Gérard Levicki
My services – Cybersecurity consultant
A comprehensive offering to protect your business
As an independent cybersecurity consultant, I support organizations throughout the entire security cycle: strategy, assessment, compliance, technical protection, and crisis management.
Each service can be provided separately or as part of a comprehensive support package, depending on your priorities and maturity level.
Outsourced CISO / Shared CISO
The outsourced CISO service provides you with operational security management without the constraints of internal recruitment.
I act as your single point of contact to define strategy, oversee action plans, and liaise with your service providers.
You have a clear view of the risks, indicators that management can understand, and continuous monitoring tailored to your budget.
Security strategy aligned with the business
Define a clear roadmap based on your actual risks and business objectives.
Action plan management
Regular monitoring of construction sites, prioritization of measures, and coordination of internal teams and service providers.
Management dashboards
Simple indicators to understand risk trends and justify budget decisions.
Interface with IT service providers
Translation of technical issues to defend your interests when dealing with integrators and publishers.
Cybersecurity audit
Audits enable us to move beyond impressions and rely on measurable facts.
I evaluate your organization, systems, and processes to identify vulnerabilities that can actually be exploited.
The findings result in a prioritized, costed action plan tailored to your business context, whether it is a technical, organizational, or regulatory audit.
Maturity audit
Comprehensive assessment of your organization to identify strengths, weaknesses, and priorities.
Technical audit
Analysis of systems, networks, and applications to detect exploitable vulnerabilities.
Regulatory audit
Concrete verification of NIS2, DORA, GDPR, or ISO 27001 requirements.
Costed action plan
Deliverable operational with priorities, estimated costs, and realistic schedule.
Safety tests
Penetration testing simulates the behavior of an attacker to verify the effectiveness of your defenses.
Whether internal, external, or application-based, these tests reveal concrete attack vectors before an adversary discovers them.
The results are presented in a pragmatic way to enable rapid and lasting correction.
External pentest
Simulate an attack from the Internet to measure your actual exposure.
Internal pentest
Risk assessment in the event of a workstation or account compromise.
Application and API testing
Search for vulnerabilities in your business applications and interfaces.
Usable restitution
A clear report focused on correction, without unnecessary alarmism.
Cybersecurity advice and consulting
Beyond specific assignments, I assist executives and CIOs in their structural decisions: secure architecture, choice of tools, organization of responsibilities, and securing business projects.
The goal is to reconcile safety requirements and operational constraints so that protection truly enhances performance.
Secure architecture
Designing technical solutions compatible with your operational constraints.
Project support
Integrating security from the outset to avoid additional costs later on.
Choice of relevant tools
Support for independent decision-making by publishers and the effects of trends.
Pragmatic governance
Organization of roles and responsibilities tailored to your size.
Risk Management & Compliance
Regulatory requirements are changing rapidly: NIS2, DORA, GDPR, ISO 27001.
I translate these frameworks into concrete actions, proportionate to your size. Risk analysis becomes a management tool, rather than an administrative exercise, enabling you to demonstrate compliance while improving your actual level of security.
EBIOS RM analysis
Structured method for linking threats, vulnerabilities, and business impacts.
NIS2 / DORA trajectory
A step-by-step compliance plan that fits your budget.
ISO 27001 / GDPR compliance
Translation of requirements into concrete and documented measures.
Securing service providers
Access and contract control to limit third-party risk.
Incident response & crisis management
When an attack occurs, the priority is to limit the impact on business.
I step in to organize crisis management, coordinate the investigation, activate the BCP/DRP, and prepare regulatory requirements.
Experience shows that a structured approach makes the difference between a controlled incident and a prolonged shutdown.
Cyber crisis management
Organization of decisions and coordination of actors under pressure.
Investigation & forensics
Technical analysis to understand the attack and prevent recurrence.
PCA / PRA
Measures to restart operations in degraded mode.
Controlled communication
Management of legal obligations and relations with stakeholders.
Awareness raising & training
Technology alone is not enough. I design awareness-raising initiatives tailored to your teams: executives, business lines, IT specialists.
Phishing exercises, practical workshops, and internal conferences help establish lasting reflexes and significantly reduce human risk.
Executive training
Understanding the issues without jargon to make better decisions.
Phishing awareness
Realistic exercises to develop the right reflexes.
Safety culture
Regular actions to embed practices over time.
Internal conferences
Interventions tailored to your business and context.
Higher education
Convinced that cybersecurity is also built through knowledge transfer, I am available to contribute tohigher education through lectures, tutorials, conferences, or student project support.
This involvement helps to train future professionals and promote a safety culture rooted in reality.
Courses and lectures
Sharing experiences with computer science or management students.
Project management
Support for practical work related to real-world business security.
Specialized conferences
Conveying a pragmatic vision of cybersecurity.
Company–school bridge
Matching professional needs with academic training.
Why choose me?
Strategic and operational expertise
I bring a comprehensive and pragmatic approach to cybersecurity, with the ability to identify both major risks and concrete measures to mitigate them.
This dual expertise allows strategy and operations to be coordinated without any loss of efficiency.
Personalized support tailored to your situation
Every organization is unique: sector, size, maturity, constraints.
I develop action plans tailored to your specific situation, whether it involves a targeted audit, ongoing monitoring, or regulatory compliance.
Clear communication for managers and teams
Cybersecurity should not be the language of specialists.
I translate technical issues into information that decision-makers can understand, with structured deliverables and actionable recommendations for the entire organization.
Independence and integrity of advice
I am not affiliated with any publisher or solution provider.
My recommendations are based solely on your needs and the information provided about your situation, ensuring an objective approach that prioritizes your safety.
As an independent cybersecurity consultant with proven experience in the field, I combine a strategic understanding of digital risks with the ability to translate these issues into concrete actions for organizations of all sizes.
My approach is structured, results-oriented, and focused on actually reducing your cyber exposure, while facilitating decision-making for executives.
When you call on me, you are choosing expertise that combines technical rigor, a sense of business priorities, and pragmatic support.