Gérard Levicki – Cybersecurity Consultant
Protect your business and your customers
- An independent cybersecurity consultant serving businesses and local authorities
- Outsourced CISO, audits, pentests, and NIS2/DORA compliance
- A cybersecurity risk-based approach
- Security serving business, not the other way around
- Clear action plans, controlled budgets, measurable results
- Initial diagnosis offered to identify your real priorities
+ 25 years of experience
+ 10 million pieces of protected data
+ 40 trusted partners
Securing the company without hindering its operations
Cybersecurity is not just about installing tools. Above all, it is about protecting your ability to operate, preserving your data, and ensuring your customers' trust.
As a cybersecurity consultant, I work alongside management to transform security into a performance driver: business continuity, risk control, regulatory compliance, and peace of mind for teams.
Every organization has its constraints: limited budgets, legacy systems, small teams, new obligations. My role is to build protection tailored to your reality, not a theoretical model.
Cross-functional expertise, from strategy to technical matters
My support covers all the needs of a modern company:
governance and risk management
Identify what needs to be protected as a priority: sensitive data, critical processes, reputation. Governance translates these issues into simple rules, clear responsibilities, and a consistent budget.
organizational and technical audits
Audits enable us to move beyond impressions and rely on facts: system configuration, internal practices, actual exposure. They result in a prioritized action plan.
penetration testing and exposure assessments
Pentests simulate an attacker to check whether compromise is possible. The goal is not to scare people, but to actually fix exploitable vulnerabilities.
regulatory compliance
NIS2, DORA, and GDPR impose specific requirements. I translate these texts into operational measures tailored to your size, without unnecessary additional costs.
incident response and crisis management
When a crisis occurs, a method is needed: contain, understand, restore, then secure for the long term. Improvisation always costs more than preparation.
employee awareness
The majority of attacks begin with human error. Short, regular training sessions drastically reduce the risk.
Before discussing solutions, I always start by understanding your business: what absolutely must continue to function? The entire strategy is built around this answer.
Book your initial audit
Let's take five minutes to discuss you and what you expect in terms of cybersecurity.
Outsourced CISO: security management on demand
Many companies do not have the size or resources to hire a full-time CISO. Outsourced CISO services provide access to senior, flexible, and independent expertise.
In concrete terms, this means:
-
a security strategy aligned with your objectives,
-
regular monitoring of priority actions,
-
dashboards that are understandable to management,
-
a reliable intermediary between you and your IT service providers,
-
structured preparation for NIS2 and DORA requirements.
This gives you a dedicated security manager without the hassle of internal recruitment.
Compliance and risk management
Regulatory obligations are multiplying and can become difficult to understand. My role is to translate these texts into concrete actions:
-
risk analysis according to the EBIOS RM method,
-
NIS2 and DORA compliance roadmap,
-
ISO 27001 support,
-
personal data protection (GDPR),
-
securing critical service providers.
The goal is not only to comply, but to truly improve your level of security.
Audits and tests: measure before acting
Investing blindly is the best way to waste your budget. Audits allow you to identify precisely where the real weaknesses lie:
-
cybersecurity maturity audit,
-
technical audit of systems, networks, and applications,
-
cloud and Active Directory audit,
-
ISO 27001, GDPR, NIS2, and DORA compliance audit,
-
internal and external penetration testing.
Deliverables are designed to be useful: clear priorities, estimated costs, realistic action plan.
Incident response: limiting the actual impact
When an attack occurs, every hour counts. I intervene to:
-
manage cyber crisis management,
-
organize the investigation and forensic analysis,
-
activate PCA and PRA,
-
draft the PUPA and regulatory reports,
-
coordinate internal and external communication.
The priority remains the same: resume operations as quickly as possible while preserving evidence and complying with legal obligations.
Areas of expertise
I cover the main environments encountered in business:
-
Windows/Linux system security, Active Directory, IAM/PAM, EDR/XDR,
-
network security: firewall, segmentation, VPN, IDS/IPS, Wi-Fi,
-
application security: OWASP, DevSecOps, API, CI/CD,
-
cloud security: AWS, Azure, GCP, CASB,
-
data protection: encryption, DLP, backups,
-
industrial environments and IoT.
This comprehensive view helps avoid siloed approaches that always leave blind spots.
Awareness and training
Technology is not enough if teams are not prepared. I propose:
-
training for managers and IT teams,
-
phishing awareness programs,
-
awareness-raising conferences,
-
Establishment of a sustainable safety culture.
An informed employee is often the best defense against attacks.
Sectors supported
My experience adapts to a variety of contexts:
SMEs and mid-sized companies
SMEs and mid-sized companies rarely have a dedicated cybersecurity team, even though their exposure is equivalent to that of large corporations.
I tailor measures to the company's actual budget: simple priorities, essential protections, clear organization of responsibilities, and a progressive action plan.
The goal is to achieve a solid level of security without excessive complexity.
Local authorities
Local authorities manage sensitive data while having to ensure the continuity of public services.
I work to secure business systems, support regulatory obligations, and structure information security governance.
Particular attention is paid to user protection and resilience against ransomware.
Healthcare facilities
The healthcare sector combines highly sensitive data, significant operational constraints, and 24/7 availability.
My approach prioritizes the protection of patient records, the security of connected devices, and continuity of care.
Business continuity plans are designed to limit any impact on medical care.
Industry
Industrial environments combine IT and OT with demanding production constraints.
I help secure industrial networks, controllers, and supervision systems without interrupting operations.
The priority is to prevent any spread between the office environment and production tools.
Finance and insurance
These organizations are particularly vulnerable to fraud, regulation, and traceability requirements.
I support identity management, transaction protection, and DORA/NIS2 compliance.
The measures put in place are designed to strengthen the confidence of customers and partners.
E-commerce and SaaS
Platform availability and customer data protection are vital to these business models.
I work on application security, payment protection, access management, and cloud environment monitoring.
The goal is to reduce the risk of fraud and service interruptions.
Associations and mission-driven organizations
These organizations often have limited resources while handling sensitive personal data.
I offer pragmatic and affordable solutions: essential best practices, protection of collaborative tools, and awareness-raising among volunteers and employees.
Security becomes a support to the mission rather than a constraint.
Service areas
al intervention in France and remote
Based in France, I work in:
-
On site: Paris, Lyon, Marseille, Toulouse, Lille, Bordeaux, Nantes, Rennes, Strasbourg,
-
remotely anywhere in France and internationally.
Human connection remains essential, even in a digital world.
Frequently Asked Questions
Frequently asked questions
What is a cybersecurity consultant?
An independent expert who assesses the company's risks, defines a strategy, oversees technical and organizational actions, and supports management in fulfilling its obligations.
When should an audit be conducted?
Before a major project, during rapid growth, to prepare for NIS2/DORA, or after a significant incident.
Is an IT service provider sufficient to manage cybersecurity?
A good IT service provider manages the infrastructure, not the overall security strategy. The cybersecurity consultant acts on the management side: risk analysis, supplier control, compliance, and governance. The two roles are complementary.
Internal or outsourced CISO?
The outsourced CISO offers senior expertise that is immediately operational, without recruitment costs and with a broader vision than that of a purely internal profile.
How much does coaching cost?
The budget depends on the scope: one-off assignment, targeted audit, or monthly CISO package. An initial assessment allows us to accurately estimate requirements.
How can cybersecurity be prioritized when the budget is limited?
The priority is not to purchase tools, but to protect vital functions: reliable backups, controlled access, reduced Internet exposure, and an incident response plan. A three-level roadmap allows you to invest first where the business risk is greatest.
How long does it take to achieve an adequate level of security?
The first visible gains are achieved within 1 to 3 months. A comprehensive approach, including governance, technology, and training, takes 12 to 18 months with measurable milestones.
Why choose Mobhitech?
My goal is not to sell solutions, but to actually reduce your exposure.
Principle
Responsibility assumed and genuine commitment
Cybersecurity is primarily based on responsibility.
Every decision made, every recommendation made, and every action taken must produce a measurable result.
I believe that responsibility is shared:
-
I am personally committed to the quality of my analyses and deliverables;
-
I make clear and actionable recommendations;
-
I remain involved until concrete results are achieved.
Accountability also means keeping your commitments:
meeting deadlines, consistency in decisions, transparency about limitations, and actively seeking solutions.
This requirement creates a working environment based on trust, clarity, and continuous improvement.
Strategy
Vision as both risk and business opportunity
Cybersecurity cannot be solely technical.
A security measure only makes sense if it actually protects the business.
Each project is analyzed from two complementary perspectives:
the level of reduced risk and the impact on the company's operations.
The goal is not to block, but to secure intelligently.
Effective protection must preserve team agility, support performance, and strengthen partner confidence.
Security then becomes a strategic lever, rather than an imposed constraint.
Service
Deliverables designed for executives
A technical report is only valuable if it guides action.
Accumulating pages of jargon does not protect the company.
My deliverables are structured for management purposes:
executive summary, short-term priorities, estimated budget, monitoring indicators.
Each recommendation is contextualized and prioritized.
You have a clear roadmap for making decisions, planning, and demonstrating progress to your partners, auditors, or authorities.
.
Sizing
Budgets tailored to SMEs
Cybersecurity must remain appropriate to the size and resources of the organization.
An SME does not have the same needs as a large corporation.
I develop progressive action plans aligned with your human and financial resources.
The objective is to quickly achieve a significant level of protection without incurring disproportionate costs.
A measured approach allows for lasting improvements in safety without undermining the economic stability of the company.