Hello Flo, could you quickly introduce yourself?
Hello, I am the Tech Leader of the RedTeam community at Squad. I have 15 years of experience (10 in defense and 5 in offense). I am a hacker who loves challenges.
Could you describe your job and your daily routine in a few lines?
I mainly do penetration testing, which by definition means that every week is different. An audit lasts three weeks on average. The first week is spent preparing for it with the reconnaissance phase. The second week is the most technically demanding, as it involves the actual testing. The third week is spent writing the report, which should not be underestimated, as it takes a long time to explain such a technical field in layman's terms so that the client can fully understand the issues at stake.
Florian C. - The Expert Squad
"What I like about this job is having to adapt to a new environment every month."
I am passionate about hacking, so I am not going to discourage students from getting involved in this field! However, we don't tell these students enough that it will take them years of experience before they understand how impossible it is to understand how it all works ^^
How did you join Squad? Why?
I joined Squad over four years ago now. I have worked with many clients who were far (sometimes very far) from understanding the challenges of cybersecurity. Squad was less behind than others in this regard.
What I like about this job is having to adapt to a new environment every month. It's interesting to realize that no matter what company I target, I'm very likely to achieve my goal (in internal penetration tests; fortunately, this is less common in external tests!).
What roles do vigilance, curiosity, passion, and training play in staying at the cutting edge of technology?
I spend nearly a third of my time keeping up with technology, which shows just how important it is! In my opinion, it's important not only to read RSS feeds and watch conferences, but also to practice. There are so many websites run by enthusiasts, especially today compared to 10 years ago, so you have to take advantage of them!
What makes you laugh the most about the stereotypical image of a cybersecurity expert?
We've come a long way since the persistent image of the pimply teenager eating pizza and drinking beer in his garage. But there's still a long way to go when you look at the percentage of women in cybersecurity... What makes me laugh is that there's everything from the ultra-shy to the ultra-eccentric.
You lead a team called RedTeam at Squad... Can you tell us about its scope?
The idea behind the RedTeam community is to share our passion for hacking within a national (soon to be international?) community. There are so many CTFs and sites like root-me and hackthebox, that even with limited infrastructure, we can organize in-person or remote evening sessions to learn together.
How can I participate in a CTF evening at Squad?
For Squad employees, it couldn't be easier: events are posted on our internal social network, where you can simply leave a comment or contact the organizer. For people outside the company, you need to be invited by a Squad consultant 😝
How can you meet Mhack? There are now lots of cybersecurity events in France. We don't attend all of them, but we do attend most (BreizhCTF, Cyber@hack, FIC, Hack In Paris, leHACK, etc.). Otherwise, you can reach us online here.
