Paris, Île-de-France, France
My strength? I have a complete understanding of the operational and technical challenges while also being able to discuss strategy with executives and the Board. Plus a mastery of cybersecurity law and the GDPR.Why cybersecurity ?26 years of experience(It's not nothing)Because it's my passion. Because it's human.Because I want to help, to protect and want to have a positive impact on society.Because I prefer to be in action rather than in inaction to fight against security incidents (voluntary or involuntary).MBTI: ENFP-A: « The inspirer & The inspired »What does it mean?Energetic/dynamic - Cooperative - Persuasive - Pragmatic - Expressive - Spontaneous - Creative - Innovative - Imaginative - Enthusiastic - Flexible - Adaptability to change - Always available - Listening to others - Open-minded & Team spirit I recognize myself well in this personality test.That's what is important.My added value:CISO, cybersecurity expert & Executive MBA> Dual skills: Cybersecurity expert / GRC (Governance, Risks, Compliance) & BusinessMy goal is to put all my qualities and skills to use to define and manage my organization's security strategy in order to support and advise it in its global cybersecurity-oriented approach as a company.Identity, Protect, Detect, Respond, Recover, Compliance are the NIST pillars I follow + ISO & CIS.And a lot of myself to build connections and raise awareness by popularizing
Hierarchy : General manager Continuity of the mission and previous actions Regular participation in the committees of the general directors of the services of the 12 municipalities (12 DGS) for cybersecurity reporting Anticipation of the preparation of the NIS2 directive Raising awareness of cybersecurity among elected officials in several municipalities Participation in various round tables on cybersecurity topics Multi-stakeholder educational project for students in cybersecurity schools to practice Bug Bounty in real environments
Hierarchy : more than 10 CIOs Orientation of the creation of the shared CISO function Collaborate with everyone within the whole ecosystem to evolve together Lead with CIOs the France Relance plan and act according to the priorities aligned with the action plan Definition of roadmaps Point of contact with ANSSI - Lead GRC actors and pentester actors Legal help on cybersecurity law Accompany the existing and bring it to maturity Reorganize the priorities according to the risks, the contexts and issues Decision-maker in the choice of intellectual services Implementation of cybersecurity governance around the GRC Communication with the CIOs (Steering committee: strategic, tactical, and operational) Communication with the General Managers Anticipation of the future implementation of the NIS2 directive Audits, advice - Management of cybersecurity service providers - collaboration with IT outsourcing Active role in operational cybersecurity actions Anticipation of strategic and technological choices Cybersecurity policies drafting / Operational adaptation – Process, procedures drafting Gap-analysis based on the ANSSI hygiene guide and ISO 27002 Close collaboration with DPOs (GDPR compliance) Support for the recruitment of senior cybersecurity experts for the Cyber Campus as part of the EDIH mission of the European Commission
I am Serge Misik. In my current position as a shared CISO, I have supported the CYBIAH initiative, coordinated by the Cyber Campus of Paris, to help them structure their offering. I created this micro-enterprise to help small structures, to develop their cybersecurity posture to protect their information assets that make them unique.
Hierarchy: CRO Gap-analysis based on the ANSSI hygiene guide and ISO 27002 to take actions Redefining KPIs (leading & lagging KPIs) Roadmap cyber based on NIST Redefining the ISS policy Cybersecurity and projects steering committees Penetration test management Employee awareness Cybersecurity communication (during the month of the cyber, ...) Cyber crisis management (simulation) Management of the relationship between publishers and suppliers Improvement proposal to automate risk management via an editor platform
Hierarchy : CIO Bringing together the security and operational teams within the Group (SecOps) Redefinition of the internal Cybersecurity organization (management of 5 cybersecurity experts) Close collaboration with the DPO Establishment and management of a CISO Office (Cyber as a Service, via an MSSP partnership) Total redefinition of SOC (Security Operation Center) with the implementation of an EDR and a CSIRT (Risk oriented: ANSSI PDIS & Mitre Attack framework) Definition of an ISO 27001 business scope (4 countries for the same perimeter to build the customers’ trust and bring a competitive advantage) Cybersecurity audit (internal/external) – Cybersecurity ratings – remediation plan Cybersecurity referent within the Digital and Innovation BU, the OT cybersecurity BU, the legal and ethics Direction Development of cybersecurity relays for NA, LATAM, EMEA, APAC Technical reinforcement of protection, detection, and remediation: AD, email, web proxy, EPP/EDR, DNS security, typosquatting) according to the identified risks POC on Internet/Darknet data leak detection Evolution towards an attachment to the Risk Direction
Security governance Security management - Methodology based on ISO 27001 Risk management - Methodology based on ISO 27005 Definition and application of the IT Security Policy according to the company strategy Drawing up of computer charters in collaboration with the legal and the operations Establishment of security indicators - Methodology based on ISO 27004 Security recommendations for applications/services (Cloud, Web, API, ShadowIT) Security recommendations for networks and computers (desktop, laptop, smartphone: NextGen solutions) Security incident management - Crisis management Head of internal/external security audits Study and choice of a vulnerability assessment solution Study of Bug Bounty programs for DevOps and continuous improvement Communication with the top management Security employee awareness Relationship management with IS Security service providers Study and follow-up of security projects (IAM, MDM, SIEM, Antivirus, 0-day, etc.) Legal aspects of IS Security (collaboration with the CIL/DPO, policy on the conservation of traces, compliance with the law) - Support for the implementation of the GDPR Technology watch of the IT Security / Cyber-security Assistance in IT Security incident analysis
Study of blockchain for the media Use case Business strategy Governance of a blockchain consortium Technology study (Ethereum, Hyperledger Fabric, KSI, Ethermint, etc.) Consensus Proposal of a proof of concept
Definition of network (LAN/WAN/WLAN) and security architectures within our IT issues Study and choice of a Firewall solution to complete the existing one Study and choice of a WAF solution Study and choice of a solution to centralize network and security logs As part of the IS reorganization of the multimedia agency project, network and security architecture project manager, and involved in a study concerning SOA architectures and identity management (IAM) Study and implementation of an architecture to optimize TCP transmissions on high latency links Study and implementation of a secure multicast network architecture in the main offices (Paris, Washington, Hong Kong, London, Nicosia and Berlin) allowing for multimedia transport Study, choice, and collaboration with the development group of a reliable multicast implementation (NORM: based on the projects of the US Naval Research Laboratory) Study of a meshed (international) WAN infrastructure responding to the business continuity plan on the backbone Study and implementation of a secure VPN architecture to help offices Study and implementation of a secure WI-FI architecture: Intranet and Hot Spots Study and implementation of the QoS on the WAN to avoid DoS attacks Course support writing and in-house delivery of several courses