CLIENT TESTIMONIAL

1- Could you briefly introduce yourself : your company, your position, your responsibilities?

 

"I am Cédric Foellmi, Engineering Director at ASELTA Nanographics. ASELTA is an SME of 30 people, a spin-off of the CEA, which has been in existence for more than 10 years now. We make extremely specific software for chip manufacturers and lithographic masks that will be used to make chips.

 

For my part, I am responsible for the development team, which consists of about 12-13 people, and my role is to organise the development. I attach a lot of importance to 'Continuous Delivery', i.e. our ability to deliver software all the time, reliably. To achieve this, we organise a lot of automation and testing, and we have a small internal team that carries out dedicated high-level testing campaigns. So I'm in charge of organising all that, the releases, the development, the priorities in the development, etc."

 

​

​

2- For what type of need did you call upon CyberSecura? What was the trigger?

​

"We started fundraising several months ago because ASELTA needs to continue to grow and develop. In the context of fundraising, it is necessary to be able to prove a certain quality of infrastructure: we therefore needed a security audit.

​

It is important to specify that ASELTA does High Performance Computing (HPC). We have a small computing farm, and extremely sensitive customer data that needs to be protected. We therefore have an infrastructure which, for reasons of security and confidentiality, cannot be in the cloud. We have a substantial infrastructure for an SME of this size, and it is this infrastructure, which is key to ASELTA's operation, that was audited by CyberSecura."

​

​

​

3- Why did you choose to entrust these missions to CyberSecura rather than to someone else?

​

"I knew a little bit about CyberSecura. I had the opportunity to work in different contexts, and I came across David Rozier, with whom I kept in touch via LinkedIn. When we were looking for a service provider for this mission, I thought it would be better to turn to someone I knew, and who was part of the Grenoble fabric."

​

​

​

4- Did you have any fears before the project was set up?

​

"Yes, of course, and it was to work on these fears that we called in CyberSecura. Our main fear was that we would discover things that we had forgotten, or not considered well enough, even though the fundraising process had begun. However, we preferred to know the situation as it was so that we could act on it rather than turn a blind eye.

 

That's why we turned to CyberSecura, to work on that fear and to reassure us about the security of our organisation.

We were also afraid of discovering the extent of the patches to be applied, in terms of use of resources, time or money. We were really moving into the unknown.

So our fears were more related to the outcome of the audit, rather than the process itself."

​

​

​

5- What are the challenges in your business today?

​

"The software we make has the particularity of being used in extra-secure environments, which do not communicate with the outside world. The challenges do not directly concern the software that we make, even though it must still demonstrate certain qualities, in terms of performance, design, etc.

But since this software is not and will never be connected to the outside world, it does not need to be as secure as our infrastructure needs to be.

On the other hand, internally, the stakes on the infrastructure we use are various: first of all, there are the potential attacks we have to be able to face, since it is quite possible that we are subject to industrial espionage attacks for example. In addition, we can also mention the issue of data confidentiality, since our customers entrust us with data that is sometimes sensitive, data that represents their intellectual property: it is therefore essential that this information cannot leak to the outside world."

​

​

​

6- How would you describe the work of CyberSecura, its team, in just a few words?

​

"I would say 'educational'. That's the quality I really remember, both from Saghar, David and the other consultants. They were never stingy with explanations, and that's important because these are issues that we only partially master. I really appreciated this educational aspect, which at each stage, allowed us not only to do but also to understand what was going on."

​

​

​

7- What are the results of this collaboration? 

​

"So I'll talk about two results.

​

The first result is that we obtained an official audit that we were able to include in the data room for the fundraising. This required real iterative work: not everything was done at once. CyberSecura provided us with a first purely technical result, identifying certain critical flaws to be corrected before making the final report.

​

And this is the second result: this final technical report produced by CyberSecura, which serves as a roadmap for us, with a detailed list of fixes to be put in place.

​

So the first result is the official audit that was essential for us in the context of our fundraising, and the second result that I will mention is the technical report of the audit, which allows us to continue to move forward on these cybersecurity and data protection issues internally."

​

​

​

8- What did you like most about CyberSecura's solution?

​

"The elements that we appreciated most were the teams' pedagogy, the fact that the company is based in the Grenoble area, and the teams' responsiveness. Like any startup looking to raise funds, we sometimes needed to move forward quite quickly on certain subjects, and CyberSecura was always ready to listen and very reactive. This is sometimes key to getting the startup in the right position at the right time."

​

​

​

9- What advice would you give to organisations facing the same challenge as you?

​

"I would advise them never to underestimate the importance of cyber security and data protection. Everyone knows it's important, but not everyone acts on it, which is a great shame, because for a very reasonable budget it is possible to get started.

CyberSecura also knows how to adapt, in this software world, where everything is iterative. We can then have this iterative approach, which is perfectly integrated into the daily work of organisations. It's something you don't realise, but it's really necessary to integrate these security governance aspects into the developers' posts.

​

So I would advise them to make this cybersecurity approach part of their company or organisation's continuous improvement approach."

​

​

​

10- Would you recommend CyberSecura to others? For what reason(s)?

​

"Yes, for the reasons mentioned: it is a Grenoble-based company, there are many companies in Grenoble specialising in software, for whom cybersecurity issues are crucial. So I would recommend CyberSecura for their pedagogy, as well as for this iterative way of working."