About · Founder

Aroua Biri

Founder of WeeSec. Engineer-doctor in cybersecurity, MIT Applied AI certified. 15+ years driving cybersecurity and AI security at scale across banking, energy, defense, retail and luxury.

Paris, France 15+ years experience French · English
Aroua Biri — founder of WeeSec, engineer-doctor in cybersecurity

I run all WeeSec engagements myself. No commercial intermediary, no junior outsourcing. The combination of an academic foundation in cybersecurity (doctorate Télécom SudParis, 2009), a recent applied AI training (MIT Professional Education) and 15+ years working with the most regulated organizations in France makes for an unusual profile in 2026 — able to read both the technical and compliance dimensions of an AI security or DevSecOps engagement simultaneously.

Background in brief

  • Doctorate in cybersecurity — Télécom SudParis, 2009. Research on intrusion detection.
  • MIT Applied AI — MIT Professional Education, 2024. Applied AI for cybersecurity contexts.
  • ISO 27001 Lead Auditor — certified 2012.
  • 15+ years operational cybersecurity across BNP Paribas, Société Générale, ENEDIS, Engie, TOTAL, LVMH, Thales, AXA, EDF, L'Oréal, Allianz, Galeries Lafayette, Suntory.

Education and certifications

  • Doctorate in computer science — Télécom SudParis (2009)
  • Engineer's degree — Institut Mines-Télécom
  • Master's degree in computer science — Université Pierre et Marie Curie (Sorbonne)
  • MIT Professional Education — Applied AI (2024)
  • ISO 27001 Lead Auditor (2012)
  • Continuing certifications on cloud security (AWS, Azure, GCP), AI security, GDPR.

Domain expertise

AI security

Threat modeling LLM aligned with OWASP LLM Top 10 and NIST AI RMF Generative Profile. Prompt injection (direct and indirect), jailbreak, agent hijacking, RAG security, multi-tenant isolation. Practical hands-on with Claude Agent SDK, LangGraph, AutoGen. Familiar with Anthropic, OpenAI, Mistral, Google production deployments. ISO 42001 lead implementer.

Cybersecurity

15+ years driving CISO engagements, security audits, certifications (ISO 27001, ISO 42001, SOC 2, PCI DSS), incident response, threat intelligence. Vendor-neutral by principle. Deep familiarity with French and EU regulatory landscape (CRA, AI Act, NIS2, DORA, GDPR, ANSSI guidelines).

DevSecOps

Designing and operationalizing security in CI/CD pipelines: SAST (Semgrep, Snyk Code), DAST, SCA, secret detection (gitleaks, trufflehog), IaC scanning (Checkov, TFSec), SBOM (Syft, cdxgen, SPDX, CycloneDX), Sigstore signing, supply chain hardening, secret rotation (Vault, Terraform).

Media appearances and publications

Regular speaker at French and European cybersecurity conferences (CESIN, FIC Lille, Forum International de la Cybersécurité). Publications on AI security and EU regulation in industry publications. Active member of CEFCYS (Cercle des Femmes de la Cybersécurité) and OWASP Paris Chapter.

Professional posture

WeeSec engagements follow three principles: independence (no vendor partnerships, no resale commissions), method (frameworks aligned with ISO/NIST/OWASP, traceable deliverables), discretion (NDA before any technical discussion, references on request only).

I work with companies that take security seriously without over-investing in slideware. The minimal engagement is a 20-minute scope call, free, used to qualify the actual need before any commercial proposal.

Direct contact

A topic to discuss?

A 20-minute scope call. No cold commercial pitch.

Book on Calendly