Eric Romang

Vice President IT Security Officer at Yapital

Location
Luxembourg
Industry
Information Technology and Services

As a LinkedIn member, you'll join 300 million other professionals who are sharing connections, ideas, and opportunities.

  • See who you and Eric Romang know in common
  • Get introduced to Eric Romang
  • Contact Eric Romang directly

View Eric's full profile

Eric Romang's Overview

Current
  • Vice President IT Security Officer at Yapital
  • Co-founder & CTO at ZATAZ.com
Past
  • IT System Architect at Datacenter Luxembourg S.A.
  • System & Security Administrator at Synapse Internet Services
  • System & Security Administrator at XYZ
  • Postmaster at YoupY
  • Webmaster at Internence
Education
  • Lycée Les Grands Bois
  • Paul Langevin
Connections

500+ connections

Websites

Eric Romang's Summary

40 years old, near 21 years of professional experience, and 16 years of passion for IT Security.

Starting as webmaster in French IT national players companies, I’m involved to System & Security Architect, Team Leader, IT Security Advisor and finally became VP IT Security Officer now working for Yapital Financial AG.

I was PCI-DSS consultant & project manager in charge of scoping, planning, coordinating, implementing, following, reporting and maintaining ebrc PCI-DSS Service Provider LVL1 compliance. PCI-DSS consultant for ebrc customers helping them to acquire and maintain they're compliance certification.

I played the role of ArcSight SIEM architect, designing & implementing MSSP Log & Event Management (ESM & Logger) solutions. I designed and implemented, core ArcSight ESM infrastructure and ArcSight infrastructures for customers. I supported customers to define they’re scopes, events collection methods, technical & business use cases, dashboards and reports.

I also played the role of ITIL Configuration Manager, ITIL V3 foundation certified and CAB member. I designed, implemented the related process and CMDB. Necessarily I provided Business Activity Monitoring & Intelligence Reporting to follow and measure the activities off all ITIL processes. I also actively participated in the implementation of the Incident & Change Management process.

In parallel of my regular activities, I co-founded, in 1998 ZATAZ.com, French spoken online newspaper, leader in IT Security news.

During my professional activities, I also managed security consultants specialized into pen tests, vulnerability audits, code auditing, computer forensics and web application security.

Eric Romang's Experience

Vice President IT Security Officer

Yapital

Sole Proprietorship; 51-200 employees; Financial Services industry

July 2013Present (1 year 3 months) Luxembourg

Vice President IT Security Officer at Yapital Financial SA, innovative e-money operator of the Hambourg-based retail giant OTTO Group.

Co-founder & CTO

ZATAZ.com

September 1998Present (16 years 1 month) Luxembourg

ZATAZ is an online french newspaper specialized into computer security.

Some references to my researches:

iOS Developer Site at Core of Facebook, Apple Watering Hole Attack
http://threatpost.com/en_us/blogs/ios-developer-site-core-facebook-apple-watering-hole-attack-022013

Attackers use stolen certificate to sign malicious Java applet
http://www.scmagazine.com/attackers-use-stolen-certificate-to-sign-malicious-java-applet/article/283305/

Elderwood Project Behind Latest Internet Explorer Zero-Day Vulnerability
http://www.symantec.com/connect/blogs/elderwood-project-behind-latest-internet-explorer-zero-day-vulnerability

Gong Da Exploit Kit Bundling Numerous Java Attacks
http://threatpost.com/en_us/blogs/gong-da-exploit-kit-bundling-numerous-java-attacks-112012

Vulnerabilities threaten to crash MySQL databases
http://www.zdnet.com/vulnerabilities-threaten-to-crash-mysql-databases-7000008194/

New Java Attack Introduced into Cool Exploit Kit
http://threatpost.com/en_us/blogs/new-java-attack-introduced-cool-exploit-kit-111212

Java zero-day leads to Internet Explorer zero-day
http://www.zdnet.com/java-zero-day-leads-to-internet-explorer-zero-day-7000004330/

Privately Held; 51-200 employees; Information Technology and Services industry

January 2012July 2013 (1 year 7 months) Luxembourg

PCI-DSS consultant & project manager. In charge of scoping, planning, coordinating, implementing, following, reporting and maintaining ebrc PCI-DSS Service Provider LVL1 compliance. PCI-DSS consultant for ebrc customers helping them to acquire and maintain they're compliance certification.

In charge of implementing an IT security program, and reporting security and risks to the management.

Participate actively in security policies redaction and validation. In charge of implementing, monitoring, reporting and maintaining compliance with security policies.

Playing the role of IT Security Architect for infrastructure involving high level of security or compliance requirements.

In charge of ebrc employees, and customers, security awareness training.

Service Design & Industrialization Team Leader

ebrc ( European Business Reliance Centre )

Privately Held; 51-200 employees; Information Technology and Services industry

September 2008January 2012 (3 years 5 months) Luxembourg

In charge of managing, coordinating, interviewing and stimulating SDI team. Preparation and participation in operational boards. Monitoring and reporting of all team activities. Quality & risks controls, deadline follow-up. Cost center owner, supplier management.

I played to role of ArcSight SIEM architect, designing & implementing MSSP Log & Event Management (ESM & Logger) solutions. I designed and implemented, core ArcSight ESM infrastructure and ArcSight infrastructures for customers. Supporting customers to define they’re scopes, events collection methods, technical & business use cases, dashboards and reports.

I also played the role of ITIL Configuration Manager, ITIL V3 foundation certified and CAB member. I designed, implemented the related process and CMDB. Necessarily I provided Business Activity Monitoring & Intelligence Reporting to follow and measure the activities off all ITIL processes. I also actively participated in the implementation of the Incident & Change Management process.

Participant to ebrc ISO 27001-certification project (acquired in July 2010), especially on the ICT Incident Management controls, Configuration Management controls, and monitoring controls.

Participant to ebrc PCI-DSS Service Provider LVL2 certification project (acquired in Jun 2011), especially on requirement 10 "Track and monitor all access to network resources and cardholder data".

Privately Held; 51-200 employees; Information Technology and Services industry

September 2007September 2008 (1 year 1 month) Luxembourg

Pre-sales budget definition and suppliers management. IT & Security infrastructure design authority based on business services requirements.

Operational security authority for client’s infrastructures (report of findings, client’s security concerns follow-up, security strategies, security procedures, guidance’s, risk analysis and mitigation, vulnerability review,...).

IT System Architect

Datacenter Luxembourg S.A.

Privately Held; 51-200 employees; Internet industry

October 2002September 2007 (5 years) Luxembourg

System architect and team leader of three system engineers. In charge of managing the IT operational infrastructures (around 200 servers). In charge of incident detection, categorization and resolution. In charge of validating all required and proposed changes on the IT infrastructures. Operational problem and release management.

Pre-sales budget definition and suppliers management. IT & Security infrastructure design authority based on business services requirements. Operational security authority for client’s infrastructures (report of findings, client’s security concerns follow-up, security strategies, security procedures, guidance’s, risk analysis and mitigation, vulnerability review…).

Red Hat Linux system administration, storage and virtualization architect. Red Hat Network Satellite organization manager. MySQL clustering, load balancing & high availability implementation. Security management of the IT infrastructure (log centralization, IDS, VPN, antivirus, ...)

System & Security Administrator

Synapse Internet Services

20012002 (1 year) Luxembourg

System and security administrator of web, mail, database, file servers and corporate workstations.

System & Security Administrator

XYZ

20002001 (1 year) Luxembourg

System and security administrator of web, mail, database, file servers and corporate workstations.

Postmaster

YoupY

19992000 (1 year) Paris Area, France

IIT & Security infrastructure elaboration. WAP & PDA solution design. Junior webmasters trainer. Supplier management. Mail server administration and spam fighting.

System and security administrator of corporate workstations.

Webmaster

Internence

19981999 (1 year) Lille Area, France

Occupied station: Half-time - Webmaster YOUPY CORP. (France - Germany - Italy - US - the U.K. - Spain - Portugal - Switzerland) (Animation, Referencing, Promotion, partnerships management, updates, HTML)

Another half-time - Webmaster of the INTERNENCE customers websites. Castorama, Cofidis, Flunch, Furet du Nord... (Referencing, Internet marketing, HTML).

Eric Romang's Organizations

  • Association Luxembourgeoise des Compliance Officers du Secteur Financier (ALCO)

    Member
    • September 2014 to Present

Eric Romang's Languages

  • English

    (Professional working proficiency)
  • German

    (Professional working proficiency)
  • French

    (Native or bilingual proficiency)
  • Luxembourgish

    (Limited working proficiency)
  • Korean

    (Elementary proficiency)

Eric Romang's Skills & Expertise

  1. Log Management
  2. Security
  3. Nagios
  4. Linux
  5. Configuration Management
  6. Event Management
  7. Information Security Management
  8. Penetration Testing
  9. Network Security
  10. Computer Security
  11. Vulnerability Assessment
  12. Intrusion Detection
  13. Security Audits
  14. PCI DSS
  15. ITIL
  16. Security Architecture Design
  17. Vulnerability Management
  18. Cyber Security
  19. SIEM
  20. ArcSight
  21. Information Security
  22. IDS
  23. Firewalls
  24. Identity Management
  25. Business Continuity
  26. Incident Management
  27. Servers
  28. Security Awareness
  29. Antivirus
  30. IPS
  31. Security Policy
  32. Data Center
  33. Application Security
  34. Web Application Security
  35. Internet Security
  36. Load Balancing
  37. PKI
  38. Metasploit
  39. Pre-sales
  40. Infrastructure Security
  41. Malware Analysis
  42. Solution Architecture
  43. Network Architecture
  44. IT Audit
  45. Snort
  46. High Availability

View All (46) Skills View Fewer Skills

Eric Romang's Certifications

  • PRINCE2 Foundation

    • DEMETS & HEUSKIN
  • Lean Six Sigma Champion

    • DEMETS & HEUSKIN
  • ITIL v3 Foundation

    • DEMETS & HEUSKIN
  • ACSA – ArcSight Certified Security Analyst

    • ArcSight University
  • ACIA – ArcSight Certified Integrator / Administrator

    • ArcSight University
  • ArcSight Logger Administration and Operations

    • ArcSight University

Eric Romang's Education

Lycée Les Grands Bois

BAC, Electro-technic

19961998

Paul Langevin

BTS, Electronics

19961998

Eric Romang's Additional Information

Websites:
Interests:

Asian cultures, travelling, music, new technology

Groups and Associations:

Friends of Korea in Luxembourg

Contact Eric for:

  • expertise requests
  • reference requests
  • getting back in touch

View Eric Romang’s full profile to...

  • See who you and Eric Romang know in common
  • Get introduced to Eric Romang
  • Contact Eric Romang directly

View Eric's full profile

Viewers of this profile also viewed...