Cedric COCHIN
[email protected] Phone: -- not available online--
-- not available online -Portland Oregon USA
Education September 2001 September 1998
E.F.R.E.I. (Ecole FRançaise d’Electronique et d’Informatique) Master in Science / French Engineer in Computer Science Domain Telecoms & Networks Options Network Security & Parallel Computing Major of promotion 1998-2000 (Honors)
July 1998 September 1996
CPGE (Classes Préparatoires aux Grandes Écoles) 'Preparatory Classes' focused on strong fundamental background with an emphasis on mathematics and physics
July 1996
French Scientific Baccalaureat Mathematic specialization
Paris,France
Le-Raincy,France
Chelles,France
Experience Beaverton OR netVigilance.com Inc « – Assurance has arrived » netVigilance is the leader in vulnerability assessment (VA); delivering corporate information security solutions to meet the heightened demand for network intrusion prevention, network security. I’m managing the integration of the SecureScout™ product suite. SecureScout™ is the name of the suite of NexantiS security products for Vulnerability Assessment and Management. netVigilance, Inc. is the unique development team of the SecureScout™ suite. Algorithm developer & optimizer for the core system of the solution. Acting as Director of security research up to November 2004. Interacting with organizations like SANS, CVE or ISC.
09/2004 - Today
Director of Product Integration
12/2003 - 09/2004
Paris, France Co-Founder & Network Security Expert netVigilance France « netVigilance - Security Development Specialists » Co-founder of NetVigilance France. Involved in the product management of the SecureScout Product family and manager of the security watch team. Algorithm developer & optimizer for the core system of the solution. Research system security vulnerabilities. Maintain a technology watch for security related changes in operating systems, hardware and/or software. Develop methods and codes to test and exploit new vulnerabilities.
05/2001 - 10/2003
VIGILANTe SA Paris, France « VIGILANTe - Unbiased Security Testing Specialists » Product Management for the SecureScan leading Vulnerability Assessment solution. Development focused on the engine and the network algorithms involved in the scanning process. Quality assurance over this product family by using and developing a bug tracking system. Security Expert to provide in-depth analysis and response to computer system security incidents such as hacker attacks break-ins and virus outbreaks. Assess the nature and extent of threats and damages to systems and networks. Provide technical and consulting advice on computer security incidents. Research system security vulnerabilities. Perform “White Hat” penetration tests. Internal network security group team leader. Teacher in the VIGILANTe University. Active member of the Groupe Technology Council. Maintain a technology watch for security related changes in operating systems, hardware and/or software. - Page 1 of 3 Security Consultant
10/2000 - 04/2001
Networks Vigilance SA
Security Consultant
Paris, France
Security Consultant to provide in-depth analysis and response to computer system security incidents such as hacker attacks break-ins and virus outbreaks. Assess the nature and extent of threats and damages to systems and networks. Provide technical and consulting advice on computer security incidents. Research system security vulnerabilities. Perform “White Hat” penetration tests and vulnerability assessment. Advise personnel responsible for system security in proactive and reactive measures. IT manager responsible of the deployment of all the Networks Vigilance public servers (WEB, Mail and DNS), including an ASP and of the management of the internal CRM system. 04/2000 - 09/2000
Network Security Manager
Cyrano SA Paris, France « CYRANO - Automated Testing Solutions » Internal project manager, focused on implementing and deploying a new network & physical security policy. Researches and analyses based on network security concepts to define a “white book” for the future development of a new network testing technology.
09/1998 - 03/2000
Programmer
AI EFREI
Paris, France
Supervised projects based on “student follow-up” using specific knowledge of databases systems and database mining and Web technologies for the AI EFREI association.
Technical skills Programming Languages:
Motorola 68k and x86 Assembler, C/C++, JAVA, SQL, Script Shell (C/Bourn), HTML, PHP/MySQL, Camel
Compilers:
Visual C++, Borland, Matlab, Maple, DreamWeaver
Operating Systems:
UNIX(Linux/OpenBSD/FreeBSD/Solaris), Windows NT/2000/XP/2003, Cisco IOS
Administration & Network Protocols:
¾ ¾ ¾ ¾ ¾
Vulnerability Scanners:
netVigilance SecureScout NX/SP, VIGILANTe SecureScan NX/SP, Eeye Retina, ISS Internet Scanner, Symantec NetRecon, Qualys Guard, Nessus, Nmap
Firewall & Sniffer:
Ipf, IPTables, Checkpoint, ZoneLabs, Secure Computing, Cisco PIX, Cisco Probe, SnifferPro, Snort, Prelude
Databases:
MS SQL, Sybase and MySQL
Projects & studies:
¾ Parallel clients/servers Computing using LAN/MPI, Fortran and C (Parallel Computing program EFREI) ¾ Information Technology & Network Security Teacher (EFREI) ¾ UML Object Modeling (EFREI)
ARP/RARP,DHCP,DNS,LDAP,HTTP,SMTP,POP,IMAP,SMB Communication layers (TCP/IP, UDP, ICMP, IPSEC) on IPv4 and IPv6 Routing process (RIP/OSPF/BGP4) LAN, WAN, VPN, VLANs and QoS Monitoring (SNMP, RRDTool, NetSaint)
- Page 2 of 3 -
Publications •
Security Advisories : August 26, 2005 February 10, 2004 February 02, 2004 January 30, 2004 January 24, 2004 January 24, 2004 January 24, 2004
•
Multiple PHP Images Galleries EXIF Metadata XSS Vulnerabilities Multiple Cross Site Scripting on mail.yahoo.com Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior PATH Disclosure Vulnerabilities in QuikStore 2.12.135 and prior PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior PATH Disclosure Vulnerabilities in phpGedView 2.65 and prior
Press Releases : November 18, 2004 o netVigilance uncovers multiple vulnerabilities in open-source network administration software console for SQL
Languages French (mother tong), English (fluent), German (student level)
Certificates & Activities ● Car Driving License ● BNPS Certificate (First-Aid) ● Co-Founder and President of a computer science Club (training Parents & Children) ● Member of the Portland French Alliance
- Page 3 of 3 -