Work

Seven documented engagements in OT and IT, between 2022 and 2026. Client identities under NDA — sector, country and figures are sharable.

7documented missions
6industry sectors
3countries — BE · FR · LU
1,000+employees trained

OT / IEC 62443 • Energy • BEOct. 2024 — present

Cybersecurity Officer & Industrial Network Expert

Securing OT networks for a multi-site energy operator: zones & conduits architecture, IEC 62443 risk assessments, access procedures, OT Active Directory, DMZ and segmentation across hydro, wind and thermal sites. FAT/SAT support with vendors, HLD/LLD standardisation.

Multi-sitehydro · wind · thermal
SL-T / SL-Crisk register per zone & conduit
DMZ + OT ADdesigned and deployed
OT ADESXiCisco ISA3000 (FTD)Check Point 1570RVLANs
IAM • Luxury • FR9 months

Global IAM tooling rollout & maintenance

Rollout and scalable maintenance of a group-wide identity tool: user stories, access workflow modelling in ServiceNow (onboarding, offboarding, transfers, change), releases, data quality and L3 support.

~150kaccounts under data quality
~150stories delivered
4access workflows modelled
Azure ADServiceNowPowerShellPower BIAgile
Data Protection • Pharma • BE5 months

DLP strategy & tooled roadmap (Purview / Sentinel / MCAS)

DLP strategy and tooled roadmap built with the CISO: business and IT workshops, EBIOS RM risk analysis and implementation plan for Microsoft processes and tools.

13workshops (8 business + 5 IT)
21risk scenarios assessed
1tooled deployment roadmap
PurviewSentinelDefender for Cloud AppsEBIOS RMNIST
NIST SP 800-53 • Banking • LU5 months

NIST SP 800-53 controls prioritisation & assessment

Working with the CISO to prioritise, collect and analyse evidence required by NIST SP 800-53. Scope-by-scope workshops, formalised remediation plan and follow-up.

360controls prioritised & assessed
5scopes covered
5workshops run
NIST SP 800-53RemediationCISO reporting
ISO 27001:2022 • Printing services • LU4 months — ongoing

ISMS rollout, post-pentest remediation & BIA/BCP

Security engagement to roll out an ISO 27001:2022 ISMS, remediate risks identified through a penetration test and train teams. Deliverables: ISMS, BIA/BCP, remediation plan.

40 / 93ISMS controls handled
30 / 50pentest risks remediated
8awareness sessions
ISO 27001:2022BIA / BCPPentest follow-up
Phishing • Public / Construction • FR-BE4 months

Phishing campaigns & awareness, executive reporting

Deployment and operation of phishing tooling (GoPhish), awareness sessions and consolidated executive reports, with tool documentation.

870users covered (520 + 350)
10awareness sessions
4municipalities supported
GoPhishLinuxHTML / CSS
Awareness • Energy • BE2 months

Security escape-game workshops — technical setup

Technical design and setup of escape-game style workshops: VMs, mock phishing site, quizzes and hands-on attacker / defender scenarios.

40sessions run
~200employees trained hands-on
Kali LinuxPyphisherJohn the RipperSlido

Let's talk about a concrete project

OT question, IEC 62443 project, audit, NIS2 scoping or security PMO need? A 30-minute call to validate feasibility and engagement format (short diagnostic, scoped mission, long-term support).

Get in touch

Specialty & scope

Core practice: OT/ICS security (IEC 62443, DMZ, OT AD). Also active on IT (ISO 27001, NIS2, IAM, Microsoft 365).

Past engagements include

Multi-site energy operator · global luxury group · pharmaceutical · banking · printing services · municipalities & construction.