Cybersecurity Expert & Researcher

Stepping into Gartner marked a natural evolution of two decades spent at the sharp end of security architecture. In this role I translate complex, fast-moving cloud and security challenges into clear, vendor-neutral guidance for some of the world's most sophisticated organizations — Fortune 500 enterprises, government agencies, and global private-sector firms. I work directly with CISOs and security architects to resolve critical technical challenges, inform architecture decisions, and evaluate vendor strategy. Crucially, my advisory goes beyond frameworks and slides — I draw on direct implementation experience across multi-cloud environments to give clients guidance that is both strategically sound and operationally realistic. I also research and publish on security architecture topics and speak at Gartner Security & Risk Summit events, bringing practitioner-level rigour to executive audiences.

At Intact, Canada's largest property and casualty insurer, I led a national team of ten cloud security subject matter experts across AWS, Azure, GCP, and OCI environments. Beyond strategy, this role was deeply implementation-focused: I oversaw the hands-on deployment and operationalization of cloud-native security technologies including CNAPP, CWPP, CSPM, AISPM, CASB, and WAF across a live multi-cloud estate. I managed vendor relationships with Wiz, Palo Alto Prisma Cloud, CrowdStrike, and Checkpoint — running rigorous PoC exercises to validate capabilities before full-scale rollout. I also led the implementation of cloud security standards based on CIS Benchmarks and MITRE ATT&CK, and explored AI security governance frameworks using NIST AI RMF and MITRE ATLAS.

Teaching is where I give back to the discipline that shaped me. I design and deliver a French-language network security certificate course that takes students from networking fundamentals through to modern security operations. Every semester I refresh the content to reflect where the threat landscape actually is — not where textbooks say it was — and build practical lab exercises that force students to think like defenders.

Joining National Bank as Information Security Officer meant inheriting both a talented team and a mandate to raise the security bar across one of Canada's largest financial institutions. I led senior cybersecurity advisors through risk assessments, security control evaluations, and threat modeling exercises — all while serving as the security conscience for new system and technology deployments. The role demanded equal parts technical depth and business fluency: negotiating security requirements with delivery teams, guiding third-party vendor assessments for critical implementations like SAP and Splunk, and ensuring penetration test findings translated into remediated vulnerabilities rather than aging reports on a shelf.

Embedded within the bank's cybercrime division, I conducted risk assessments across more than twenty projects involving fraud detection and anti-money laundering platforms, using NIST, CIS, and ISO frameworks to surface what truly mattered. I built threat models — Attack Trees, STRIDE — that sharpened penetration testing and gave architects concrete, actionable guidance. Overseeing the migration of several applications from on-premise to AWS using the CSA Cloud Control Matrix, I learned firsthand how the shared responsibility model plays out under real operational pressure.

A focused engagement at the helm of Heineken's regional IT operations in Lebanon. I shaped the regional IT strategy, managed a team of four specialists, and stabilized IT services across all business units. A cloud migration initiative reduced on-premise infrastructure costs meaningfully while improving service resilience — a lesson in how cloud adoption delivers tangible business value even in resource-constrained environments.

Consulting stretched my career in a new direction, placing me inside complex, high-stakes technology transformations across Europe and the Middle East. My flagship engagement was advising SKEMA Business School — across its Paris, Lille, and Nice campuses — on a USD 10 million Oracle PeopleSoft Campus 9.2 implementation in partnership with Oracle France. Alongside this, I contributed to Chalhoub Group's digital transformation strategy in Dubai, formalizing the business model for a new retail concept.

Brought in to modernize the infrastructure of this internationally known luxury chocolatier, I led a thorough business impact analysis mapping every critical asset, process, and single point of failure across a multi-region operation spanning the Middle East and Europe. The output shaped a new hyperconverged infrastructure architecture with a clear migration path for legacy applications to the cloud.

Five years as IT Director were formative in every sense. I designed and built the university's data center from the ground up, led a USD 2 million PeopleSoft Campus implementation, and restructured the entire IT department — hiring sixteen people who went on to serve three campuses and five thousand staff. A result I'm particularly proud of: cutting the online student registration period in half by automating payment processes and integrating the student information system with payment platforms.

At Gulf Finance & Investment Company I tackled two defining infrastructure challenges: modernizing the core banking system — enabling faster client transactions and real-time market quotes that directly impacted trading operations — and designing a disaster recovery site that was eventually activated during real emergencies and kept the business running when it mattered most.

My first professional role, where I learned that good infrastructure work is mostly invisible — and that when it becomes visible, something has gone wrong. I managed network infrastructure, provided technical support across the organization, and executed migrations of critical systems including Active Directory, Exchange Server, and file services. A foundational chapter that instilled habits of precision and operational care.