Protect your business in cyber space
Our approach is based on curiosity, respect, expertise, agility and common sense.
Our company
Our multidisciplinary team combines skills in Information Systems Security governance consulting, technical expertise in network, system and architecture, penetration tests and security analysis including digital forensics..
Our aim is to continuously progress in what our clients expect of us: strong commitment towards them, insatiable curiosity, perseverance, operational effectiveness, high moral values and intellectual rigor in our analysis.
Founded at the end of 2021 with its headquarters located in Paris, Cartesian Lab is a company that belongs to the Altum&Co group and therefore is ran exclusively by its partners.
Cross-cutting approaches to implementing security measures
Top-down approach
Security measures must be based on the pillars of understanding the business, continuous analysis of threats and knowledge of one's own weaknesses.
Bottom-up approach.
Only a perfect knowledge of Information Systems management and attack methods enable efficient security measures to be put into place.
Our services
- Management / Governance
- audit
- Technical tests
- Response to the incident
Management / Governance
We accompany our clients in the continuous improvement of their cybersecurity with missions of :
- Risk analysis (EBIOS-RM method)
- Management awareness
- CISO support
- Information System Security Policy formalization
- Definition and specifications of security principles on the organization, the procedures and the architectures (in-depth defense)
Management / Governance
We accompany our clients in the continuous improvement of their cybersecurity with missions of :
- Risk analysis (EBIOS-RM method)
- Management awareness
- CISO support
- Information System Security Policy formalization
- Definition and specifications of security principles on the organization, the procedures and the architectures (in-depth defense)
audit
Audits allow to measure the gap between a target state and the current situation. We combine interviews and technical analysis to put in perspective theoretical knowledge and actual practices.
Our audits are conducted based on normative references, regulatory obligations, contracts, or state-of-the-art practices : - ISO 2700x, 20 Critical Security Controls, ... - II 901, Essential Infrastructure Operators, GDPR, ... - OWASP, SDLC, ...
Technical tests
During penetration tests we put ourselves in the position of an attacker and use similar methods and techniques to test our clients' ability to detect and counter attacks. We implement Red, Blue and Purple Team approaches to train teams and improve the effectiveness of the tools used by the Security Operation Center and Computer Security Incident Response Team.
We also perform technical testing and auditing on specific components or applications to enable our clients to ensure their strength before they are released to production. Black, Grey and White Box approaches are used and when necessary we are able to perform code analysis and reverse engineering.
Response to the incident
As part of an extension of the Computer Security Incident Response Team's training, we have the capabilities to intervene in the handling of a security incident. We can help our clients understand how the attacker committed the act, define, maintain and support the implementation of the security recovery strategy, and collect opposing evidence to file a complaint.
ediscovery more details
Solutions and products
SanctuarIS is a virtual secure desktop platform, capable of meeting all regulatory requirements for collaboration between internal teams, business and technology partners, regardless of their location. Accessible from a browser, SanctuarIS offers workstations under Windows or Linux, deployed and managed by the business, and operated by technical administrators or a trusted technology partner for operational and security maintenance. With SanctuarIS, the company retains control of the information by applying its security policy to the platform and has the choice of installing it either in the Cloud or On Premise.
Elephantastic is a heterogeneous data processing and investigation platform. It is based on a custom made backend and combined with an Elasticsearch stack. Data is not only indexed in full text but also normalised to extract significant information such as usernames, dates, addresses, geolocation information, emails, IP addresses, etc. This approach allows entities to be correlated in the application in both a simple and efficient manner.
Team members
Bertrand de
Turckheim
A graduate from Ecole Polytechnique, ENST (Telecom) and the Collège Interarmées de Défense, Bertrand spent 26 years as a special forces and intelligence officer, divided between operational units in France and abroad (Africa, South America, Central Asia, Balkans) and staff positions.
He was then Chief Operating Officer of a risk management company, which he left to create Axis in late 2005 with Jean- Renaud Fayol.
NICOLAS DE
RYCKE
Nicolas co-founded C4IFR in 2000, where he developed knowledge and technical expertise in Internet influence and digital forensics before joining Axis in 2006 to lead this prime activity.
Nicolas has a double background in management and IT security.
He is a graduate of ESLSCA and EGE where he has been teaching internet forensics for the past 10 years, and regularly attends the main international training courses in IT security.
DENIS
PÉLANCHON
After a career as an officer and engineer in the French Army specifically in electronics and computer science, (notably in the Military Intelligence Directorate) Denis became an expert in information systems security management.
He joined Axis&Co in 2007 to take on cybersecurity and digital forensics and now manages the Cartesian Lab division specialising in cybersecurity and protection.
He is a graduate of the Enseignement Militaire Supérieur Scientifique et Technique and holds a specialised Masters in eBusiness from Grenoble École de Management.
SEBASTIEN
BOURDON
Sébastien is a Telecom INT engineer and a consultant in strategic information, risk and cybersecurity management. He assists security managers (CISO, Security, Digital transformation, DPO) in governance and change management, pilots international programmes and gives a "business" meaning to audits and technical expertise (IT, OT, service management...).
Télécom Sud Paris engineer, certified Iso27001 lead implementer, ITIL, IHEDN auditor in economic intelligence, assistant lecturer, he is also responsible for specialized training courses (UGA, GEM) and institutional study committees (Union IHEDN, ANSSI correspondent, CNIL, Cybermalveillance, CLUSIR, EBIOS/ Iso27000). He manages the cybersecurity governance consulting activity
ARGIT
JANAQI
Argit started his carrier at Axis & Co in 2012 as an intern from the Master SAFE (Security, Audit, Forensics for Enterprises) of the University Joseph Fourier (Grenoble-Alpes).
His mission was to develop the “digital forensics” branch of the company. Since then, he became an expert in the digital forensics field and has participated in over a hundred investigation operations. He has also developed skills in designing secure information systems as well as conducting incident-response operations, security audits, and penetration tests.
His experience in different cybersecurity fields make him a valuable asset of the company and he has been appointed Director of the digital forensics department of Cartesian Lab.
Our consultants
and our pentesters
Our consultants practice OSInt, perform risk analysis following the EBIOS-RM approach, and master the various normative frameworks for cybersecurity governance.
Our pentester are experts in Windows, Unix and Linux, are highly skilled and experienced in sysadmin, webapp security expertise, vulnerability research, reverse engineering specialists, guru C, Python and VueJS, black belt docker and cloud architecture.
Some have qualified for 5 consecutive years for the CTF Defcon in Las Vegas or have published cases in the trade press.
