Download PDF

Pierre-Alain Mouy

PROFESSIONAL PENETRATION TESTER & WEB INFRASTRUCTURE SPECIALIST 

  • Frankfurt am Main - Germany
  • +49 175 698 3345

Before being an independent IT Security consultant, I worked 7 years for Ernst & Young in the field of IT Security. Prior to this, I gained experience as a .Net Project Manager working closely with Microsoft Consulting Services and managing an offshore web development team located in Bucharest.

Throughout the years, I have developed an high expertise in the field of Secure Development Life Cycle and IT Security assessments. In the last 10 years, I have managed multiple penetration teams located in the EMEA and APAC regions for complex long-term and global European penetration testing programs.

I also have an extensive knowledge in web infrastructures and assisted companies in the implementation and securing of complex Internet DMZs with load-balancing, IDS and WAF capabilities.

Work History

Mar 2014NOV 2016

Independent IT Security Expert

BITS Security, FRANKFURT - GERMANY

2016 - Leading sanitary fittings manufacturer - Germany

Threat analysis and complete security assessment of a new Internet of Things platform, including source code reviews, penetration tests and configuration reviews of home appliances, associated mobile appliance and backend services. Intervenes throughout all the phases of the development lifecycle to ensure "security by design".

2016 - Major German retail bank

Penetration test of wireless network hotspots deployed in local branches for retail customers and bank employees. 

2014 / 2015 / 2016 - Financial institutions - Europe

Multiple source code reviews, security audits and penetration tests of online banking and trading applications for various banks and financial institutions located in Frankfurt, Brussels, Paris and Luxembourg.

2015 - Port of Vancouver - Canada

Development of a cloud orchestration platform based on the Netflix Eureka distributed configuration architecture in order to federate, structure and secure a set of existing Java REST micro-services. Implementation of complex versioned configurations with service load balancing and routing strategies.

2014 / 2015 - Jasco Applied Sciences - Canada

Support in the implementation of a centralised reverse-proxy solution based on a combination of open-source products. This platform is the "Single Point of Entry" for all web resources exposed by the company and handles critical operations such as SSL Acceleration or DoS Protection. 

2014 - Multinational Oil and Gas Company - USA

Support in the implementation of the security layer of an UDP-based network protocol used to communicate telemetry data from deep-offshore locations through high-latency satellite connections.

Oct 2009Mar 2014

IT Security Manager

Ernst & Young GmbH, Frankfurt - GERMANY

Management of a centralized penetration team dedicated to the execution of high-volume penetration test for EMEA financial institutions. Amongst others, the following engagements were performed during this period:

2012 / 2014 - Largest German investment bank

Support in the execution of a high-volume multi-year penetration test and source code review programs. Responsible for the management and coordination of European penetration test teams delivering constant quality results – Management of more that 20 IT Security consultants located in 10 countries.

2012 - Major German financial institution

In the context of the implementation of a new Internet DMZ infrastructure, elaboration of efficiency testing procedures on multiples Web Application Firewall (WAF) solutions using fuzzing attacks and applying multiples evasion techniques such as obfuscation, multi-pass encoding, mangling or comparable techniques.

2013 - Largest mobile manufacturer - Suwon, Korea

Source code review and assessment of an integrated workspace providing robust, hardware and software integrated security for mobile devices and offering a multi- layered protection from the device down to the kernel with two-factor biometric authentication for authorized device access.

Jan 2007Oct 2009

Senior IT Security Consultant

Ernst & Young SA, PARIS - FRANCE

Execution of source code review, penetration tests and infrastructure audits for financial institutions and major industry companies. Amongst others, the following engagements were performed during this period:

2008 -  Largest French financial institution

IT Security audit of Front- and Back- Office applications for the lending and capital market activities of the offshore branches located in Hong Kong, Jakarta and Singapore.

2009 - Major French investment bank

Source code review of a complex trading applications (FX, FI and FO and post-trades) developed in Java and based on modern web application components such as Struts, Spring MVC, Hibernate, Google Web Toolkit and SOAP web services.

Oct 2004Dec 2006

Dot.Net Project Manager

Giraud International

Management of an offshore development team located in Bucharest (Romania) dedicated to the development of a web portal based on Microsoft CRM, Sharepoint and Windows Worfkow Fundation.

Skills

Languages

  • French: native
  • English: fluent
  • German: fluent

Project Management

Managed multiple penetration teams located in the EMEA and APAC regions for complex long-term and global European penetration test programs and security assessments.

Web Application Penetration Tessting

10 years of experience in the field of web application penetration testing.

Design and Securing of Web Infrastructures

Extensive knowledge of web architectures with the deployment of IDS/IPS, Load balancers and Web Application Firewalls

Programming and Web Development

Senior developer in Java, C#, JavaScript and iOS

Certifications

NoV 2016

OSCP

Offensive Security

Offensive Security Certified Pentester

Mar 2012

GIAC GWAPT

SANS INFORMATION SECURITY TRAINING

Certified Web Application Penetration Tester

Education

Sep 2003Sep 2004

Master of International Business Management

UNIVERSITY COLLEGE DUBLIN, IRELAND

Major in IT Engineering

Jul 2003Sep 2001

Bachelor of Information Systems Management

ESA Grenoble, FRANCE

Major in System Modelisation