Skip to content
View tsautier's full-sized avatar
360 followers · 1.6k following

Achievements

Achievement: Pull Sharkx2

Achievements

Achievement: Pull Sharkx2

Block or report tsautier

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
tsautier/README.md

SamHan Cybersecurity - Thomas Sautier

Thomas Sautier - SamHan Cybersecurity

WAAP / WAF • PAM • Load Balancing • F5 BIG-IP • Fortinet • WALLIX • NGINX / HAProxy
Nantes, France

Website Email LinkedIn Profile views

CVE-2024-45328 CVE-2024-45326

🚀 About

Cybersecurity engineer focused on application security and critical infrastructure:

  • WAAP / WAF (F5 ASM/Advanced WAF, NGINX App Protect), API Security
  • PAM (WALLIX Bastion), Bastion & SSO
  • Load Balancing / Reverse Proxy (F5 BIG-IP LTM/APM, HAProxy, NGINX)
  • Firewalls & SecOps (Fortinet), hardening, logging, observability
  • Automation & Scripting (Bash, PowerShell, Python)

🔧 What I deliver

  • Architecture & rollout of WAF/WAAP (strict L7, JSON/AJAX, signatures, bot defense)
  • PAM / Bastion: access models, session recording, audits, hardening
  • F5 BIG-IP: LTM/APM, SSO, iRules, HA, upgrades & migrations
  • NGINX / HAProxy: reverse proxy, TLS, HTTP/2–3, OCSP, CSP
  • Automation: CI/CD, IaC, reusable scripts & modules
  • Advisory: vulnerabilities, EoL/EoS, security roadmaps

🧩 Expertise

  • F5 BIG-IP (LTM, APM) • iRules • SSO • Access policies • WAF • HA & upgrades
  • Fortinet (FortiGate best practices, segmentation, logging)
  • WALLIX Bastion (PAM, session recording, policies, audits)
  • NGINX / HAProxy (reverse proxy, TLS, HTTP/3, CSP, OCSP stapling)
  • Observability (L7 logging, SIEM export, dashboards)
  • Hardening / Compliance (TLS, headers, CSP, cipher suites, benchmarks)

🔭 Threat Research & Monitoring

I run continuous security watch (vulns, EoL/EoS, best practices) and contribute to vulnerability research including:

  • CVE-2024-45328
  • CVE-2024-45326

🛠️ Stack & Tools

F5 BIG-IPFortinetWALLIXNGINXHAProxyDebian/UbuntuVMware/Proxmox
Azure/M365DockerGitHub ActionsAnsible
PythonBashPowerShellNode.js
WiresharkOpenSSLOWASPMITRE ATT&CK

Linux Debian NGINX HAProxy Python PowerShell Bash Ansible Docker GitHub Actions

🏅 Certifications (selection)

  • F5 Certified Technology Specialist (CTS) - Application Security Manager (ASM)
  • Fortinet Certified Professional (FCP) - Network Security
  • Fortinet Certified Solution Specialist (FCSS) - Network Security
  • Fortinet Certified Solution Specialist (FCSS) - OT Security
  • WALLIX Certified Expert (WCE)
  • EC-Council - CEH, CHFI v8

🗓️ Availability

Based near Nantes (France, UTC+1/UTC+2) - remote and on-site missions.

Need a quick WAF/LB review or PAM advisory? Email me at thomas.sautier@samhan.fr to book a slot.

🔒 Security Contact & Responsible Disclosure

If you believe you’ve found a security issue, please email security@samhan.fr with details and, if possible, a proof of concept.
I follow a responsible disclosure approach and will coordinate timelines with researchers.

📈 GitHub Insights

Stats Streak

Top Langs

GitHub Trophies

Updated

🤝 Let’s work together

© SamHan - Built with ❤️ and a lot of coffee.

Popular repositories Loading

  1. RoXX RoXX Public

    RoXX (Radius Open eXtensible eXchange). Modern Python-based RADIUS Authentication Proxy for Linux (Docker/Systemd). Supports TOTP, Azure AD, LDAP & inWebo.

    Python 3

  2. github_howto_jsonrpc_api github_howto_jsonrpc_api Public

    Forked from jpforcioli/github_howto_jsonrpc_api

    Python 2

  3. tsautier tsautier Public

    About SamHan and me... Thomas SAUTIER

    2

  4. assemblytutorials assemblytutorials Public

    Forked from DGivney/assemblytutorials

    This project was put together to teach myself NASM x86 assembly language on linux.

    Assembly 1

  5. web-ui web-ui Public

    Forked from browser-use/web-ui

    Run AI Agent in your browser.

    Python 1

  6. de4dotEx de4dotEx Public

    Forked from GDATAAdvancedAnalytics/de4dotEx

    .NET deobfuscator and unpacker.

    C# 1