About Me

I am Tom Durand-Gasselin, a cybersecurity engineer and vulnerability researcher focused on reverse engineering, secure automation, and resilient cloud systems.

Research Focus

Offensive research with defensive automation.

I blend vulnerability research, reverse engineering, and DevSecOps automation to help teams ship securely and respond faster.

Reverse EngineeringFuzzingDevSecOpsCloud Security
Based in
Paris
Open to full-time US roles — remote or Los Angeles · Willing to relocate · Visa sponsorship required
Ask for a capability deck or sample reports.

My Story

A timeline of growth across infrastructure, security, and delivery.

2026 - PresentRivage Investment (Private Debt Asset Management)

DevSecOps Engineer

Automating processes, building test suites in Go, and delivering secure cloud engineering for financial systems.

GoAutomationCloud SecurityTestingFinTech
2024 - PresentFreelance Security Engineer

Impactup CISO Security Automation

Automated OVH cloud provisioning, IAM/WAF hardening, MFA, and SOC workflows. Built secure Django services with email verification and security checks.

OVH CloudIAMWAFMFASOC Automation
2024 - 2024 (3 months)Freelance Embedded Security Engineer

P4S Embedded IKEv2

Implemented a secure IKEv2 VPN protocol in C/ASM for a RISC-V FPGA with validated security constraints.

CASMRISC-VIKEv2Embedded Security
2024 - 2024 (5 months)Freelance Full-Stack Security Engineer

Capturism Photobooth Platform

Delivered a photobooth software platform used by thousands of users with a secure Python, Next.js, and MongoDB stack.

PythonNext.jsMongoDBSecurityProduction
2024 - 2024 (3 months)Freelance DevOps Engineer

DevOps Cloud Infrastructure

Deployed a Docker-based file sharing and video sharing stack (Peertube) for a digital marketing company.

DockerPeertubeFile SharingVideo SharingDevOps
2023 - 2025BNP Paribas

DevSecOps Engineer (Cloud Automation)

Built orchestration workflows with Airflow, automated deployments via Terraform and Ansible, and delivered secure monitoring with HashiCorp Vault.

AirflowTerraformAnsibleHashiCorp Vault
2022 - 2023Lusis

C++ Developer (Banking)

Automated internal database purge processes and translated fraud detection systems from R to Python.

C++PythonPerformanceFraud Detection

Skills and Expertise

Programming languages supported with logos, plus core security expertise.

Programming Languages

C logo
C
C++ logo
C++
ASM logo
ASM
Python logo
Python
Rust logo
Rust
Go logo
Go
Java logo
Java
React logo
React
Node.js logo
Node.js

Expertise

Reverse EngineeringExploit DevelopmentFuzzing and Symbolic ExecutionVulnerability ResearchDevSecOps AutomationCloud Security (AWS/OVH/GCP)Infrastructure as CodeNetwork AnalysisSecure Systems ProgrammingPenetration TestingSecure Code ReviewThreat Detection

Education

Academic foundations in cybersecurity, systems, and networking.

Paris, France

Master's of Engineering - Cybersecurity, Systems, Cloud and Networking

EPITA

C/C++/ASM/Rust, kernel development, penetration testing, reverse engineering, and vulnerability exploit development.

Riga, Latvia

IoT Security Program

TSI - Latvian University of Science and Technology

IoT security, embedded device programming, and secure network architectures.

How I Work

A clear, structured process from first contact to final delivery.

01

Discovery Call

30-minute call to scope your needs, threat landscape, and timeline. No commitment required.

02

Proposal & Scoping

Detailed proposal with clear deliverables, timeline, and pricing — fixed-price or time & materials.

03

Execution under NDA

All work conducted under mutual NDA. Regular progress updates and interim deliverables.

04

Delivery & Handoff

Final report with actionable findings, remediation roadmap, and knowledge transfer session.

Available for new engagements
Full-remote (EU timezone preferred)
Fixed-price or daily rate — scoped per engagement
Mutual NDA signed before any sensitive work
Initial response within 24 hours

Services Offered

Flexible engagements tailored to your security roadmap.

Vulnerability Research and 0-day Discovery

Authorized vulnerability research, exploit development, and reverse engineering engagements under strict NDA and responsible disclosure frameworks.

  • Exploit development (authorized scope only)
  • Binary analysis workflows
  • Fuzzing and symbolic execution
  • Responsible disclosure and coordinated reporting

Reverse Engineering and Malware Analysis

In-depth binary analysis, protocol reverse engineering, and sandboxing — all within legal and contractual boundaries.

  • Ghidra and Binary Ninja analysis
  • Dynamic and static workflows
  • Debugger and sandbox tooling
  • IoT and embedded focus

DevSecOps and Cloud Automation

Shift-left security with automated pipelines, IaC, and secure orchestration.

  • Terraform and Ansible delivery
  • CI/CD security gates
  • Secrets and vault integrations
  • Secure observability

Cloud Security Hardening

Multi-cloud hardening and secure configuration at scale.

  • IAM and least privilege
  • Network segmentation
  • WAF and edge controls
  • Logging and detection

Secure Systems Programming

Low-level and embedded secure development engagements.

  • C/C++/ASM development
  • RISC-V and embedded security
  • Protocol hardening
  • Performance optimization

Security Assessments and Code Review

Targeted assessments and secure code reviews for critical systems.

  • Manual code review
  • Threat modeling support
  • Pentest reporting with remediation roadmap
  • Compliance-aligned deliverables

Ethical Commitment

All offensive security work is performed strictly within authorized scopes, under mutual NDA, and following responsible disclosure practices. Findings are reported to clients with full remediation guidance.