What was your background?
I started my career in the world of industrial computing in 1998 at the Areva nuclear waste reprocessing site. This first experience allowed me to master industrial environments from a technical, functional and operational point of view.
I then joined the first industrial cybersecurity team that was created within Areva to meet regulatory and safety requirements. This team gave me the opportunity to lead cyber projects – security, governance – for other major industrial players.
In 2016, I moved to the United States where I worked as a freelancer for the Lyon-based industrial cybersecurity start-up Sentryo – since acquired by Cisco. At the same time, I obtained my certification as an expert in industrial cybersecurity – GICSP – in particular in order to be able to carry out missions to secure American critical industrial installations.
In 2019, I joined the Solvay chemicals group, where I served as industrial RSSI.
This experience was extremely enriching and confirmed to me that the technical aspect of cybersecurity was a necessary but not sufficient.
Governance – an organization with clearly defined roles and responsibilities, well-established procedures and skilled resources – is essential to be able to set up and manage industrial cybersecurity.
What are the threats to our industrial systems today?
During my career, I have observed the evolution of different threats. We immediately think of ransomware, sabotage of facilities, but I think we should not underestimate the theft of intellectual property that makes our industries current or future market leaders. While sabotage and unavailability are “visible” because they are systematically detected, the theft of sensitive information is not necessarily so and can have a real impact in the medium/long term on competitiveness and the future of the business.
The threats are very real, the news of recent days reminds us: industrial information systems are increasingly targeted.
Why create a school that emphasizes industrial cybersecurity?
One of the main challenges in dealing with these threats is the availability of competent resources: they are rare and there is little training that covers this area.
By creating this school, I want to transmit the knowledge and experience acquired in the field and develop the connection with the network of industrial cybersecurity professionals.
The goal is to have courses taught by the best business experts in the field.
I think it is essential to create such an educational curriculum for at least 2 reasons:
- The first is to develop competent resources to better protect our critical industrial facilities in operation and to take cybersecurity into account from the design phase for all new industrial projects.
- The second is to teach the basics of industrial cybersecurity, including to those who have not chosen this specialty.
Indeed, we often speak of “silos” or cultural differences between the IT and OT worlds.
Let’s remove these barriers by developing mutual knowledge and understanding between these two worlds!