1.

Company Presentation

Company 9344-7126 Quebec Inc is a Canadian company whose mission is to assist.

technically its clients in the delivery of projects that relate to technologies of
information, particularly in telecommunications infrastructures, monitoring of
networks, and the large-scale deployment of information systems, both in the
large companies than in SMEs.

As part of the mandate required by the Antic, it has established itself in partnership with
Canadian and American companies specialized in cybersecurity, this with the aim of
better respond to needs that are roughly identified as being the audit of
information systems and the remediation of security vulnerabilities.

2. Understanding of the project

Description of the methodology for carrying out the security audit mission.

Pre-audit step process

a. Prepare and fill out the pre-audit questionnaire

b. Agree on the schedule for the on-site visit and the opening meeting with
the on-site client team
c. Establish the timeline and scope of the pre-audit process
d. Identification of the client's team Contact point
e. Identification of the main client contact points (PPOC)
f. Identification of the client's alternative contact point
g. Determine the INFOSEC objectives and those of the on-site client (mission and objectives)
h. Determine the network and information system architecture of the site
client
i. Determine the requirements, security controls, standards and the
client site regulations
j. Understand the client site industry controls.
k. Review the reports of previous verifications
Understand the client's current corrective action process and its
gaps

Audit step process

a. Interviews with the main point of contact and other key employees
b. Conduct an IAM planning survey
 a. Organization and organizational environment
b. Computer environment
c. Technical security environment
d. Industry orientation environment
c. Study of the locality
d. System demonstrations / PoC
e. Asset Management and categorization
F. Prepare a targeted client environment for scope assessments and
internal network
g. Assessments of vulnerability management and security of
the network environment
h. Categorization of the severity level of vulnerability findings
j. Communication of vulnerability findings with the client on site
k. Determine the corrective measures of the correction procedure
1. Examination of all the documentation and recorded on a tracking sheet
documents

Post-audit step

a. Report generation
b. Review of the documentation
c. Analysis of the collected data
d. Research of results and recommendations
e. Delivery of the draft
f. Receipt of comments and requests
g. Submission of the final report
h. System demonstrations
i. Assessment and monitoring of the effectiveness of the initial urgent measures implemented

3. Profile of the experts

Expert 1:

Stéphane Kana

Summary: Technology project management professional based in Montreal (Quebec/Canada)

Years of professional experience: 10 years and more

Formation :

Master's in Engineering Management - University of Sherbrooke - 2014

Bachelor's degree in Electrical Engineering – Polytechnique Montréal – 2006

Project Management Professional–PMP–2013

Tools/Technologies: Project Portfolio Management (PPM), Project Web App (PWA), SAP, PECCS

Expert 2:

Serge Nguene

Summary: Cybersecurity professional based in San Francisco (California)

Years of professional experience: 10 years and more

Training:

Bachelor Degree in Computer Science–Texas Southern University

Certifications

A+ Training
Network+ training
Splunk Power User Certificate of Completion (Log Aggregation & Asset Management)
Python Automation Framework Training
Certificate of Six Sigma proficiency–GREEN BELT
CISCO Network Fundamentals (Network Academy Alumni)

Tools/Technologies: QualysGuard, AWS Security, Cloud Passage Vulnerability

Expert 3:

Patrick Jean-Baptiste

Summary: Cybersecurity professional based in Montreal (Quebec/Canada)

Years of professional experience: 20 years and more

Training:

Certificate in Telecommunications – École des Technologies Supérieures Montréal – 2002

Certifications

CISSP - 2010
CCNP Security
SSFIPS (Securing Networks with Cisco FirePOWER Next-Generation IPS)
Security audit (Certified Pen Test Specialist)
Accreditation: Information Systems Security (INFOSEC Professional) awarded by the US
National Security Agency
Tools/Technologies: Rapid7, ISO27002, Security Cloud, encryption and digital signatures

Expert 4:

Clovis Tanga

Summary: Cybersecurity professional based in Montreal (Quebec/Canada)

Years of professional experience: 10 years and more

Training:

Master's in Telecommunications Networks - School of Higher Technologies Montreal - 2019

Bachelor's degree in Electrical Engineering, Electronics and Communications - 2008

Certifications

CCNA RS

Tools/Technologies: Winfiol, Alex Library, M2000, U2000, Astellia

Expert 5:

Jean Donald Verzilus

Summary: Specialist in the integration of IT security solutions based in Montreal

Years of professional experience: 5 years and more

Training :

Diploma of College Studies - Teccart Institute - 2016

Bachelor's degree in Electrical Engineering, Electronics, and Communications - 2008

Certifications

Bitdefender Certified Technical Specialist (BCTS)

Lenovo Enterprise Security
Yeastar Certified Security Specialist

Tools/Technologies: Lenovo Enterprise Security, BitDefender GravityZone

Expert 6:

Grégory Souille
Summary: Security Analyst based in Montreal

Years of professional experience: 15 years and more

Training:

Master's in Management Information Systems - HEC Montreal - 2017

Degree in Electronic Engineering - 2006

Certifications

CCNP Routing
CCNP-Switching
CCNA-Security
INFOSEC (Information Systems Security), Professional

Tools/Technologies: IPSec VPN, SSL VPN, AAA, WAN Accelerator, Web filtering, Firewall

4. Mandate

Mandate number Mandate 18

Date and duration October 2018 to date
Company name CN
Job Title Senior Architect in Cyber Security - Cloud

Act as an information security advisor in the context of projects

business or technological;
Assess business needs, identify security risks, propose
mitigation measures and define security requirements within the framework of projects
cloud, mobility and telecom;
Define the specific project architecture document in collaboration with clients;
Propose improvements to security processes while considering standards.
and standards for information security;
Produce and implement security architectures and processes
the information meeting the needs of the organization;
Conduct security risk analyses on the cloud;
Manage all activities surrounding the security tests performed by suppliers
including definition of requirements, interpretation of results and follow-up of corrective actions;
Perform the security architecture for projects involving SaaS, PaaS, or IaaS and
make the necessary recommendations for the security of these technologies;
Define and recommend solutions among a wide variety of infrastructures and
public, private, and hybrid cloud technologies;

Technologies ISO 27002, Cloud Security, Mobility Security, Security of

telecommunications
Mandate number Mandate 17
Date and duration October 2017 to October 2018
Company name Ministry of Justice
Job Title Senior Security Architect

Participation in the establishment of secure management communication

documentation electronics between different partners;
Participate in defining the architecture of communication from the components to the ICP
externetels entrusted Verisign;
Define and document the specific architecture of the project in collaboration with the clients;
Participate in the installation, upgrading, maintenance, configuration and
the administration of security computer equipment and
applications/services related to it;
Conduct application penetration tests to identify vulnerabilities and
application vulnerabilities
Recommend the corrections that need to be made;
Manage all activities surrounding the security tests performed by suppliers
including definition of requirements, interpretation of results and monitoring of corrective actions;
Design and implement the security architecture covering all aspects as well
the legal, organizational, technological, and human aspects, in a
multi-platform environment;
Ensure the maintenance of safety rules and standards in the development cycle
of applications;
Participate in maintaining our directory of security controls applied in
our solutions;
Collaborate to maintain the security procedures of the solution;
Work in concert with the group of architects both for safety and for
data on technologies and networks;
Support the implementation of the solution with the project team;
Make suggestions, if applicable, to improve security processes
of the sector.

Technologies Load balancers, filtering and web control, SSL VPN and
IPSEC, SSL, encryption and digital signature,
Strong authentication (SecurID), key infrastructure
public (ICP);

Mandate number Mandate 16

Date and duration September 2016 to October 2017 – 14 months
Company Name City of Montreal
Job title Senior Security Architect

Development of the implementation of the architecture and integration of the wifi network
 the smart city
Define and document the specific architecture of the project in collaboration with the
clients;
Participate in the installation, upgrading, maintenance, configuration and
the administration of security computer equipment and
applications/services related to it;
Conduct application penetration tests to identify vulnerabilities and the
application vulnerabilities
Recommend the corrections that need to be made;
Develop and execute application security test scripts (automated and
manuals) including the analysis; the presentation of results and follow-up of corrective actions;
Manage all activities surrounding the security tests executed by the suppliers
including definition of requirements, interpretation of results, and monitoring of corrective actions;
Follow the evolution of new testing techniques and technologies.
security (technological watch);
Participate in the implementation and operationalization of the security policy in
subject of application vulnerability detection;
Participate in maintaining our directory of applied security controls in
our solutions;
Collaborate on maintaining the security procedures of the solution;
Work in concert with all the architects of both security and
data that is technology and networks;
Support the implementation of the solution with the project team;
Take charge of security incidents with limited risk and impact;
Make recommendations, where appropriate, to improve security processes.
of the sector;
Take into account interoperability, adaptability, ease of use and
security
Ensure the alignment between the company's evolution and progress
technological
Take into account the existing infrastructure, the obsolescence of the equipment and
the new technological innovations
Define the strategy for the deployment of new Internet of Things technologies
in accordance with the needs of the company;
Check and test the system's capacity and performance as well as its
documentation in the case of a successful integration.

Technologies Cisco ISE, Cisco wifi, radiocommunications, communications without

fil
3G/4G/LTE, cell phones, Internet of Things

Mandate number Mandate 15

Date and duration August 2014 to July 2016 - 24 months
Name of the company National Bank of Canada
Job Title Senior Security Architect

Configure and design a wireless network, mobility, and BYOD at the sites
 corporate and branch offices of Cisco ISE technology;
Collaborate on the implementation and operationalization of security policies.
wireless network, mobility and BYOD in corporate sites and branches of
the company
Participate in the collection, documentation, translation of documents from English to
French and the analysis of business needs of clients within the framework of the project.
wireless network migration
Participate in workshops with different stakeholders to gather the
information within the framework of the project;
Create and implement the security architecture for applications covering all the
aspects both legal, organizational, technological, and human;
Conduct the technical analysis and audit of the needs and existing infrastructures;
Intervene on the various projects with the security, data, and architecture architects.
technologies and networks;
Participate in the writing of the configuration and testing documents for the equipment.
as well as the implementation of tests and experiments in the laboratory (DEV environment and
PREPROD, homologation, proof of concept;
Collaborate on the various phases of production deployment, including support.
technique, by collaborating with the service management, architecture teams,
engineering and operations for the success of projects;
Develop and create security architecture documents for the scope of
network security of the Bank;
Draft, implement, and maintain documentation and procedures
operational, as well as the standards supporting the infrastructures and processes of
tactical and operational IT security aimed at business continuity management;
Design the architecture of several projects: securing the security perimeter of
the company, policy and security standards development, securing the
wireless network, securing the network ports of the company NAC- 802.1X;
Conduct security investigations, handle and monitor major security incidents.

Technologies Cisco ASA, Cisco ISE, Cisco wifi, SIEM Arcsight (logging)
SIEM Splunk, wired NAC (802.1X), wireless communications

Mandate number Mandate 14

Date and duration October 2010 to June 2014 - 45 months
Company name Hydro-Québec
Job Title Senior security architect

Design and write security documents including standards and policies.

taking into account the frameworks and security guidelines of governance
aiming at both tactical and operational security;
Animate the workshops with the various stakeholders during the introduction of
telecommunication projects;
Analyze, document, and design security solution architectures
telecommunications (WI-FI, mobility, etc.);
 Develop detailed security architecture plans;
Conduct the needs analysis and produce design documents including
the functional and technical specifications;
Implement and establish the security architecture covering all aspects as well as
legal, organizational, technological and human aspects;
Implement and operationalize a security policy in terms of governance;
Analyze the impacts (technological, operational, architectural) of the different
network solutions
Participate in proofs of concept for the selected telecommunications solutions and
identify the changes to be made to the existing infrastructure;
Evaluate the results obtained and proceed with the necessary improvements;
Conduct risk assessments for different business sectors and write them
reports of the different telecommunications projects;
Participate in all projects with architects regarding security and data.
of technologies and networks;
Design the architecture of several projects: securing the security perimeter
the company, development of policies and security standards, securing of
wireless network, securing the network ports of the NAC company - 802.1X
radiocommunication
3G/4G/LTE;
Develop the architecture and analysis of radiocommunication systems;
Develop the specifications and technical requirements for telecommunications and security for
the call for tenders for telecommunications systems;
Participate in the decisions and drafting for the choice of the supplier or manufacturer.
;
Suggest recommendations regarding telecommunications security.

Technologies ArcSight, Checkpoint, Aruba, Cisco, IP telephony, Wi-Fi, WiMAX.

Microwave, BIG-IP (F5 networks), IBM Tivoli, NERC, Wired NAC,
radio communications, wireless communications 3G/4G/LTE
CheckPoint,

Mandate number Mandate 13

Date and duration June 2010 to September 2010 – 4 months
Company name Quebec Liquor Corporation (SAQ)
Job Title Senior Security Architect

Establish a compliance strategy for the PCI standard;

Define a target architecture that would enable the achievement of compliance objectives.
for technical quotes in a multi-platform environment with
client/server technologies and transactional Web, in an object-oriented approach
under a 'n/tier' architecture;
Analyze and evaluate solutions to achieve compliance objectives;
Document the security policies and solutions;
Participate in activities to implement solutions;
Analyze compliance gaps;
Implement corrective measures;
 Participate in the preparation of vulnerability scan reports and status of
conformity;
Respond to the self-assessment questionnaire;
Configure and implement security equipment such as: ASA, FWSM, ACE,
Checkpoint ;
Formulate recommendations for the security audit.

Technologies PCI-DSS, ASA, Checkpoint

Mandate number Mandate 12

Date and duration April 2010 to May 2010 - 2 months
Company name Cirque du Soleil
Job Title Security Architect

Conduct a security audit of the technological infrastructure for ticket sales

online electronics
Make appropriate recommendations for the improvement of the network in a
multi-platform environment with client/server and web technologies
transactional, in an object-oriented approach under a "n/tier" architecture;
Provide technical solutions following the recommendations.

Technologies Cisco FWSM, Cisco Router, Cisco ACE, CSS

Mandate number Mandate 11

Date and duration January 2009 to March 2010 – 15 months
Company name Vidéotron
Job Title Security architect

Ensure operational support for the CSM/ACE for the external commercial network;
Analyze the business needs of the CSM/ACE.
Allow communication between the different elements of the network while ensuring
that no security breach is open;
Ensure the security of the residential and commercial network;
Collaborate in the implementation and operationalization of the security policy during
The implementation of cybersecurity applications;
Participate in the realization of network projects, from analysis to implementation as well as to
 support
Develop the necessary documentation for the successful delivery of the project;
Work in concert with all architects related to security and data
what technologies and networks;
Analyze complex operational issues in security;
Evaluate the new products offered by the suppliers;
Attend the interdepartmental meetings for coordinating changes at
IP network
Configure and implement Cisco 6500, 7900, ASA, IPS products;
Configure different types of VPNs for external clients/suppliers.

Technologies CiscoPIX/ASA, CiscoVPN, CiscoFWSM, CiscoRouter, CiscoSwitch

AAA, TACACS, RADIUS, IPS/IDS, SSLVPN, DMVPN

Mandate number Mandate 10

Date and duration September 2008 to December 2008 - 4 months
Company name Allstream
Job Title Security Analyst

Perform an analysis of the existing architecture;

Create the network diagram including the IP addressing;
Develop the technical configuration;
Validate the configuration of existing PIX equipment;
Activate and test IPSec tunnels for their remote users;
Check the possibility of having redundancy at the different sites in case of
breakdown;
Validate the routing tables;
Perform migration tests to the new PIX model, the ASA;
Make recommendations to improve their VPN tunnel structure;
Evaluate the antivirus software BitDefender, Sophos, Kaspersky, Microsoft Forefront,
McAfee and Viper;
Install and deploy this software in a testing environment and make a
recommendation on the best product according to the client's needs;
Establish the connection with the suppliers of the products;
Coordinate, in collaboration with suppliers, the technical demonstration of
product

Technologies Certification and accreditation of security products - Antivirus

firewall,CiscoPIX/ASA,CiscoVPN,AAA,TACACS,RADIUS,IPS/IDS
Antivirus BitDefender, Sophos, Kaspersky, Microsoft Forefront, McAfee
etViper
Mandate number Mandate 9
Date and duration May 2008 to August 2008 - 4 months
Company name Bell Canada
Job Title Network and security solutions integration specialist

Design the detailed engineering of solutions;

Collect information related to the telecommunications needs expressed by the
Client. Analyze and propose solutions;
Draft the documentation for all the steps of the integration process of
new technologies in client environments;
Act as a technical expert and advisor to operational groups
and from the management regarding its field of expertise.

Technologies Cisco PIX/ASA, Cisco VPN, Cisco FWSM, Cisco routers, Cisco
Switch, Juniper, Checkpoint, AAA, TACACS, RADIUS, IPS/IDS

Order number Mandate 8

Date and duration February 2007 to March 2008 – 14 months
Company name Canada Post
Job Title Inspector for the Postal Service, Cyber Security

Charged with uncovering systemic issues by applying techniques

of investigation and risk assessment that enhance the security of postal assets
Canada, including information;
Perform the analysis and recognize the risks, threats, vulnerabilities,
protection measures and trends, and makes recommendations on management
risks at the leadership of the SCP;
Monitor and innovate in the areas of technologies, concepts and
best practices in security and understand how they are related to
Canada Post affairs;
Participate in workshops with various stakeholders to gather the
information within the framework of the project;
To lead, as a business partner, the development of policies, procedures and
strategies that the Company establishes for the security and control of processes, products,
services and technologies ;

Make recommendations on policy-based requirements and ensure that

the effectiveness of security solutions through testing and evaluations;
Conduct surveys in accordance with laws, regulations, standards, and
policies and procedures in effect while observing ethical standards
higher. Participate in monitoring compliance with policies, interventions
in case of incident and computer investigations;
Participate in the formulation of recommendations and facilitate their implementation.
 ensure the understanding of security principles throughout the organization;
Implement the IT security architecture;
Analyze the web infrastructure to reduce credit card fraud.
during electronic payments;
Ensure the physical security of the premises and recommend access controls;
Respond to incidents related to IT.

Technologies –
Threat and Risk Assessment EMR, Cisco Architecture, Encase
FTK, Websense,ISO 27001,PCI-DSS

Mandate number Mandate 7

Date and duration January 2006 to January 2007–13 months
Company name Montreal Transit Corporation (STM)
Job Title Network/Security Technical Support Analyst

Coordinate all activities related to telecommunications projects;

Supervise the deployment, manage and maintain all systems
telecommunications and their software, including firewall;
Develop, implement, and maintain network policies and documentation.
procedures for the administration of telecommunications systems and their use
optimized based on industry best practices;
Administer the change requests to add or modify the infrastructure of
telecommunication
Identify and monitor the measurement elements related to capacity and performance of the
telecommunication traffic in order to ensure continuous service to customers;
Apply security rules related to various solutions.
local area network (LAN) connectivity, wide area network (WAN) connectivity, as well as access to
distance
Conduct research on products, services, protocols, and standards in order to
support telecommunications improvements;
Analyze the needs for reconfiguration of systems (minor or significant), make
recommendations and implement them.