Funny, honest, loyal.
Innovative, passionate, hardworking and enthusiastic, Bertrand Milot is known for his integrity, innovation, rigour and creativity. He is also famous for his witty turn of phrase. He’s incredibly good at his job and he’s a fun guy to be around; what’s not to love?
Bertrand has nearly 20 years of experience in cyber security as well as information security, risk and corporate governance management. He has also led several cyber investigations and managed major crises related to cyber security incidents, particularly involving ransomware attacks.
Bertrand conducts thorough risk analyses that take into account both the physical and logical security of information as well as vulnerabilities in terms of people, processes and technology. He draws on his extensive knowledge to render organizations cyber resilient and capable of withstanding emerging threats. He is one of the rare experts able to conduct complete physical and technological barrier tests that include a full range of potential threats.
Over the years, Bertrand has specialized in European and North American financial markets (TMX Group, Euroclear, SA/NV), consulting, aerospace (Bombardier) and banking (Kotio SA, Croesus Finansoft). He taught at Université d’Évry and Polytechnique Montréal and has authored several articles and speeches on security problems related to cloud services, on cyber bullying in a corporate setting and on the challenges of protecting personal and corporate data.
Fields of Expertise
- Cybercrime and cyber crisis response
- Cyber investigations and cyber forensics
- Strategy governance and risk and security management programs (GRC and ISMS)
- Security Information and Event Management (SIEM)
- Intrusion detection and prevention system (IDS/IPS)
- End-user protection solutions (anti-virus, anti-malware, anti-ransomware, HIDS)
- Vulnerability assessments (VA and penetration tests)
- Encryption management or certificate authority system (PKI/HSM)
- Access management tools (IAM)
- Financial markets
- Banks and fintech companies
- Aerospace and transportation
- Energy and heavy industries
- Medical and pharmaceutical
- Web and e-commerce
- PCI DSS
- ISO 27001 and 31000
- CIS CSC (SANS)
- SANS CyberFramework
- SCCISP (Smart Cities & Critical Infrastructure Security Professional)
- C|BP (Certified Blockchain Professional)
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information System Controls)
- CRMP (Certified Risk Management Professional)
- CRMP-F (Certified Risk Management Professional – Finance)
- PCSM (Professional Cloud Security Manager)
- C|CISO (Certified Chief Information Security Officer)
- ISO 27001 LA (ISO 27001 Lead Auditor)
- Certificate, Cyber Fraud, Université de Montréal, 2016
- DESS (equivalent of master’s degree) Université Vincennes-Saint-Denis (Paris VIII), 2004
- DEUG (general academic studies degree) Université Panthéon Assas (Paris II), 1998
Professional and community involvement
Association de sécurité de l’information du Montréal métropolitain – President, since 2018
Lecturer on cyber security and risk management, since 2012
- OIQ – Ordre des ingénieurs du Québec
- OAGQ – Ordre des arpenteurs-géomètres du Québec
- ISACA – Information Systems Audit and Control Association
- ASIMM – Association de sécurité de l’information du Montréal métropolitain
- Événements Les Affaires
Columnist specialized in matters of IT and security, since 2015
- HRM Facteur H
- TC Finance Investissement
Member of professional associations, since 2010
- ISACA Montréal
- Quoted in an article. “Les comptables, nouveaux chevaliers de la cybersécurité,” Les Affaires, May 2017.
- “Internet des choses : des risques pour le monde financier ?,” Finance et investissement, April 2017.