Part of the Trust & Safety team which has the critical responsibility of protecting Apple’s users by assuring online safety by fighting abuse and fraud across Apple products. We conduct fraud assessments of existing or new features which can be in any services within Apple ecosystem, whether customer-facing or internal. The covered areas include Apple Music, iCloud, iMessage, Mail, any Apple app, Apple Business/School Manager, iOS API, App Store, Game Center, Wallet & payment, Maps and more. The assessed fraud and abuse areas encompass discovery abuse, incentivised activities, bot activity, illicit app distribution, piracy, spam, phishing, account farming, trial abuse, consequences of account take over & device take over, device spoofing and more. We also address concerns around interpersonal and societal harms. We use our threat modelling methodology to create our risk assessment documents and we provide remediations to address and mitigate the threats: the results are shared with the various stakeholders. During the analysis we collaborate with the engineering and product teams as well as various other teams like UI, security, privacy, legal etc.Another part of the work consists in conducting fraud investigations, where we analyse existing issues and malicious activities on our systems. This role spans the breadth of the Apple ecosystem, from the iPhone SW to web implementation to back-end servers, across all our services.Depending on the type of investigation, the tasks can be:- Reverse engineer some exploits, to reproduce and understand the Modus Operandi. - Create hacking scripts to mimic fraudsters’ activities. - Deep dive on data: identification of relevant logs/traces, cleaning/filtering, processing, analysis etc.- Develop tools/scripts to further extract meaningful information from data. - Do some threat intelligence work and collaborate with the Threat Intelligence team. - Work with relevant teams to fix the problems or mitigate them.

Senior Security Analyst working on mobile (Android & iOS) payment security evaluations and IoT MCUs security analysis. The projects I have done or involved in are:- Entire mobile payment application.- Composite mobile payment application, relying on certified SDKs or SDK evaluations.- Payment solutions involving a dedicated hardware token (similar to a wearable).- mPOS solution (Pin On Glass) with components: servers, mobile application, small mpos terminal- Evaluation of Secure Firmware Install on micro-controllers: source code review, fault injectionThese evaluations are mainly conducted using a white box approach or grey box approach due to use of third-party tools.Other projects I have been involved:- A pure black-box evaluation of a white-box cryptographic implementation.- The security evaluation of a solution making use of the TEE on an Android platform.My responsibilities include:- Performing Security Evaluations of mobile applications (source code review, vulnerability analysis, penetration testing).- Leading complex multi-week or multi-month client engagements.- Advancing the state of the art of security penetration testing in our area of expertise.- Providing feedbacks to customer in order to help them to improve the security of their solution.- As part of my role in the Lab's Advisory Team I am: ->Participating in scoping efforts when proposing work for highly specialized projects. ->Creating and updating various technical & guidance documents that drive the way we are conducting security evaluations -> Coordinating tasks so that the Lab is aligned on technical subjects.- As part of my Technical Leader role: -> I am mentoring and training other security analysts in our areas of expertise -> I am performing technical reviews of security reports written by other security analystsPenetration testing using various reverse engineering and hacking tools and technics.#1 exaequo on Android Mobisec CTF

Close collaboration with Design and Marketing on the definition and architecture of a new flash platform powered by ARM’s core SC300 (Cortex-M3). CC EAL5+ target.Responsible for the definition and packaging of tools and software around the new platform. Work implying to dive deep in Cortex-M3 processor architecture and components like MPU, CoreSight system, JTAG, NVIC system, Power Management Unit. As well as in-depth understanding of cross-compilation tools and debugging environment.Responsible of the person in charge of implementing the Flash Wear Leveling library. Developer of low-level drivers like SWP, ISO7816, SPI, I2C, Flash driver...Developer of demonstration code for our customers and of the bootloader.This platform was used to derive products like a Secure Element or a USB dongle. https://www.wisekey.com/microxsafe-6001/https://www.wisekey.com/microxsafe-6003/Specifications and development of mobile phone applications for demonstration purposes, centered around a NFC Tag (a ISO14443-B contactless chip with in-built asymmetric cryptography capability: ECDSA), for Inside Secure’s Anti-Counterfeiting solutions.The first ever mobile phone applications (primarily developed on Android Gingerbread & Nexus S then Blackberry OS & Bold 9900 and iOS & iPhone4 with a DeviceFidelity NFC case) wrote to address the anti-counterfeiting market with NFC based cryptographic-microcontroller: see videos (now Wisekey) of demo-applications:https://www.youtube.com/watch?v=um-9RlSnxjwhttps://www.youtube.com/watch?v=tINJ2VYQQEo

Responsible for the definition, specifications and involved in the coding of a security low-cost product targeting anti-cloning protection, based on Elliptic Curve cryptography. Development in assembly (Atmel 8051) of a One-Wire protocol.Creation of the validation campaign, using Java for the functional aspects and development of firmware to test the One-Wire protocol and I2C protocol.Security target was FIPS 140-2. See: https://www.wisekey.com/vaultic100-vaultc180/Involved with the design in the specifications of a new product: USB Mass Storage dongle with in-built AES encryption & decryption on-the-fly capabilities, featuring USB 2.0 High-Speed and SD/MMC interface. Chip with a dual-core architecture. Entirely responsible for the software part, including low level drivers and SDK package for customers.Special achievement: during this project I pro-actively developed tools to prototype C code directly on the design simulation environment. This task implied to dive in the design process like the Verilog simulation (with SimVision of Cadence for the visualization).Implied in the enhancement of the software package for a Point Of Sale (POS) product based on an ARM7TDMI (SC100) core. Participation to the NFC Forum when the SmartCard division was investigating the possibility to design a NFC chip.Tasks among others:- Technical lead on products' definition within the Application Group- Software development: low level drivers on communication interfaces like SWP, SPI, I2C, USB, ISO7816...- Software development of USB class: Mass Storage, HID, CDC, CCID.- Software development of cryptographic modules, like ECDSA, AES.- Realisation of proof of concept used to demonstrate and promote our products.- Customer support and training- Writing Application Notes for our customers- Products' datasheet redaction on products based on ARM7TDMI core, with SWP, ISO7816, USB-FS, SPI, I2C, SMC...- Participation to exhibitions, standard, events

System Integrator on Javacard operating system.Software Developer on Javacard operating system, at the Virtual Machine level.Software Developer on Telecom layers (OTA, SIMToolkit) on SIM card products.

Embedded software development in GSM mobile phones on a real time OS.Development of software to integrate the T9 Text Input engine (to write SMS in Chinese) in the Mobile OS.Development of a standalone email application, implementing SMTP and POP3 protocol relying on a proprietary TCP/IP stack.

Work as a Scientist on a database holding information on Top Secret weapon systems.