Bertrand Milot




Phone: 514.934.3400, 4702
Address: 1981 McGill College, 11th Floor
Montréal, QC H3A 0G6


Risk, Performance and Technology Services

Bertrand Milot is Vice-President in Risk, Performance and Technology Advisory Services. He has nearly 20 years of experience in cyber security as well as information security, risk and corporate governance management. He has also led several cyber investigations and managed major crises related to cyber security incidents, particularly involving ransomware attacks.

Bertrand conducts thorough risk analyses that take into account both the physical and logical security of information as well as vulnerabilities in terms of people, processes and technology. He draws on his extensive knowledge to render organizations cyber resilient and capable of withstanding emerging threats. He is one of the rare experts able to conduct complete physical and technological barrier tests that include a full range of potential threats.

Over the years, Bertrand has specialized in European and North American financial markets (TMX Group, Euroclear, SA/NV), consulting, aerospace (Bombardier) and banking (Kotio SA, Croesus Finansoft). He taught at Université d'Évry and Polytéchnique Montréal and has authored several articles and speeches on security problems related to cloud services, on cyber bullying in a corporate setting and on the challenges of protecting personal and corporate data.

Areas of Expertise

  • Strategy governance and risk and security management programs (GRC and ISMS)
  • Security Information and Event Management (SIEM)
  • Intrusion detection and prevention system (IDS/IPS)
  • End-user protection solutions (anti-virus, anti-malware, anti-ransomware, HIDS)
  • Vulnerability assessments (VA and penetration tests)
  • Encryption management or certificate authority system (PKI/HSM)
  • Access management tools (IAM)
  • Financial markets
  • Banks and fintech companies
  • Aerospace and transportation
  • Energy and heavy industries
  • Medical and pharmaceutical
  • Web and e-commerce

 Certification planning

  • COBIT5
  • ISO 27001 and 31000
  • NIST800-53
  • SANS CyberFramework
  • SSAE3416

Professional and community involvement

Lecturer on cyber security and risk management, Since 2012

  • OIQ – Ordre des Ingénieurs du Québec
  • OAGQ – Ordre des arpenteurs-géomètres du Québec
  • ISACA – Information Systems Audit and Control Association
  • ASIMM – Association de sécurité de l’information du Montréal métropolitain
  • Évènements Les Affaires

Columnist specialized in matters of IT and security, Since 2015

  • HRM Facteur H
  • TC Finance Investissement

Member of professional associations, Since 2010

  • ISACA Montréal
  • ASIQ


  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information System Controls)
  • CRMP (Certified Risk Management Professional)
  • CRMP-F (Certified Risk Management Professional – Finance)
  • PCSM (Professional Cloud Security Manager)
  • C|CISO (Certified Chief Information Security Officer)
  • ISO 27001 LA (ISO 27001 Lead Auditor)
  • Certificate, Cyber Fraud, Université de Montréal, 2016 
  • DESS (equivalent of master’s degree) Université Vincennes-Saint-Denis (Paris VIII), 2004 
  • DEUG (general academic studies degree) Université Panthéon Assas (Paris II), 1998

Public recognition

  • Quoted in an article “Les comptables, nouveaux chevaliers de la cybersécurité,” Les affaires, May 2017
  • Author. “Internet des choses : des risques pour le monde financier ?,” Finance et investissement, April 2017