Posted by The Research Chair in Cyber Defense and Personal Data Protection (Cybpro) is organizing a summer school in cyber defense dedicated to IT professionals and students who wish to deepen their knowledge of IT security and cyber defense, access practical training and laboratories, and improve their skills to meet the needs of the job market.
The summer school will be held from June 2 to 4 at the University of Quebec in Chicoutimi.
Instructor
Jonathan Roy is a professor of cybersecurity at the University of Quebec at Chicoutimi (UQAC)
and has over 20 years of experience in both industry and academia in the design, security, and evaluation of software systems. Before joining academia, he led security architecture initiatives for largeorganizations across various sectors, developing expertise in enterprise security, cloud infrastructure, and risk management. He is interested in using explainable artificial intelligence (XAI) to automate key cybersecurity tasks for software and AI systems, including risk assessment, vulnerability prioritization, and incident identification.
Vincent Bureau is an expert in data governance, privacy protection and information security, Vincent is the founder of DPOsolutions and a lecturer at UQAC.
Having graduated in 2011 with a master’s degree in computer science in France from the INSA Centre-Val-de-Loire engineering school, Romain has since held positions as a researcher, security architect, project manager, security evaluator, pentester and cybersecurity researcher in several organizations of varying sizes, including Airbus Defence and Space, the French Ministry of the Interior, Hitachi Energy, Oppida and GoSecure.
For over ten years, Romain developed offensive security skills in IT services companies as a penetration tester and security assessor. As an ethical hacker at GoSecure, Romain worked on a variety of projects, allowing him to delve into many aspects of cybersecurity, with a particular interest in industrial control systems (ICS) and embedded systems (IoT). As a cybersecurity researcher at Hitachi Energy, Romain contributed to the security of power grid products through vulnerability research, discovering more than 20 zero-day vulnerabilities.
Romain considers himself a generalist, but is generally more attracted to the technical aspects of cybersecurity, particularly low-level concepts such as the inner workings of operating systems and security protocols.
Adel has worked in cybersecurity for over 15 years and has a strong background in computer engineering. Before specializing in cybersecurity, he worked for seven years as a software developer, which
gave him a deep technical understanding of the systems he now secures. He currently holds the position of Cybersecurity Architect and Leader at Ericsson, where he mentors teams and collaborates closely with stakeholders on security-related issues.
Throughout his career, he has contributed to the development of security strategies, supported teams in implementing best practices, and shared his expertise to train other professionals in the field.
Among the accolades he received, he was awarded the Bravo Award at Bell, the company’s highest honor, highlighting his key role in a major IoT security project.
Adel is driven by constant curiosity, strong determination, and a commitment to continuous improvement. He values teamwork and places ambition at the heart of his professional approach, with the goal of advancing cybersecurity in a sustainable and collaborative way.
Elyes Manai obtained a research master’s degree in web intelligence from the Higher School of Digital Economy (Tunisia) in 2018, and then a PhD in computer science from Laval University in 2025. His research focuses on the application of artificial intelligence to
cybersecurity, including explainable AI (XAI), model auditing, secure AI pipelines, and model reliability.
Professor Manai holds the title of Google Developer Expert in Machine Learning (ML GDE), a designation awarded by Google to only 200 AI specialists worldwide. He has also been a deep learning instructor at NVIDIA, a technical mentor at the Google for Startups accelerator, a co-founder of the PyData Tunisia community, and the leader of the Facebook Developer Circles Tunisia community. He has delivered over 200 AI-related talks, workshops, and training sessions in Canada and internationally, in academic, industrial, and community settings. He is also actively involved in AI outreach, mentoring, and knowledge transfer.
For over ten years, Romain developed offensive security skills in IT services companies as a penetration tester and security assessor. As an ethical hacker at GoSecure, Romain worked on a variety of projects, allowing him to delve into many aspects of cybersecurity, with a particular interest in industrial control systems (ICS) and embedded systems (IoT). As a cybersecurity researcher at Hitachi Energy, Romain contributed to the security of power grid products through vulnerability research, discovering more than 20 zero-day vulnerabilities.
Romain considers himself a generalist, but is generally more attracted to the technical aspects of cybersecurity, particularly low-level concepts such as the inner workings of operating systems and security protocols.
Mathieu graduated in 2018 with a bachelor’s degree in computer science. For over three years, he helped secure an American telecommunications company, identifying vulnerabilities worth over $1.1 million. At the end of this period, the company felt it was mature enough to launch a bug bounty program, which Mathieu took charge of. His efforts led to the discovery of numerous critical vulnerabilities, including cross-site scripting (XSS), server-side request forgery (SSRF), and remote code execution (RCE).
Committed to continuous improvement, Mathieu collaborated closely with the remediation teams to ensure rapid and thorough vulnerability management. He has practical experience in simulating complex attacks, including ransomware and cryptolocker scenarios, as well as advanced exploitation techniques such as privilege escalation and data exfiltration.
Constantly seeking to deepen his expertise, he regularly pursues new training opportunities. His code review skills have been strengthened by several research projects. Mathieu remains committed to offering innovative solutions to protect organizations against emerging threats, enabling them to maintain the security of their operations and focus on their core business.
| Workshop schedule | Day 1 – June 2, 2026 | Day 2 – June 3, 2026 | Day 3 – June 4, 2026 |
|---|---|---|---|
| 9:00 AM to 12:00 PM | Modern approaches to DevSecOps. Instructor : Jonathan Roy |
Introduction to internal penetration testing. Trainers : Romain Carnus and Mathieu Novis |
Cybersecurity threat modeling and personal data protection. Instructor : Adel Tayeb-Cherif |
| 2:00 PM to 5:00 PM | Security compliance with a DevSecOps process. Instructor : Vincent Bureau |
Ethical hacking and advanced penetration testing. Instructors : Romain Carnus and Mathieu Novis |
The use of AI in cybersecurity. Instructor : Elyes Manai |
Modern approach to DevSecOps (by Jonathan ROY) : We will cover practical tasks related to the automated and continuous integration of security into the software development lifecycle. The session will include a theoretical component followed by a hands-on activity. It is designed for beginners but may include more advanced elements depending on the participants’ skill levels.
Security compliance with a DevSecOps process (by Vincent BUREAU) : Faced with the discontinuous rise of threats posed by digital hardware and software, the
European Cyber Resilience Act (CRA) provides a response by addressing two major problems:
- The low level of cybersecurity of products associated with vulnerabilities generalized,
- Lack of user control.
Based on a case study of a Canadian company offering medical technologies to the European
market, students will have to review the company’s product portfolio according to the CRA
classification and define a compliance program including a DevSecOps process.
Introduction to pentesting and ethical hacking and advanced penetration testing (by Romain CAMUS and Mathieu NOVIS) : Introduction to internal penetration testing: This training aims to familiarize participants with classic attack techniques targeting an enterprise Windows environment. The first theoretical section will cover some key concepts related to Active Directory, network protocols, and attack vectors. The second part will be entirely practical, with exercises in a virtual environment.
Cybersecurity threat modeling and personal data protection.(by Adel Tayeb-Cherif) : We will use Data Flow Diagrams (DFDs) as our primary visualization tool to represent the components of a system, their interactions, and data flows.
Based on these DFDs, two complementary approaches will be applied:
- STRIDE, a framework for identifying key threats in terms of computer security.
- LINDDUN, a specialized method for analyzing risks related to the protection of personal data.
Educational Objectives :
- Understand the importance of threat modeling in the lifecycle of developpement.
- Master the basics of DFDs to represent system architectures.
- Methodically apply STRIDE to analyze security-related threats.
- Apply LINDDUN to assess risks affecting data protection personal.
- Know how to propose mitigation measures for the identified risks.
Target audience:
This training is aimed at developers, architects, security managers, and anyone involved in the design or evaluation of computer systems who are concerned with integrating security and the protection of personal data from the earliest stages of development.
The Use of AI in Cybersecurity (by Elyes MANAI) :
This training offers an introduction to the analytical, statistical and algorithmic approaches used to
detect and characterize malicious behavior.
Leveraging specialized cybersecurity datasets to build classification models, anomaly detection, and automated
event log analysis. We will address concrete intrusion detection tasks with both a technical approach
(preprocessing, model training) and a strategic approach (results interpretation, optimization). The session will
include a theoretical component followed by a practical activity.