Download PDF

Pierre-Alain Mouy


  • Frankfurt am Main - Germany
  • +49 175 698 3345

Before being an independent IT Security consultant, I worked 7 years for Ernst & Young in the field of IT Security. Prior to this, I gained experience as a .Net Project Manager working closely with Microsoft Consulting Services and managing an offshore web development team located in Bucharest.

Throughout the years, I have developed an high expertise in the field of Secure Development Life Cycle and IT Security assessments. In the last 10 years, I have managed multiple penetration teams located in the EMEA and APAC regions for complex long-term and global European penetration testing programs.

I also have an extensive knowledge in web infrastructures and assisted companies in the implementation and securing of complex Internet DMZs with load-balancing, IDS and WAF capabilities.

Work History

Mar 2014MAR 2017

Independent IT Security Expert


2016 / 2017 - Leading sanitary fittings manufacturer - Germany

Threat analysis and complete security assessment of a new Internet of Things platform, including source code reviews, penetration tests and configuration reviews of home appliances, associated mobile appliance and backend services. Intervenes throughout all the phases of the development lifecycle to ensure "security by design".

2016 - Major German retail bank

Penetration test of wireless network hotspots deployed in local branches for retail customers and bank employees. 

2015 - Port of Vancouver - Canada

Development of a cloud orchestration platform based on the Netflix Eureka distributed configuration architecture in order to federate, structure and secure a set of existing Java REST micro-services. Implementation of complex versioned configurations with service load balancing and routing strategies.

2014 / 2015 - Jasco Applied Sciences - Canada

Support in the implementation of a centralised reverse-proxy solution based on a combination of open-source products. This platform is the "Single Point of Entry" for all web resources exposed by the company and handles critical operations such as SSL Acceleration or DoS Protection. 

Oct 2009Mar 2014

IT Security Manager

Ernst & Young GmbH, Frankfurt - GERMANY

Management of a centralized penetration team dedicated to the execution of high-volume penetration test for EMEA financial institutions. Amongst others, the following engagements were performed during this period:

2012 / 2014 - Deutsche Bank

Support in the execution of a high-volume multi-year penetration test and source code review programs. Responsible for the management and coordination of European penetration test teams delivering constant quality results – Management of more that 20 IT Security consultants located in 10 countries.

  • Security assessment of a PaaS application for a Benelux lending branch. The review included the black-box penetration test of both CRM instance and integration APIs, and the source code review of custom APEX source code.

2013 - Largest mobile manufacturer - Suwon, Korea

Source code review and assessment of an integrated workspace providing robust, hardware and software integrated security for mobile devices and offering a multi- layered protection from the device down to the kernel with two-factor biometric authentication for authorized device access.

Jan 2007Oct 2009

Senior IT Security Consultant

Ernst & Young SA, PARIS - FRANCE

Execution of source code review, penetration tests and infrastructure audits for financial institutions and major industry companies. Amongst others, the following engagements were performed during this period:

2008 -  Largest French financial institution

IT Security audit of Front- and Back- Office applications for the lending and capital market activities of the offshore branches located in Hong Kong, Jakarta and Singapore.

2009 - Major French investment bank

Source code review of a complex trading applications (FX, FI and FO and post-trades) developed in Java and based on modern web application components such as Struts, Spring MVC, Hibernate, Google Web Toolkit and SOAP web services.

Oct 2004Dec 2006

Dot.Net Project Manager

Giraud International

Management of an offshore development team located in Bucharest (Romania) dedicated to the development of a web portal based on Microsoft CRM, Sharepoint and Windows Worfkow Fundation.



  • French: native
  • English: fluent
  • German: fluent

Project Management

Managed multiple penetration teams located in the EMEA and APAC regions for complex long-term and global European penetration test programs and security assessments.

Web Application Penetration Tessting

10 years of experience in the field of web application penetration testing.

Design and Securing of Web Infrastructures

Extensive knowledge of web architectures with the deployment of IDS/IPS, Load balancers and Web Application Firewalls

Programming and Web Development

Senior developer in Java, C#, JavaScript and Objective C


NoV 2016


Offensive Security

Offensive Security Certified Pentester

Mar 2012



Certified Web Application Penetration Tester


Sep 2003Sep 2004

Master of International Business Management

Jul 2003Sep 2001

Bachelor of Information Systems Management

IAE Grenoble, FRANCE