Bertrand Milot

CISM, CRISC, CRMP, CRMP-F, PCSM, C|CISO, ISO 27001 LA

Senior Manager

Contact

Phone: 514.934.3400, 4702
Address: 1981 McGill College, 11th Floor
Montréal, QC H3A 0G6

Services:

Risk, Performance and Technology Services

Bertrand Milot is a Senior Manager in Risk, Performance and Technology Advisory Services. He has nearly 20 years of experience in cyber security as well as information security, risk and corporate governance management. He has also led several cyber investigations and managed major crises related to cyber security incidents, particularly involving ransomware attacks.

Bertrand conducts thorough risk analyses that take into account both the physical and logical security of information as well as vulnerabilities in terms of people, processes and technology. He draws on his extensive knowledge to render organizations cyber resilient and capable of withstanding emerging threats. He is one of the rare experts able to conduct complete physical and technological barrier tests that include a full range of potential threats.

Over the years, Bertrand has specialized in European and North American financial markets (TMX Group, Euroclear, SA/NV), consulting, aerospace (Bombardier) and banking (Kotio SA, Croesus Finansoft). He taught at Université d'Évry and Polytéchnique Montréal and has authored several articles and speeches on security problems related to cloud services, on cyber bullying in a corporate setting and on the challenges of protecting personal and corporate data.

Areas of Expertise

  • Strategy governance and risk and security management programs (GRC and ISMS)
  • Security Information and Event Management (SIEM)
  • Intrusion detection and prevention system (IDS/IPS)
  • End-user protection solutions (anti-virus, anti-malware, anti-ransomware, HIDS)
  • Vulnerability assessments (VA and penetration tests)
  • Encryption management or certificate authority system (PKI/HSM)
  • Access management tools (IAM)
  • Financial markets
  • Banks and fintech companies
  • Aerospace and transportation
  • Energy and heavy industries
  • Medical and pharmaceutical
  • Web and e-commerce

 Certification planning

  • PCI DSS
  • COBIT5
  • ISO 27001 and 31000
  • NIST800-53
  • CIS CSC (SANS)
  • SANS CyberFramework
  • SSAE3416

Professional and community involvement

Lecturer on cyber security and risk management, Since 2012

  • OIQ – Ordre des Ingénieurs du Québec
  • OAGQ – Ordre des arpenteurs-géomètres du Québec
  • ISACA – Information Systems Audit and Control Association
  • ASIMM – Association de sécurité de l’information du Montréal métropolitain
  • Évènements Les Affaires

Columnist specialized in matters of IT and security, Since 2015

  • HRM Facteur H
  • TC Finance Investissement

Member of professional associations, Since 2010

  • ISACA Montréal
  • ASIMM
  • ASIQ

Training

  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information System Controls)
  • CRMP (Certified Risk Management Professional)
  • CRMP-F (Certified Risk Management Professional – Finance)
  • PCSM (Professional Cloud Security Manager)
  • C|CISO (Certified Chief Information Security Officer)
  • ISO 27001 LA (ISO 27001 Lead Auditor)
  • Certificate, Cyber Fraud, Université de Montréal, 2016 
  • DESS (equivalent of master’s degree) Université Vincennes-Saint-Denis (Paris VIII), 2004 
  • DEUG (general academic studies degree) Université Panthéon Assas (Paris II), 1998