Interview Antoine pentester at Sentryo

Antoine de Nervaux is a security engineer at Sentryo. Today he will be talking about his background and experiences as well as what motivated him to work in industrial cybersecurity. His story is sure to inspire others to follow in his footsteps!

 

Can you tell us about your background?

I started with a two-year vocational program in telecommunications and networks at a University Institute of Technology in Beziers, France. I then went on to complete a university degree in network administration and security and I finished my studies in a sandwich course at an engineering and information technology school (3IL). During my studies, I started doing pentests (editor’s note: Pentests are a method for assessing how secure a system or computer network is).

Once I obtained my degree, I started working at Bull as a consultant in project management tasks and VMware virtualization and security.  I continued to do pentests in the evenings and during some of the assignments given to me during the day. After a lot of independent work,  I finally received certification as an Offensive Security Certified Professional.

I then had the opportunity to join the ranks of Airbus Apsys as a security focal point on the assembly lines of commercial aircraft and of TÜV Rheinland in Germany as a pentester consultant.

Now I work for Sentryo and I continue to work in industrial protection as a pentester on the security team. My job is to use our product to detect threats on industrial networks.

The one thing that I would say is to always be curious and learn about different areas to find your passion. For me, that was pentesting! I am genuinely passionate about offensive security and I spend a lot of time (perhaps too much!) delving into these topics, whether at work or outside the workplace and in various areas including industry, systems, networks, Bluetooth, radio and IoT.

 

How did you end up at Sentryo?

During my time as a pentester consultant in Germany, I was able to invest a lot of time in improving my skills. I worked on many different types of technology such as radio frequencies, website infrastructure, thick clients, networks and some embedded systems. I visited clients to carry out intrusive audits.

Sentryo then offered me the possibility to specialize in pentests for industrial systems and, thus, help them develop their product for securing industrial networks.

 

What made you want to work in industrial cybersecurity?

Mainly because of the critical nature of the target. A risk analysis in an industrial environment considers the notions of security and safety.

My experience at Airbus Apsys provided me with this insight and this new perspective. Working as a security focal point on the assembly lines of commercial aircraft for such an important company was an extremely enriching experience. I worked with industrial constraints, found potential vulnerabilities, worked on risk analyses that considered safety aspects, found and adapted solutions to operators, talked with them to understand their job and more!

Making that connection between industry and IT is fascinating.

 

What skills do you need to be able to work in this field?

To be a pentester is, above all else, to be curious. A desire to understand how things work. In a more general sense, security also encompasses this principle.  Of course, you can install a firewall and configure it without really understanding but you are likely to overlook unidentified risks.

 

What kind of education would you recommend to students who are interested in working in your sector?

Rather than focusing on a certain degree program, I would advise them to focus on becoming versatile before specializing in a specific area. A computer engineering school first and then working a few years as a consultant is very helpful. What solidified my passion the most was obtaining the OSCP (Offensive Security Certified Professional), a very technical and interesting certification/training tool.  “Try harder” 😉

 

Did Antoine’s story spark your passion for cybersecurity? Many training programs are driven by the French Centre for Cyber Excellence and the sector is actively looking for new talent. So don’t think twice, go for it!