest

Shares
Share This
M