Nicolas Mayer (Ph.D.)
Senior R&T Associate - Information security
Mayer Nicolas
23 fourche des jumeaux
F-57100 THIONVILLE
Personal details
- Date of Birth: May 29th, 1982, in Thionville, France
- Citizenship: French and Luxembourgish
- Holder of a driving licence
Education
- 2009: PhD in Computer science at University of Namur, Belgium
Title: Model-based Management of Information System Security Risk - 2004: Master of Science (DEA) in Computer Science at University Henri Poincaré, France
Area : Telecommunications, Networks and Services - Internship at Centre de Recherche Public Gabriel Lippmann (Luxembourg)
Topic: Modelling and e-Contracting in Virtual Organisations - 2004: Master of Engineering (Engineer degree) at ESSTIN (Ecole Supérieure des Sciences et des Technologies de l'Ingénieur de Nancy)
- Industrial project in 2003 for NOVASEP: Development of a secure website for online consumables selling
- Industrial project in 2002 for SOVITEC: Analysis of a traceability system for the production of glass microbeads (design, database implementation and exploitation, automatic information acquisition)
- 1999: Baccalauréat, area of Science, option: Physics-Chemistry (Lycée Charlemagne, Thionville, France)
Professional experience
- Since 2012-09: Senior R&T associate at Luxembourg Institute of Science and Technology
- Management of projects in the domain of information security
- Oct 21 (in progress): PI of the TELCO2020 project (320 k€): Development of the regulation framework to be used by ILR to integrate 5G technology, the EECC (European Electronic Communiations Code) and the NIS 2 Directive in the SERIMA platform, which is the national regulation plaform managed by ILR (Institut Luxembourgeois de Régulation).
- Jan 18 - Jul 20: PI of the RegTech4ILR Public² project (578 k€): Development of a security risk management framework for both the regulatory authority and Telecommunications Service Providers in the frame of compliance to Article 13a of the EU Directive 2009/140/EC [PUBLIC2-17/IS/11816300]
- Jan 15 – Dec 16 (+ dissemination in 2017): PI of the ENTRI CORE Junior project (452 k€): Development of a model-based approach for security risk management thanks to Enterprise Architecture Management [C14/IS/8329158]
- Jul 13 – Dec 14 : PI of the ISIS project (490 k€): Development of method and tools to improve information security practices in SMEs
- Coordination of the information security pillar for the research group
- Course director of the (professional) Master MSSI (Management de la Sécurité des Systèmes d'information)
- Guidance in ISO/IEC 27001, CSSF 12/544 and PSDC compliance
- Project and PhD definition, publication of scientific and professional articles
- 2010-12 to 2012-08: Chargé de mission at Economic Interest Group "Agence pour la Normalisation et l'Economie de la Connaissance" in charge of the development and follow-up for ILNAS of the IT standardization field
- Management of the "ISO/IEC JTC1 Forum" and "ISO/IEC JTC1 National Day" that are the platforms for IT standardization in Luxembourg
- Management and development of projects for ILNAS
- Follow-up of the ISO/IEC JTC1 (Joint Technical Committee 1) standardization committee, that is the reference committee of ISO and IEC for IT standardization, with a strong focus on cloud computing standardization (ISO/IEC JTC1/SC38)
- Standardization awareness and trainings
- 2009-01 to 2010-11: Product Manager at Centre de Recherche Public Henri Tudor, in charge of the business line Security & Continuity Management
- Management of the set of products and services related to information security
- Coordination of the research team in information security
- Partnership development and presales activities
- Research work and industrial applications in risk management, business continuity management, security standards, security policy and records management
- Guidance in the establishment and management of the Information Security Management Systems (ISMS) of:
- Labgroup (ISO/IEC 27001 certification in 2013)
- IfOnline (ISO/IEC 27001 certification in 2011)
- Luxembourg's Ministry of the Economy and Foreign Trade
- Air Navigation Administration
- Streff
- Sandstone
- Luxembourg e-Archiving (ISO/IEC 27001 certification in 2011)
- European Court of Auditors
- Trainings on risk management and the ISO/IEC 2700x series of standard
- Project and PhD definition, publication of scientific and professional articles
- 2004-09 to 2008-12: R&D engineer at Centre de Recherche Public Henri Tudor
- Development of a risk management framework and method
- Development of a security requirements identification method
- Guidance in the establishment of the Information Security Management System (ISMS) of Codasystem (ISO/IEC 27001 certification in 2008)
- Trainings on risk management
- Publication of scientific and professional articles
- Student works
- August 2003: Summer job at Centre de Recherche Public Gabriel Lippmann
Topic: Design and implementation of an IT inventory application in PHP - July 2002: Summer job at Centre de Recherche Public Henri Tudor
Topic: State of the art on GroupWare tools
Additional qualification and certification
- 2007: ISO/IEC 27001 Lead Implementer
- 2007: ISO/IEC 27001 Lead Auditor
- 2006: ISO/IEC 15504, process assessor
- 2005: ITIL Foundation, certified in IT-Service Management
- 2004: CISCO network certification (CCNA level 4)
Language skills
| Language | Ability to Listen | Ability to Read | Ability to Speak | Ability to Write |
|---|---|---|---|---|
| French | Proficient user (C2) | Proficient user (C2) | Proficient user (C2) | Proficient user (C2) |
| English | Proficient user (C1) | Proficient user (C1) | Proficient user (C1) | Proficient user (C1) |
| German | Independent user (B1) | Independent user (B1) | Independent user (B1) | Independent user (B1) |
| Luxembourgish | Basic speaker (A2) | Basic speaker (A2) | Basic speaker (A2) | Basic speaker (A2) |
Teaching
- Course director of the (professional) Master MSSI (Management de la Sécurité des Systèmes d'information) at the University of Luxembourg from 2012
- University of Luxembourg, Master MSSI (Management de la Sécurité des Systèmes d'Information), lecturer from 2008
- Risk management and ISO/IEC 27005
- ISO/IEC 27001 implementer
- University of Lorraine, Master SSI (Sécurité des Systèmes d'Information), lecturer from 2013
- Standards and standardisation
- ISO/IEC 27001
- Records management
- University Paul Verlaine (Metz), Master SSIC (Sécurité des Systèmes d'Information et de Communication), lecturer from 2007 to 2010
- Risk management and ISO/IEC 27005
- ISO/IEC 27001
- Other (irregular) lectures:
- University of Namur, Master level (2006)
- ICHEC Brussels Management School, Infosafe certificate (2007)
- University of Geneva (2011)
Professional association and standardization committees
- Member of the following standardization technical committees:
- From 2007 to 2010 and then since 2012: ISO/IEC JTC1/SC27 - IT security techniques, mainly WG1 on Security services and guidelines
- From 2010-12 to 2012-08: ISO/IEC JTC1 - Information technology
- From 2010-12 to 2012-08: ISO/IEC JTC1/SC38 - Distributed application platforms and services (DAPS), mainly WG3 on Cloud Computing
- Member of CLUSIL (CLUb de la Sécurité de l'Information Luxembourg) since 2005
- General Secretary from 2013 to 2018