Alexandre Lestruhaut

Cybersecurity engineer

Capgemini — 2022-08-17 → 2024-10-31

Documentation, new client build, automation

• Documentation migration from confluence to a git based system
• Gitlab CI/CD developement to automate documentation compliance checks (PDIS, a french security framework), static website deployment using astroJS
• New client build for a major bank : Asset identification, scenario definition, rules creation and finetuning
• L2 mentoring regarding AQL (Qradar query langage), investigation reasoning
• Scripting to automate MRO reporting using python (libs : jupyter, pandas, openpyxl)
• Gitlab CI/CD developement to maintain SIGMA rules database, deploying a static website for easy consultation, automatic deployment to Qradar SIEM

L2 cybersecurity analyst

Capgemini — 2021-01-12 → 2022-08-17

Security incidents analysis, handling escalations, mentoring L1 analysts, rule tuning, reporting

• Dedicated to a challenging client
• On call
• Escalated incidents analysis with Qradar and Splunk
• Process redaction to use the various specific client tools
• Fine tuning Qradar detection rules
• Developed scripts to automate reports generation
• Communication with the client about the state of security of a permieter
• Formation of L1 analysts

L1 cybersecurity analyst

Capgemini — 2020-05-01 → 2021-01-12

Security incidents analysis

• Three-shift schedule
• Incidents analysis, investigation in SIEM (Qradar, Splunk, Kibana), ticket redaction in Jira
• Designed and implemented an automation tool using greasemonkey and Typescript (react, express)
• Developed python scripts to automate document generation for a specific client
• Developed a powershell script to automate file exchange with an air-gaped environment

Mary Poppins

2021-09-01 → 2021-12-31

Security incidents automatic completion through SIEM API requests

• Used by the whole L1 team
• Saves around 50 minutes per shift
• Inject information into Jira through the greasemonkey browser extension
• Automate SIEM requests using Qradar API
• Uses Twig template engine
• Web ui for template management using React
• Express in the backend
• Checks the ticket compliance (many specific client requests)

Automatic Qradar rule deployment through CI/CD

2022-08-01 → 2023-02-01

Convert sigma rules to Qradar XML format and deploy them through SSH

• Reverse engineered the Qradar rule XML undocumented format
• Convert SIGMA to AQL using pysigma library
• Optimize generated AQL by cutting and ordering the request depending on the performance
• Deploy the generated rule through SSH (API does not support it)

Documentation migration to git

2023-05-01 → 2023-08-01

Migrate the team documentation from confluence to a git based system with CI/CD and static site generation

• Enables automatic deployment for new clients (inherit a generalist documentation so it can be supercharged with client specific informations)
• Reduced maintenance costs
• Perform compliance checks and reporting through Gitlab CI/CD
• Static site generation for easy consultation using astroJS

Homelab

2024-09-01 → Present

Setup of a homelab to learn new skills

• Virtualization with Proxmox
• Containerization with Docker compose
• Routing with Traefik and fail2ban, OWASP waf, geoblocking plugins
• Configuration management with Ansible
• OPNsense firewall deployment, configuration and maintenance
• Configure crowsec to block suspcious IPs
• Setup wireguard VPN
• Deploy Wazuh for security monitoring
• WIP : Setup an AI assistant using langchain, with RAG trhough a Qdrant vector database and a Neo4j graph database. MCP setup for websearch. A router local agent will decide if a local agent can handle the requests or if an groq agent is needed
• Upcoming : deploy and configure EFK stack, suricata

NixOS

2025-11-01 → Present

Currently in a honeymoon with this OS

• Experimenting in a VM

Institut Toulousain d'Ostéopathie

Master — Osteopathy

2009-09-01 → 2015-12-01