Download PDF

Pierre-Alain Mouy


Before being an independent IT Security consultant, I worked 7 years for Ernst & Young in the field of IT Security. Prior to this, I gained experience as a .Net Project Manager working closely with Microsoft Consulting Services and managing an offshore web development team located in Bucharest.

Throughout the years, I have developed an high expertise in the field of Secure Development Life Cycle and IT Security assessments. In the last 10 years, I have managed multiple penetration teams located in the EMEA and APAC regions for complex long-term and global European IT Security assessment  programs.

I also have an extensive knowledge in web infrastructures and assisted companies in the implementation and securing of distributed architectures based on technologies such as REST micro-services, message brokers and server-less infrastructures, deployed either in premises or in cloud infrastructures  such as Amazon Web Services, OpenStack or Microsoft Azure.

Work History

Mar 2014OCT 2017

Cloud and IT Security Expert


2017 - Consortium of 8 European banks

Member of the Global Audit team in charge to perform the initial security assessment of a global blockchain trading finance solution based on Fabric Hyperledger and deployed in IBM Cloud (previously BlueMix). The scope of the assessment includes security activities such as threat assessment, web application penetration tests, configuration reviews and static source code analysis. 

2016 / 2017 - Grohe [Germany]

Threat analysis and complete security assessment of a new AWS Cloud-based Internet of Things platform, including source code reviews, penetration tests and configuration reviews of home appliances, associated mobile appliance and server-less backend services. Intervenes throughout all the phases of the development lifecycle to ensure "security by design".

2014 / 2017 - Port of Vancouver /  Jasco Applied Sciences [Canada]

Development of a cloud orchestration platform based on Spring Cloud and Netflix Eureka distributed configuration architecture in order to federate, structure and secure a set of Spring Boot  REST micro-services deployed on a OpenStack Cloud infrastructure.

Implementation of complex versioned configurations with service load balancing and routing strategies. Design and support in the implementation of the underlying scalable MongoDB cluster and message-driven infrastructure based on the RabbitMQ broker.

Development of a front-end UI, based on the Backbone and React.js frameworks and aimed at partners and clients to access real-time information related to vessel traffic in the bay of Vancouver. The underlying Spring Boot micro-service infrastructure is supported by a Redis cache cluster.

2016Payment processor [Belgium]

Security assessment of a series of REST micro-services deployed in the Azure Cloud exposed through the API Gateway, deployed on virtual machines and backed by Blob storage services. The technical review includes the execution of penetration tests, the verification of OS and network configuration, and the the source code review of critical services.

Oct 2009Mar 2014

IT Security Manager

Ernst & Young GmbH, Frankfurt - GERMANY

Management of a centralized penetration team dedicated to the execution of high-volume penetration test for EMEA financial institutions. Amongst others, the following engagements were performed during this period:

2010 / 2014 - Deutsche Bank

Support in the execution of a high-volume multi-year penetration test and source code review programs. Responsible for the management and coordination of European penetration test teams delivering constant quality results – Management of more that 20 IT Security consultants located in 10 countries.

2013 - Samsung  - Suwon, Korea

Source code review and assessment of an integrated workspace providing robust, hardware and software integrated security for mobile devices and offering a multi- layered protection from the device down to the kernel with two-factor biometric authentication for authorized device access.

Jan 2007Oct 2009

Senior IT Security Consultant

Ernst & Young SA, PARIS - FRANCE

Execution of source code review, penetration tests and infrastructure audits for financial institutions and major industry companies. Amongst others, the following engagements were performed during this period:

2008 - Natixis  

IT Security audit of Front- and Back- Office applications for the lending and capital market activities of the offshore branches located in Hong Kong, Jakarta and Singapore.

2009 - Société Générale 

Source code review of a complex trading applications (FX, FI and FO and post-trades) developed in Java and based on modern web application components such as Struts, Spring MVC, Hibernate, Google Web Toolkit and SOAP web services.

Oct 2004Dec 2006

Dot.Net Project Manager

Giraud International

Management of an offshore development team located in Bucharest (Romania) dedicated to the development of a web portal based on Microsoft CRM, Sharepoint and Windows Worfkow Fundation.



  • French: native
  • English: fluent
  • German: fluent

Project Management

Managed multiple penetration teams located in the EMEA and APAC regions for complex long-term and global European penetration test programs and security assessments.

Web Application Penetration Tessting

10 years of experience in the field of web application penetration testing.

Design and Securing of Web Infrastructures

Extensive knowledge of web architectures with the secure deployment of Cloud solutions, and distributed systems

Programming and Web Development

Senior developer in Java, C#, JavaScript and Objective C


NoV 2016


Offensive Security

Offensive Security Certified Pentester

Mar 2012



Certified Web Application Penetration Tester


Sep 2003Sep 2004

Master of International Business Management

Jul 2003Sep 2001

Bachelor of Information Systems Management

IAE Grenoble, FRANCE