About Me
I am Tom Durand-Gasselin, a cybersecurity engineer and vulnerability researcher focused on reverse engineering, secure automation, and resilient cloud systems.
Offensive research with defensive automation.
I blend vulnerability research, reverse engineering, and DevSecOps automation to help teams ship securely and respond faster.
My Story
A timeline of growth across infrastructure, security, and delivery.
DevSecOps Engineer
Automating processes, building test suites in Go, and delivering secure cloud engineering for financial systems.
Impactup CISO Security Automation
Automated OVH cloud provisioning, IAM/WAF hardening, MFA, and SOC workflows. Built secure Django services with email verification and security checks.
P4S Embedded IKEv2
Implemented a secure IKEv2 VPN protocol in C/ASM for a RISC-V FPGA with validated security constraints.
Capturism Photobooth Platform
Delivered a photobooth software platform used by thousands of users with a secure Python, Next.js, and MongoDB stack.
DevOps Cloud Infrastructure
Deployed a Docker-based file sharing and video sharing stack (Peertube) for a digital marketing company.
DevSecOps Engineer (Cloud Automation)
Built orchestration workflows with Airflow, automated deployments via Terraform and Ansible, and delivered secure monitoring with HashiCorp Vault.
C++ Developer (Banking)
Automated internal database purge processes and translated fraud detection systems from R to Python.
Skills and Expertise
Programming languages supported with logos, plus core security expertise.
Programming Languages
Expertise
Education
Academic foundations in cybersecurity, systems, and networking.
Master's of Engineering - Cybersecurity, Systems, Cloud and Networking
EPITA
C/C++/ASM/Rust, kernel development, penetration testing, reverse engineering, and vulnerability exploit development.
IoT Security Program
TSI - Latvian University of Science and Technology
IoT security, embedded device programming, and secure network architectures.
How I Work
A clear, structured process from first contact to final delivery.
Discovery Call
30-minute call to scope your needs, threat landscape, and timeline. No commitment required.
Proposal & Scoping
Detailed proposal with clear deliverables, timeline, and pricing — fixed-price or time & materials.
Execution under NDA
All work conducted under mutual NDA. Regular progress updates and interim deliverables.
Delivery & Handoff
Final report with actionable findings, remediation roadmap, and knowledge transfer session.
Services Offered
Flexible engagements tailored to your security roadmap.
Vulnerability Research and 0-day Discovery
Authorized vulnerability research, exploit development, and reverse engineering engagements under strict NDA and responsible disclosure frameworks.
- Exploit development (authorized scope only)
- Binary analysis workflows
- Fuzzing and symbolic execution
- Responsible disclosure and coordinated reporting
Reverse Engineering and Malware Analysis
In-depth binary analysis, protocol reverse engineering, and sandboxing — all within legal and contractual boundaries.
- Ghidra and Binary Ninja analysis
- Dynamic and static workflows
- Debugger and sandbox tooling
- IoT and embedded focus
DevSecOps and Cloud Automation
Shift-left security with automated pipelines, IaC, and secure orchestration.
- Terraform and Ansible delivery
- CI/CD security gates
- Secrets and vault integrations
- Secure observability
Cloud Security Hardening
Multi-cloud hardening and secure configuration at scale.
- IAM and least privilege
- Network segmentation
- WAF and edge controls
- Logging and detection
Secure Systems Programming
Low-level and embedded secure development engagements.
- C/C++/ASM development
- RISC-V and embedded security
- Protocol hardening
- Performance optimization
Security Assessments and Code Review
Targeted assessments and secure code reviews for critical systems.
- Manual code review
- Threat modeling support
- Pentest reporting with remediation roadmap
- Compliance-aligned deliverables
Ethical Commitment
All offensive security work is performed strictly within authorized scopes, under mutual NDA, and following responsible disclosure practices. Findings are reported to clients with full remediation guidance.