Afterwork DSI du Ch’nord


Sur invitation de la communauté DSI GUN, regroupant de décideurs IT de la région Hauts-de-France (DSI, Responsable Informatique, etc.), j’interviendrai à un afterwork le 30 janvier aux côtés de Cédric Foll (Directeur des infrastructures de l’Université de Lille et rédac-chef de MISC) et Nicolas Ruff (chercheur en sécurité chez Google et co-fondateur du podcast francophone NoLimitSecu).

Au programme, un récap du FIC2020 par Cédric suivi d’une table ronde avec nous trois. Les thématiques principales qui se sont détachées lors de la période préparatoire sont : gouvernance de la sécurité, cloud et responsabilité des fournisseurs, divulgation coordonnée de vulnérabilités et ZeroTrust.

L’afterwork est réservé aux membres de la communauté DSI GUN. On se retrouve donc chez Clockwork Lille dès 18h00 !

FIC 2020: Strategy challenge & book signing


Mark your calendars!

The end of January is traditionally associated with “le FIC”, the International Forum for Cybersecurity held in Lille. With Les Assises, it is one of the biggest events in France. As such, it gathers the broader cybersecurity community, from vendors to students, and has a lively lineup of events going on under its umbrella. More on this later on, in a dedicated follow-up blog post.

As traditions go, le FIC is preceded by a conference where researchers and experts gather to share details on digital forensics and incident response (CoRI&IN). I’ve already spoken at CoRI&IN and it is always a pleasure to go back there!

For its 2020 edition, le FIC will cover three instead of two days. The very first day, 28 Jan, will see smaller, more private events taking place as well as CoRI&IN. The full scope event will officially kick off on 29 Jan.

This year, I’ll be joining again the Strategy Challenge as a member of the jury. The Challenge is co-organised by the Atlantic Council and CEIS, and centres around a global crisis situation. Students from different backgrounds compete. Moreover, I’ll be having a book signing at the Furet du Nord booth on 30 Jan between 12:30 and 1:30 PM, so do not hesitate to stop by and say ‘hi’ 🙂

Les applications mobiles à l’ère du RGPD : les enjeux pour notre intimité


Les applications mobiles ont investi les usages mais leur sécurité et conformité restent peu abordées alors que les menaces pour les usagers et leurs données ne cessent de croître. Les applications piratées, détournées, falsifiées défraient la chronique et sont pointées de doigt pour leurs insuffisances. Lorsque la question est portée en interne, il est trop fréquent de voir les équipes technique et/ou juridique se trouver démunies face à l’ampleur de la tâche.

Lors de cette intervention, Esther Onfroy et Rayna Stamboliyska présenteront les défis en matière de sécurité et conformité ainsi que les précautions à prendre pour y répondre. Issue de leur expérience de terrain, cette présentation abordera les aspects sécurité dès la conception, maîtrise de la chaîne de production et lutte contre les abus de données à caractère personnel par, entre autres, des pisteurs embarqués.

On se retrouve donc le mercredi 16 janvier 2019 à la 13e Université des DPO, l’événement incontournable des professionnels de la conformité à la loi Informatique et Libertés et au RGPD, à la Maison de la Chimie, à Paris.


Commuting is taking a toll on ya? Podcasts are the solution

Here is the ultimate podcast list for infosec and data protection. Enjoy!

The other day, I was participating in an after-work panel centring on the professional opportunities cybersecurity at large presents. The discussion primarily focused on drawing in women to the field as a way to diversify and enrich the talent pool. Yet, few of us insisted on focusing on diversity, be it gender, social, etc.

Amongst the main questions was: how do I get into the field? Trying to provide sound advice on that made me realise we have a handful of resources to building up new and/or extra skills within the realm. However, starting off if you are, say, a developer or a legal person may turn bumpy and challenging.

Get to know the industry which interests you: infosec

Often, we hear that technical knowledge is not required for a career in infosec when one has other competencies

IMHO, such a standpoint is debatable. Indeed, you do not — and cannot — learn and know and meaningfully mobilise any technical bit out there. And nobody will ever ask of you to be the a complete technical authoritative encyclopaedia. Yet, I hold that should you ignore the very makeup and fundamentals of the topic, you will be imprecise at best when providing consultancy services. This is true regardless of your non-technical skills.

Podcasts to the rescue

Of course, learning new, complicated, technical stuff demands time, effort, method and rigour. But it does not need to be boring or tedious.

That is why I decided to put up a list of resources of my choosing. The criteria are rather basic: content needs to be diverse, engaging, accessible. I curated the below list of podcasts, in English and French. They are fun enough to get you to learn things, be it help you out in a self-teaching strive, be it make your commute to work more enjoyable.

And naturally, should you have suggestions, let me know: contact details are over here (scroll). Thanks, and enjoy!

Podcasts in English

Podcasts in French

Big Data, Bad Data: My keynote at the Open World Forum 2013


I was honoured to be giving the closing keynote at the Open World Forum 2013. The event took place in Paris on 4 October 2013. I shared the stage with Rand Hindi of :SNIPS and Romain Lacombe of French Prime Minister’s Commission Etalab.

We spoke about what big data can bring to society. Thus, I focused on critically discussing common misconceptions in both Big Data meaning and analysis.

Most importantly, my take-home message is that numbers do not speak of themselves. Rather, data’s meaning in the eye of the beholder. Therefore, context, interpretation, what counts even, are all a function of who runs the analysis.