Knowledge is wealth that should be shared

Teddy Ferdinand
Search
Cloud · Cybersecurity · DevSecOps · Leadership

Teddy Ferdinand

Head of CyberSOC / Cloud & Security Leader

Cloud and security leader with 12+ years of experience across Ops/SRE, cloud architecture, cybersecurity operations and people management. I built AVIV Group’s CyberSOC from scratch in a large-scale multi-account AWS environment, leading a European Purple Team focused on detection, incident response, cloud security governance and automation.

LinkedIn Blog French version
  • Location: Esbly, Île-de-France, France
  • Languages: French / Professional English
  • Domains: CyberSOC, AWS, Cloud Security, DevSecOps, SIEM, EDR, Kubernetes
  • Positioning: building, scaling and leading efficient security operations

Professional summary

I am a hybrid security operations / cloud / platform leader with a strong ability to move from strategy to hands-on execution.

My career path took me from production engineering and SysOps to cloud architecture, then to cybersecurity operations and team leadership. Today, I lead detection, incident response, cloud governance, hardening, tooling, automation and continuous improvement initiatives in multi-country, high-traffic and compliance-driven environments.

I especially enjoy contexts where the challenge is to structure the existing landscape, create a clear operating model, align teams, automate what should be automated, and turn security into a scalable capability rather than a blocking function.

Professional experience

April 2023 → Present

Head of CyberSOC — AVIV Group

Europe / Paris · Remote
  • Built AVIV Group’s CyberSOC from the ground up: vision, operating model, budget, job descriptions, hiring and structuring of a European Purple Team.
  • Managed a distributed team including AWS SecOps, SOC Engineering and offensive security profiles.
  • Owned security operations for a large-scale multi-account AWS environment, complemented by a few GCP environments.
  • Defined and improved detection strategy, SIEM tuning, end-to-end incident response, post-mortems, crisis communication and stakeholder coordination.
  • Designed and rolled out a security control baseline aligned with CIS IG1: AWS permission models, hardening guidelines, policies, processes and measurable indicators.
  • Tracked security KPIs: MTTD, MTTR, detection coverage and baseline compliance.
  • Led 6-month roadmaps, 3-year vision, team rituals, 1:1s, career development, backlog prioritisation and alignment with the CISO.
  • Coordinated MSSP, pentest providers, security vendors and product / engineering teams.
  • Championed a security-by-design culture with a strong focus on automation, vendor APIs and CI/CD integration.
October 2022 → April 2023

CyberSOC Engineer — AVIV Group (Seloger, Immowelt, Immoweb, etc.)

Europe / Paris · Remote
  • Designed AVIV’s initial SOC operating model: responsibilities, alert workflows, escalation paths, integration with local teams and tooling roadmap.
  • Selected and implemented the Sekoia SIEM.
  • Drove the large-scale rollout of SentinelOne EDR.
  • Built the first centralised logging hubs and SIEM ingestion pipelines.
  • Co-built the SOC strategy with the CISO.
October 2019 → September 2022

Cloud Security Architect — Groupe SeLoger (Seloger, Immowelt, Immoweb, etc.)

Paris · External consultant
  • Member of a 3-person team reporting to the CISO, supporting SeLoger Group in securing its AWS cloud environment.
  • Designed and deployed a group-wide SSO solution based on Keycloak.
  • Standardised AWS access patterns: IAM, roles, federation and least-privilege adoption.
  • Reviewed solution architectures, defined DevSecOps best practices and supported development / operations teams.
  • Rolled out EDR, supported security incident handling and helped operationalise a pragmatic DevSecOps model.
  • Ran regular syncs with stakeholders and supported the transformation of cloud security practices.
July 2018 → September 2019

Cloud Architect — Médiamétrie

Levallois
  • Designed AWS architectures for data-heavy applications and internal services.
  • Authored reference architecture patterns.
  • Promoted security, reliability and performance best practices.
  • Acted as security liaison within the IT organisation.
  • Led technical workstreams and task forces on critical topics: performance, availability and security.
April 2016 → June 2018

AWS SysOps Engineer — Médiamétrie

Levallois · External consultant
  • Migrated multiple applications from on-premise to AWS.
  • Industrialised deployments with Terraform and Ansible.
  • Integrated infrastructure into deployment pipelines: XLRelease, Ansible, Terraform and Consul.
  • Defined deployment standards and documentation aligned with ISO 9001.
  • Provided L3 support and day-2 operations: capacity, performance, SSL/TLS, encryption and system hardening.
January 2015 → April 2016

Application Manager — Carrefour

Vélizy · External consultant
  • Ran production environments for several critical applications.
  • Handled operations, capacity management, incident coordination, reporting and technical advisory to the client.
October 2006 → October 2014

Previous roles

  • Operations Engineer — Conforama
  • Proximity Technician — ING Commercial Banking
  • Helpdesk Technician — L’Oréal, Société Générale
  • Hotliner — Fnac

Key skills

Cloud & Infrastructure

  • AWS multi-account environments, security, IAM, migrations, reference architectures
  • GCP — basics
  • Kubernetes: cluster design, ingress, Traefik 2, training delivery
  • Infrastructure as Code: Terraform, Ansible
  • Observability, logging, SIEM and ingestion pipelines

Security & SOC

  • Building and leading CyberSOC organisations
  • Vision, Target Operating Model, staffing and budget
  • Detection strategy, SIEM engineering, incident response
  • Crisis management and stakeholder communication
  • SentinelOne EDR, IAM, bastions, encryption, AWS hardening
  • Governance: CIS IG1, policies, processes, KPIs, MTTD / MTTR / coverage

Management & Leadership

  • Managing international Purple Teams
  • 6-month roadmaps and 3-year strategic vision
  • Team rituals, 1:1s, coaching and performance reviews
  • Backlog prioritisation, intake triage, CISO / security leadership alignment
  • Cross-functional coordination with CISO, product, engineering, infrastructure and vendors

DevSecOps & Platform

  • Standardising access patterns
  • SSO and federation with Keycloak
  • Integrating security into CI/CD pipelines
  • Guardrails, automation and vendor APIs
  • Developer autonomy through shared services and scalable controls

Publications, talks & education

  • Author of many technical articles on tferdinand.net: Traefik, EDR, DevSecOps, AWS, cloud security and security operations.
  • Talks and content:
    • Traefik 2.3 + ECS + Fargate — building a serverless reverse proxy on AWS
    • Traefik 2 — reverse proxy in Kubernetes
    • EDR — the future of antivirus
    • Guest on WeSpeakCloud — Le Podcast about DevSecOps

Community & awards

  • Traefik Ambassador
  • AWS Community Builder — former

Certifications & education

  • 2021 — AWS Certified Solutions Architect – Professional
  • 2018 — Red Hat Certified Specialist in Ansible Automation
  • 2006 — Baccalauréat — Scientific track

What I bring

I build security operations capabilities that last: clear teams, mastered tooling, useful processes, readable indicators and automation designed to scale.