Multi-criteria modelling of vulnerabilities (graphs and hypergraphs)
Using graphs to represent CVEs, their attributes, and complex relationships, enabling in-depth analysis.
Cybersecurity · Vulnerabilities · Threat Intelligence
Engineer - PhD student
I am studying the prioritisation and optimisation of vulnerability management through graph and hypergraph learning in order to provide more context and leverage for the industry.
🇫🇷 Français🇬🇧 English🇩🇪 Deutsch
Journey
2017-2020
Lycée Schweitzer, Le Raincy
Double degree: French Scientific Baccalaureate + German Abitur (Abibac section)
2020-2021
Lycée Raspail, Paris 14e
CPGE PCSI
2021-2022
Lycée Carnot, Paris 17e
CPGE PC
2022-2025
ESILV Paris, Courbevoie
Engineering programme in Connected Objects and Cybersecurity
2023-2025
Thales Digital Factory, Paris
Cybersecurity, Threats and Vulnerabilities Engineering Apprentice
2025
HeadMind Partners Belgium, Bruxelles
Cybersecurity and Security Risk Consultant Internship
2025-présent
Thales Digital Factory, Paris
PhD thesis
CPGE = Preparatory class for French grandes écoles
PCSI = Physics, Chemistry and Engineering Science
PC = Physics and Chemistry
Research areas
Community analysis and spectral partitioning
Study of vulnerability clusters to identify similar families or behaviours.
Prediction via graph learning
Using graph machine learning to anticipate the evolution, exploitation and criticality of vulnerabilities.
Publications
Beyond the CVSS: Rethinking the Contextualisation of CVEs in a Connected World
ECCWS 2024
In the context of globalized information technology, managing the ever-increasing number of CVEs has become one of the biggest challenges for security teams. It is no longer enough to rely solely on CVSS scores: effective vulnerability management requires contextualisation, taking into account both technical and business impacts. This document explores maturity levels in vulnerability management, the role of new indicators, and the growing dependence on the NVD, whose disruption in 2024 highlighted critical weaknesses in current processes.
Projects
Automated CVE detection and prioritisation system
doneDevelopment in Python of a tool packaged under Linux that automatically analyses an inventory of assets and identifies associated vulnerabilities. CVEs are prioritised according to several criteria (CVSS, context, EPSS, available exploits, asset criticality) in order to establish a relevant patching order. The tool generates a daily summary sent by email to security teams and produces a spreadsheet consolidating all the results.
Company project
Analysis of zero-day vulnerabilities and study of their patterns
in progressStudy of the behaviour of zero-day vulnerabilities through the analysis of several databases (NVD, MITRE, ExploitDB, ZeroDay Initiative, etc.). Extraction of patterns and trends in order to anticipate future critical vulnerabilities.
Contact
I am open to collaborations, conferences, or questions. Feel free to contact me!