About
\o/ Hi ! I’m Tristan Auvinet Pinaudeau.
0b11stan is my pseudo (it’s just pronounced tristan, because 0b11 = 3, you got it ?).
I’m currently pentester at Capgemini so the majority of my work focuses on auditing. However, my expertise in GNU/Linux systems and my past experience in DevSecOps allow me to assist some clients in hardening their Unix infrastructure. I also have the privilege of being part of the official Aces Of Spades team, which enables me to participate in a good number of CTFs every year.
Personally, my interests include computing, sports, concerts, and festivals (punk, metal, electro, etc.).
What follows is a history of my professional experiences. It’s a kind of detailed resume. For the TL;DR version, download my actual resume.
2024: Cybersecurity Consultant - Capgemini
July: CTF leHack - HZV
Participation in the 2-day conference and CTF of LeHack 2024 where the major French infosec players meet.
May: BreizhCTF & Sthack
Participation in conferences and CTF of the Sthack 2024 where the cream of Bordeaux’s infosec gathers.
Participation in the BreizhCTF with the Aces Of Spades replacement team for a light, fun competition.
March - August: Web Pentests (public, legal)
Several web pentests on internal applications used in many public administrations.
2023: Cybersecurity Consultant - Capgemini
December: Introduction to offensive security (banking)
Training a SOC team in the offensive methods and tools used to compromise active directory environments. The intensive multi-day course combines theoretical exposition, demonstration and practice.
Sept - May (2024) : OS safety course - YNOV
Teaching an operating system security course and putting it into practice. The course focused on the operation of kernels and their various security measures.
July - Oct: MCO IP camera automation (aerospacial sector)
Design and development of a command-line tool to automate certain maintenance tasks on a fleet of several hundred IP cameras. The tool is multi-platform (Bosh & Axis) and works with a wide range of versions to perform the necessary actions (configuration modification, certificate regeneration, etc.).
Feb - Dec : admin network design & integration (aerospacial sector)
Design and deployment of a state-of-the-art administration information system based on the RedHat environment.
June: CTF leHack - HZV
Participation in the CTF leHack organized by HackerzVoice as part of the @Everyone team, where we took 2nd place.
April : European Cyber Cup (CTF) - EC2 X FIC
Participation in EC2 as part of the Capgemini Aces Of Spades team, where we came 3rd out of 25 teams.
Mars : Cyber Apocalypse - HackTheBox
Participation in the CTF Cyber Apocalypse as part of the Capgemini Aces Of Spades team, where we came 63rd out of 4,493 teams.
2022 : Cybersecurity Consultant - Capgemini
December: internal pentest (insurance sector)
Internal intrusion test with emphasis on realism from inside the customer’s premises.
November - December: Internal CTF organization (energy sector)
Preparation and running of an internal CTF lasting several weeks for the customer.
- creation and/or adaptation of challenges
- deployment and maintenance of infrastructure
- implementation of technical and business monitoring
- communication
October - December: Forensic SWAT Academy training
In-house training in inforensic and cyber incident response for Capgemini’s SWAT teams.
August: Nixos conference - Hack’It’N
Presentation of a conference on the NixOS Linux distribution and its benefits in terms of IT security (blueteam) at Hack’It’N.
April: Round table discussion - THC 2022
Moderated a round table discussion at the Toulouse Hacking Convention on the subject of “…”.
Participants:
March - September: Purple Team (banking sector)
Support for a bank’s SOC team to test the robustness and effectiveness of their intrusion and data exfiltration detection and prevention systems.
Multiple internal and external pentest (France Relance, public sector).
Carrying out multiple internal and external penetration tests as part of the France Relance plan framed by ANSSI.
Multiple application pentest (banking & aerospace)
Perform OWASP-type (web) application penetration tests.
2021 : Cybersecurity Consultant - Capgemini
Oct 2021 - Jan 2022 : Safety tool integration (public sector)
Integration of a keycloak authentication portal for a local authority in preparation for large-scale SSO deployment.
Nov - Dec : Web Pentest (e-commerce & WAF)
Web penetration test for a new application firewall solution developed by a major e-commerce player, in preparation for CSPN level 1 certification. Helped create a security target for the certification.
Jan - Dec : Internship - Cdiscount X ENSEEIHT
Specialized Master in IT Security (tlssec) (RNCP niveau 7) - ENSEEIHT.
SRE Engineer: Design, development and deployment of secret management platform (Vault, Keycloak, Ansible, Molecule, Terraform).
2020 : Internship - Cdiscount X EPSI
RNCP level 7 (bac+5) Software Architecture & Development - EPSI.
SRE Engineer: Design of secret management platform and exploitation of “As Code” infrastructures. (Vault, Keycloak, Ansible, Molecule, Terraform).
2018 & 2019 : Internship - Cdiscount X EPSI
TOEIC exam: 960/990
RNCP level 6 (bac+3) - System & Networking.
SRE Engineer: Deployment, development and exploitation of an internal Observability platform (Prometheus, Grafana, Elastic, fluent, Ansible, Terraform, …).
2017 : Internship (1 an) - HelloAsso X EPSI
DevOps Engineer: R&D of an asynchronous compliance monitoring system using Microsoft’s cloud environment. (Azure-Functions, Event-Hub, Data-Stream, …). N2 technical support on HelloAsso web application.
2017 : Internship (2 mois) - Touton X EPSI
Full stack developer: Discovery of agile methods and TDD. Transition from an internal logistics solution to a modern website in .Net (C#).
2017 : BTS - EPSI
BTS SIO option SLAM specializing in mathematics.
2016 : Internship (3 semaines) - PSI X EPSI
Full stack developer: R&D of a full stack web interface (NodeJs) for managing domain names through the ovh API.
2015 : Baccalauréat - Lycée Montesquieu Bdx
Bac S option ISN (Computer and Digital Science)
