Sign in Subscribe

About me

Last updated on 

My name is Jacques Bourdeau. I was born in 1975 in Chicoutimi, Qc, Canada. It is there that I graduated in computer engineering in 1999 at the Université du Québec à Chicoutimi. I started playing with computers way before entering university though...

In the 1980s, my father bought one of the very first computers in the entire region of Saguenay / Lac St-Jean, the TRS-80!

The TRS-80 ; The first computer we got when I was a kid...

How powerful that computer was... To increase its 32K of RAM up to 64K, you had to solder the chip right on the board. Forget about internal hard drive and even floppy disks... Programs were saved on magnetic tapes, the same that were used for the music at the time, way before the CD and MP3... Our cassette player had a meter to measure tape distance between programs and we had to keep a registry of where every program starts and stops on each cassette. I was also initiated very early to networks, again thanks to my father.

My father was a teacher at Cégep de Chicoutimi. But he was not teaching computers or electronic. He was teaching French! The thing is, he did it in a very innovative way back then, using a program named EGAPO (Enseignement Grammatical Assisté Par Ordinateur ; or Computer-Assisted Grammar Teaching). That program used a Novell network and luckily enough for us, the test program to validate that the network was working properly was a kind of multiplayers pacman-like game. So very soon I knew I would work with computers and I chose engineering when I was still in high school.

During my years at the university, I started helping staff in some of our labs. I once deployed myself the very network all other students had to use to do their school work. I should have too but considering that I deployed the entire network myself, the teacher freed me from doing most of it 😄

While configuring and managing that network, I noticed that people were trying to compromise it. If you did not know, universities's networks are of the most dangerous networks there are! They are full of very competent people with a strong desire to compromise the systems, lot of resources to do it and a first level of access granted by default to many of them. So that was my first experience with IT Security. And I enjoyed the challenge!

Soon after my graduation, I started working with the security team of a financial institution. Back then, the PKI was the big buzzword and was a big part of my job. I also had the opportunity to work closely with a professional cryptanalyst (Luc) as well as a very good pen-tester (Martin). The experience was great.

I then moved to BNP Paribas in Paris, France. It was another great opportunity for me. When I came back after a year, I kept working in IT Security but this time, my employer chose to develop a new service : forensic. As the main actor for it, I worked with bailiffs and lawyers on many cases, up to being an expert witness in Superior Court of Québec.

After that experience, I worked in a few large environments, mostly financial institutions. As an architect, I was responsible to design or validate solutions and ensure they would be properly secured. I was also regularly involved in incident management, either operational or security incidents.

It was in 2019 that I was first exposed to QRadar, the SIEM solution by IBM. Before that, I had to work on a few SIEM projects but with other solutions. Still, every SIEM I saw were the same : producing thousands of worthless alarms day after day, flooding the analysts who were trying to play pick-and-choose to get some value out of this non-sense.

First QRadar console I saw was the same : thousands of worthless alarms out of which there was not much to extract. So much that our main analyst was about to give up on his role and seek another job. He was such a great asset, it would have been very bad to loose him, so I took the matter in my hands.

After an analysis of the situation, I presented the findings to our IT Security Director. The situation was so bad, it would be easier to re-start from scratch instead of trying to fix that mess. He agreed and told me to proceed. It was one of the most exciting challenge I ever had!

I re-designed the entire intelligence in the console and soon enough, the new console was producing nothing but actual cases worthy of being managed. Our analysts worked out these cases, got them fixed and moved to the next ones. The overall security posture was greatly increased.

We had the ultimate proof and success a few months later when the company hired a professional Red Team. Despite all their effort, they were not able to defeat us. After 6 months, the company gave them a corporate laptop and a 2FA token to connect over the VPN. Within 15 minutes the SIEM catched them and one of our analysts had them on the phone.

That success has been at the core of my last few jobs where I helped people re-design and get the best of their SoC.

During all this time, I always did a lot of knowledge transfert, training and mentoring. Security is as strong as its weakest link and more often than not, that weakest link is the human. There is also the fact that nothing is more rewarding than teaching to the one who wishes to learn.

At the end, one never knows what the future is but for me, I can guess that all of this will still be a major part of my reality.