Richter > Our experts > Bertrand Milot

Bertrand Milot

Funny, honest, loyal.

Innovative, passionate, hardworking and enthusiastic, Bertrand Milot is known for his integrity, innovation, rigour and creativity. He is also famous for his witty turn of phrase. He’s incredibly good at his job and he’s a fun guy to be around; what’s not to love?

Bertrand has nearly 20 years of experience in cyber security as well as information security, risk and corporate governance management. He has also led several cyber investigations and managed major crises related to cyber security incidents, particularly involving ransomware attacks.

Bertrand conducts thorough risk analyses that take into account both the physical and logical security of information as well as vulnerabilities in terms of people, processes and technology. He draws on his extensive knowledge to render organizations cyber resilient and capable of withstanding emerging threats. He is one of the rare experts able to conduct complete physical and technological barrier tests that include a full range of potential threats.

Over the years, Bertrand has specialized in European and North American financial markets (TMX Group, Euroclear, SA/NV), consulting, aerospace (Bombardier) and banking (Kotio SA, Croesus Finansoft). He taught at Université d’Évry and Polytechnique Montréal and has authored several articles and speeches on security problems related to cloud services, on cyber bullying in a corporate setting and on the challenges of protecting personal and corporate data.

Fields of Expertise

  • Cybercrime and cyber crisis response
  • Cyber investigations and cyber forensics
  • Strategy governance and risk and security management programs (GRC and ISMS)
  • Security Information and Event Management (SIEM)
  • Intrusion detection and prevention system (IDS/IPS)
  • End-user protection solutions (anti-virus, anti-malware, anti-ransomware, HIDS)
  • Vulnerability assessments (VA and penetration tests)
  • Encryption management or certificate authority system (PKI/HSM)
  • Access management tools (IAM)


  • Financial markets
  • Banks and fintech companies
  • Aerospace and transportation
  • Energy and heavy industries
  • Medical and pharmaceutical
  • Web and e-commerce

Certification planning

  • COBIT5
  • ISO 27001 and 31000
  • NIST800-53
  • SANS CyberFramework
  • SSAE3416


  • SCCISP (Smart Cities & Critical Infrastructure Security Professional)
  • C|BP (Certified Blockchain Professional)
  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information System Controls)
  • CRMP (Certified Risk Management Professional)
  • CRMP-F (Certified Risk Management Professional – Finance)
  • PCSM (Professional Cloud Security Manager)
  • C|CISO (Certified Chief Information Security Officer)
  • ISO 27001 LA (ISO 27001 Lead Auditor)
  • Certificate, Cyber Fraud, Université de Montréal, 2016
  • DESS (equivalent of master’s degree) Université Vincennes-Saint-Denis (Paris VIII), 2004
  • DEUG (general academic studies degree) Université Panthéon Assas (Paris II), 1998

Professional and community involvement

Association de sécurité de l’information du Montréal métropolitain – President, since 2018

Lecturer on cyber security and risk management, since 2012

  • OIQ – Ordre des ingénieurs du Québec
  • OAGQ – Ordre des arpenteurs-géomètres du Québec
  • ISACA – Information Systems Audit and Control Association
  • ASIMM – Association de sécurité de l’information du Montréal métropolitain
  • Événements Les Affaires

Columnist specialized in matters of IT and security, since 2015

  • HRM Facteur H
  • TC Finance Investissement

Member of professional associations, since 2010

  • ISACA Montréal
  • ASIQ

Public recognition

  • Author. “The Internet of Everything consumes both you and your real estate business”. Espace Montréal magazine, September 2017.
  • Quoted in an article. “Les comptables, nouveaux chevaliers de la cybersécurité,” Les Affaires, May 2017.
  • Internet des choses : des risques pour le monde financier ?,” Finance et investissement, April 2017.