24+ years building secure, high-availability infrastructure — aligning cybersecurity strategy with business outcomes. Zero Trust, SIEM/SOAR, EDR/XDR, ISO 27001 / NIST.
I'm a CTO and cybersecurity architect based in Montréal, with over two decades dedicated to securing and scaling mission-critical infrastructure. My focus is the intersection of security strategy and business outcomes — leading detection & response programs, cutting MTTR by 50%, and sustaining 99.999% availability across critical environments.
I'm an expert in network & security architecture (NGFW, WAF, SIEM/SOAR, EDR/XDR, IAM/PAM) and compliance (ISO 27001, NIST, PCI-DSS). As an R&D leader I designed blësk, a proprietary monitoring platform competing with SolarWinds, deployed across many client sites. I lead a multidisciplinary team — engineers, marketing and account managers — and partner with leading technology vendors (Fortinet, Cisco, Microsoft, Securitas, Dell, Veeam).
The value I bring: lower risk, optimized OpEx/CapEx, and standardization through automation (IaC / DevSecOps).
From hands-on security architecture to fully managed services — what I cover for client organizations.
Zero Trust segmentation, NGFW & WAF deployments, SIEM/SOAR, EDR/XDR and IAM/PAM. Designed stacks that cut major incidents by 80% and brought MTTR down 90%.
Advanced micro-segmentation at the host / OS layer with agent-based, application-aware policies. Lateral-movement containment that goes beyond traditional network segmentation — true Zero Trust enforcement workload to workload.
Discovery and governance of unauthorized AI use across the organization. Inventory, risk scoring, data-leak controls and policy enforcement — bringing AI usage in line with ISO 27001 and data-protection requirements.
Risk-aware governance and audits aligned to ISO 27001, NIST and PCI-DSS. IR playbooks, crisis drills, phishing simulations — including an 80% drop in malicious-click rate in four months.
blësk — a proprietary, Linux-based monitoring platform that tracks 6,000+ devices in real time. A direct, cost-effective alternative to SolarWinds & WhatsUp Gold.
Three full-length books on hardening and optimizing Linux servers — used in academic and professional settings, translated into multiple languages. Free PDFs, no signup.
End-to-end managed services for client organizations — we operate the full stack on your behalf, freeing your teams to focus on the business.
Two decades of hands-on engineering and leadership across security, monitoring and infrastructure.
Technologies, vendors and frameworks I work with day-to-day, plus the certifications that back them.
Deployed and tuned monitoring environments for healthcare networks, school boards, CÉGEPs and city services. Result: 60% fewer false alerts, 24/7 visibility on 3,000+ critical devices, and proactive anomaly detection before service impact.
Designed a high-availability network securing online transactions and loyalty programs for a major retail group. 99.999% SLA delivered, fault tolerance across 100+ devices, and downtime kept under 5 minutes per year on critical flows.
Full-stack monitoring of an MPLS backbone covering a major metropolitan area — L2/L3 supervision (VRRPE, CE, PE). 95% of critical anomalies detected and resolved before service impact; 99.97% backbone availability.
Hardened, highly-available Linux estate powering airport ITS services worldwide for an international aviation organization. 99.99% uptime, full DR documentation halving RTO, and consistent dev/staging/production environments across continents.
Three full-length books on hardening, optimizing and operating Linux — used in academic and professional settings, translated into multiple languages. Free PDFs, no signup required.
Browse the LibraryHave a question, an architecture review to scope, or an engagement to discuss? Reach out — I'll get back to you as soon as possible.