Lionel POTEAU

AREAS OF EXPERTISE:

• IT Governance:
Information systems strategy definition and implementation. Policies, guidelines and process development. Information classification.
• IT Security Management:
Identity and access control management. Business continuity planning. Data protection.
• ISMS Implementation:
Quality oriented management process implementation for risk exposure detection and continual improvement of the security baseline
• ISO 27001 Certification:
ISO 27001 project management. Audit and pre-audit in order to assure compliance and gain certification
• Project Management:
Project definition and kick-off, performance appraisal and quality assurance, change control management, communication management, support to PMO.
• Hacking Techniques:
Manipulation of hacking techniques: footprinting, network scanning and sniffing, password and authentication cracking, escalation of privileges, information dissimulation, denial of service, session hijacking and code exploit.

For ALTIOR, subsidiary of the Altran Group, a leading global, $2B+ consultancy specializing in innovative.
• Championed IT security consulting as a new business practice for the company. Requested by CEO to develop, launch and lead this new division, reporting directly to the COO.
• Evaluated consulting candidates, developed marketing presentations and materials, mentored sales teams to qualify customer needs and coached 40+ consultants on technical projects.
• Created center of expertise to capitalize on consultant feedback and experiences.

• Adviser to CISO with specific focus on deploying information security governance program based on ISO 17799 for SNCF, the French national railway company.
• Protected French railway’s $890M IT investment by reducing risks to an acceptable level and defined security operations center to address day-to-day and real-time security events.
• Performed risk assessment and business impact analysis on client’s IT projects.
• Managed network of 80 security employees throughout the company to institute security control processes and application interface reviews.
• Led internal audits and managed third-party audits to ensure compliance with existing policies and laws.

For SFR, a leading French telecom operator:
• Planned, designed and implemented a new, centralized, and high availability file transfer architecture. Purpose was to manage all information exchanges between the company and its stakeholders, including business-critical workflows such as money orders to the banks. The project increased performance by 300 %, halved the costs, and brought security risks down to an acceptable level.
• Technical troubleshooter for security technologies, including VPN, PKI, SSL/TLS, Windows and UNIX system hardening, IDS, firewalls, proxies, penetration testing, crypto-algorithms.
• Collaborated with the CISO team and project management groups to conduct internal audits and introduce augmented security procedures and/or technologies.
• IT instructor for the internal support team.

• Directed broad range of IT security projects for applications such as PKI, VPN, firewalls and smart cards.
• Performed security vulnerability assessment, audits and penetration tests.
• Analyzed products and costs and made recommendations on acquisition and implementation.

• Analyzed customer needs and provided hardware, software and network integration and maintenance solutions.
• Designed and implemented corporate firewalls and security plans and managed installation projects.