SECURITY WORK & TIMELINE

Back to main page

SUMMARY

(This page is a filtered timeline for my work done in security).

I specialize in Web & Application, Backend & Platform, Kubernetes and Cloud security where I do:

ENTREPRENEURIAL

Via my own freelance entity REKON, I do security consultancy, automation and audits using some of my own original tooling

Here is what some companies have said about my security work and consultancy:

"Simon's security audit on our wallet component saved us money before going to any ANSSI certification." - Fred de Matos - VP of Engineering, Rockside
"Rekon tools and analysis allowed Edulib to detect and remove a open redirect to a phishing website." - Emilie Barreau - Director, Edulib
"We have strengthened and formalized our SDLC thanks to Simon. It enabled us to bump the security of our processes and set-up tools to ensure it stays secured" - Jeff - Security Engineer, Hivebrite

SECURITY ONLY WORK EXPERIENCE

Staff Engineer & Individual Contributor - FlexAI

Our product ensures AI Workloads as a Service

  • Security management and liaising for validation of SOC2, GDPR, etc.

Senior Offensive Security Engineer - Form3 (UK)

Our product is one of the most resilient, multi-cloud, high volume transactions platform in FinTech. It spans 3 clouds (AWS, GCP & Azure ) using Go, Kubernetes and Infrastructure as Code, with more than 60 internal services/middlewares/gateways and third-party integrations. Customers using our APIs: Loyds banking Group, Mastercard, Barclays, Stripe, JP Morgan, Nationwide, GoCardless, etc.

Part of the small offensive security team. Overall my mission is to create new ways to consistently feed the risk framework of Form3 with novel and relevant vulnerabilities.

Direct responsibilities as Senior Offensive Security Engineer:

  • Provide expertise on Go, AppSec, CloudSec and Kubernetes for our infrastructure, products and services
  • Scale, improve and revamp our team's internal processes and vulnerabilities capture workflow
  • Ongoing review, pentesting of all services/middlewares, our 3 clouds subscriptions (AWS, Azure, GCP) and third party integrations (FeedzAI, Microsoft Copilot, etc.)
  • Create new and original reliable Go tooling for automation and discovery, exposing new areas for novel vulnerabilities
  • Research on new topics, vulnerabilities, bypasses, attack paths, TTP (Tactics Techniques and Procedures) relevant to our platform
  • Bring Go and Test Driven experience, as well as my security background during implementation (i.e. threat modelling)

Freelance for UK/US companies (Security, Architecture, Development, Infra)

As a freelance, I offered concrete and extensive hands-on experience at various levels.

Candy (US) from Jan / November 2022

Working with Candy on their NFT Go platform that offers a first and second marketplace, and gamification of sports items

  • SecOps: build from scratch an encrypted delivery pipeline to locally integrate real production data for developers
  • Handle surface and perimeter security of the deployed platform and product
Improbable (UK) from May / November 2021

Working with Improbable to implement collectively a brand new and modern Go orchestration platform for the multi-players industry

  • Initial security assets assessment and inventory of the product: perimeter, ratio of obsolete sowftares, cryptography used, etc.

Contractor Technical Lead - Rockside (Development, Design, Ethereum, Blockchain, Security, Infra & Architecture)

Security
  • Defining a sound yet simple security model for the infrastructure and our operational side of it
  • Security audits of our various component notably our wallet before ANSSI review
  • Regularly teaching development security practices and performing continuous audit our codebases and infrastructure

Contractor Technical Lead - Edulib (Design, Development, Security, Infra, Scalability)

  • Technical and security audit: backend code, infrastructure, development practices, tooling, etc.
  • Expose, document and explain current scalabilty and security issues with ad hoc threat modeling
  • Put in place new security procedures as well as small iterative and agile processes for the reduced technical team and the transition period
  • Port internal Edulib services to a newly created standardized and more secured AWS infrastructure by reducing its surface

Contractor Technical Lead - Hivebrite (Design, Development, Security, Infra & Middleware)

  • Initial security assessment with swift follow up actions taken to ensure a baseline security for our non production environments
  • Leading the security external review and implementing security controls for the Hivebrite platform
  • Security compliance point of contact and continuous liaison for our customers (Microsoft, etc.) regarding standardization and compliance: ISO, GDPR
  • Starting a SecOps team: threat modeling, audits, continuous security, tools and processes, version upgrade of key components

Security Lead - CyberSecurity firm WALLIX

  • Lead implementor and architect of the open source project for secure defaults in AWS: awless (on AWS internals) won Stackshare top 50 developers tools 2017, InfoWorld Bossie Awards 2017 category best cloud computing software
  • Engineering and cryptography with the implementation of the Golang SDK for the DataPeps an end-to-end encryption WALLIX product
  • Full audits of internal products: WALLIX Bastion, DataPeps server, etc.