🚀

Florian Stosse

Cybersecurity engineer

Professional Summary

About Me

Hi, I’m Florian Stosse, just another information security engineer !

Current work

I currently work at the European Space Agency, as a cybersecurity engineer for the Galileo programme, specifically for the Galileo Mission Segment (GMS).

Experience summary

I previously worked at Safran Data Systems, in the Space & Communications business unit. I focused on hardening and securing our embedded Windows 7 and 10/11 platforms (Cortex family of TT&C and high data rate receivers), among other cool things :)

Before that, in October 2018, I started a PhD thesis at CEA-List and ANSSI to work on formal methods applied to software security. More specifically, I was working on software defenses and hardening against hardware vulnerabilities, such as Spectre and Meltdown, using sound static analysis tools (Frama-C in particular).

My thesis was under the supervision of Julien Signoles (CEA), and my advisors were Patricia Mouy (ANSSI) and Florent Kirchner (CEA).

Unfortunately, we had to put a stop to the thesis, but hey, that’s life !

Education summary

I graduated with a M.Sc in Computer Science (major in cybersecurity, minor in embedded systems) from ESIEA Paris (a top French engineering school, part of the “Grandes écoles”) in August 2018. During my graduate studies, I was an apprentice at Bureau Veritas’ R&D center in La Défense, Paris.

I worked in the RAMS department, and my main areas of work were:

software security (e.g. static analysis, SDLC),
connected/autonomous vehicles security (e.g. ISO 21434 for automotive security engineering),
and industrial systems security (e.g. ISO 62443 certification).

Do not hesitate to get in touch if you want to chat about these topics (or anything else, really) !

Education

Master of Science - Computer Science

2015-09-01
2018-06-30

ESIEA, Paris, France

Associate's degree - Computer Science

2012-09-01
2014-06-30

University of Lorraine, Metz, France

Interests

Cybersecurity CI/CD / DevSecOps Windows security & hardening

Experience

Cybersecurity engineer

European Space Agency

January 2024 – Present

Ground segment security for the Galileo programme.

Cybersecurity Subject Matter Expert for the R&T project Horizon Europe 034 (Advanced Platform-oriented Ground Infrastructure) aiming at developing the next-generation Ground Segment for Galileo, LEO-PNT (Celeste) and other sovereign European space programs.

Independent expert - Cybersecurity

France 2030 investment program

December 2023 – Present

Cybersecurity expertise for the France 2030 investment program

Cybersecurity engineer

Safran Data Systems

June 2019 – December 2024

Security engineering for the « Space & Communications » business unit at Safran Data Systems (subsidiary of Safran Electronics & Defense).

➤ Hardening of embedded Windows platforms (7 & 10/11)

Configuration of advanced OS security features (Device Guard KMCI/UMCI/HVCI, Secure Boot, Defender, Exploit Protection, Windows Firewall)
GPO hardening based on DISA STIG, CIS, and DGA-MI baselines using a custom ADMX template
Systems maintenance (patch management, firmware updates) and Nessus compliance/vulnerability scanning

➤ Integration of advanced security functions & architectures

Implementation of discrete TPMs, data-at-rest protection (pre-boot authentication), and container isolation (Hyper-V)
Deployment of data-in-transit protection (Stunnel, dynamic IPsec tunnels)

➤ Technical leadership & expert support

Serving as technical referent on OS & security matters for internal and external stakeholders
Contribution to pre-sales, bid proposals, compliance matrices, security procedures, and user manuals

PhD student / Software security expert

ANSSI - National Cybersecurity Agency of France

October 2018 – March 2019

Study of software countermeasures for microarchitectural hardware vulnerabilities (Spectre, Meltdown, …)

State of the art of existing countermeasures (LFENCE, Speculative Load Hardening, …)
Study of impacts: generated code size, performance, residual risk, …
Proof of concept of a detection and remediation plug-in using static analysis for the Frama-C platform: detection of conditional branches vulnerable to Spectre v1 and automatic insertion of mitigation instructions
Literature monitoring: research and reading of academic papers on software security, knowledge capitalization and dissemination to team members

Cybersecurity engineer apprentice

Bureau Veritas

September 2015 – September 2018

Security activities in the RAMS department of the European Technical Center (R&D center) at Bureau Veritas.

➤ Connected and autonomous vehicles security

Co-writer of the BV-CARCYBERSEC-001 guidelines: « Cybersecurity for connected cars: best practices »
Bureau Veritas representative at the ISO 21434 (« Automotive Cybersecurity Engineering ») Joint Working Group and French mirror group
Cybersecurity and safety co-engineering process design for automotive manufacturers (based on SAE J3061 and ISO 26262)

➤ Embedded (IoT) and industrial systems (SCADA/ICS) security

IEC 62443 auditing and certification
IoT products security assessment

➤ Software security

Static code analysis using Frama-C (developed by CEA-List)
Co-writer of the BV-SW200 guidelines: « Cybersecurity Guidelines for Development & Assessment of Software »

Education

Master of Science - Computer Science

ESIEA, Paris, France

September 2015 – June 2018

Graduated summa cum laude, with jury honors.

Major in cybersecurity, minor in embedded systems.

Security engineering program certified by ANSSI (National Cybersecurity Agency of France).

Final thesis subject: « Autonomous vehicles security ». This thesis was done in the framework of the SESNA project, in partnership with Bureau Veritas, CEA-List, RATP Group, EasyMile, Sherpa Engineering and BMCP. The goal of the project was to deploy an autonomous shuttle at CEA Paris-Saclay, and to study its robustness from RAMS and cybersecurity perspectives.