Who am I ?

Hugo, 23y-o, DevOps in the SOC team @OVH.

I love to build applications that have a relatively complex interaction with the Linux system (containers / VMs / managing users...).

This page is an online CV where I can present my experiences and the projects I am proud of. If you prefer an offline version, here it is.

If you want to talk (for any reason), please contact me. I do not bite (too much)

Skills


Django, Flask, and a LOT of scripting.
Python is the language I use every day whenever I have something to automate.
Some experiences in both Java and Android. At HubSpot all the work was done in Java
Really useful, I've used it to isolate services when hosting a CTF, the deployment of a dockerised application is really easy.
As good a reverse proxy as a cache engine. Really powerful and lightweight software.
A new way of thinking for me, but I have a lot of projects at TCD that use Haskell, so I'm learning!
I reviewed a LOT of PERL code during my security internship at OVH, so I don't really have a big experience in writing PERL code but I have quite a nice one in exploiting it.
Just the basis, I can read a program using documentation.
I love web security. RCE / SQLi / XSS / SSRF / race conditions etc...
I do a lot of CTFs (Capture The Flag) and challenges online (root-me.org for example.).
Also my two previous internship were in pentesting.
Sooo fast, but such a pain to handle idempotency because of the at least one semantics.
Oracle / MySQL / PostgreSQL / SQLite. I use SQL regularly and I learnt some tricks while playing CTFs. However I never used it on a big database (<1Go).
I did a lot of school project in C or C++.
Symphony, Wordpress and scripting. It's a nice language to learn web security.troll troll troll
Only in class. A2 level.
Really vague isn't it ? I love Linux, especially Debian based distributions. That's the OS I use every day. I created CTFs based on this OS (an example here: Pedagogic CTF).
With Github/Stash...
Really nice language, it is quite new for me but I work with it whenever I can.Congratulations Google!
Some tools/techniques I use a lot: nmap, DNS subdomain bruteforce, Recognition based on dnsrecon, Common Sense
I used them a lot to retrieve application secrets or variables.
Only in class. A2 level.

Note: Evaluate its own skills is quite a complicated exercise. I know I'll never totally master a domain so I prefer to rank my skills between them, in a subjective way, rather than in percentage of mastery.

  • DevOps in OVH's SOC team

    September 2017 - now

    I build security features using Go, Python, Docker..

    OVH is a major player in the European cloud market. It's so great to be part of this highly growing tech company, especially in the Security Operation Center team

  • Software Engineer Internship at HubSpot

    Summer 2017, 4 months

    I was part of the notification team and worked on highly available APIs, database migrations, reporting tools.

  • OVH internship

    Summer 2016, 4 months

    Establishment of a bugbounty : Bug Bounty. Discussion with the hackers and the internal teams.
    Pentest of OVH applications in white box (especially the public api.ovh.com) and a lot of opensource applications running on Linux.

  • INSECURITY club

    Sept 2014 - May 2017 (3 years)

    INSA club which offers courses from external speaker. We participated at CTFs and online security challenges.
    We organise CTFs and security conferences at INSA de Lyon.
    I designed the whole architecture to host the challenges (more than 400 teams worldwide on the last edition)
    Team with which I play CTF : CTFtime.org
    Website of the association : insecurity-insa.fr.

  • AMOSSYS internship

    June 2015 - Aout 2015 (3 months)

    AMOSSYS is an information security company certificated by ANSSI (French government) performing pentests.

    I performed pentests of web applications and networks with the help of experimented pentesters.

    Another mission was the design of custom VMs and system images (CloneZilla) for an automated deployment of pentest tools.

    The last mission was the design and implementation of a tool (using Django) which centralize the knowledge of the company, so that pentesters have a database on which they can rely on.

  • Security Project

    Oct 2014 - June 2015 (9 months)

    Project coming from a personal initiative. Encouraged by INSA de Lyon. Solving of security challenges coming from specialized websites : Root-me.org et W3Challs.com.

    Manager of a team of 5 people.

  • 24heures de l'INSA

    Sept 2014 - June 2015 (10 months)

    Involved in the 24h de l'INSA association (the biggest european festival organized by students).

    Design of the Wordpress theme. cf: 24heures.org

  • Jarretier Automobile, Carpentras - Dev C/C++ & MySQL

    Summer 2013, 2 months

    1st year internship in a SME (JARRETIER Automobile) Design and implementation of an inventory management application in C / C ++ and MySQL.

  • TCD - Computer Science - Eurasmus

    Sept 2016 - January 2017 (5 months)

    Prestigious Irish school (cf tcd.ie).

  • INSA Lyon - Computer Science

    Sept 2014 - Sept 2017

    In the top 10 of the best french engineering schools (cf letudiant.fr).

  • Preparatory class - INSA Lyon

    Sept 2012 - June 2014 (2 years)

    Physics / Mathematics / Computer Science

  • French Baccaloreat with honors

    June 2012

    High School at Carpentras (France) - Mathematics Option

Contact


Either using hugodelval [at] gmail [dot] com or either using the form below: