PC: Your career has been marked by a passion for mathematics and extensive international experience. How have these elements shaped your approach to cybersecurity?

AC: My background is indeed a mix of engineering, pure mathematics, and international experience. It all started at Supélec, on the Rennes campus, where I specialized in signal processing. But it was in the United States, while working on a PhD in mathematics focusing on partial differential equations, that I became deeply imbued with the attention to clarity and rigor that is essential in this discipline, and that I developed my ability to model complex problems.

After completing my thesis, I did a series of postdoctoral fellowships in Germany (Bonn, Leipzig) and the United Kingdom (Edinburgh, Warwick). These experiences taught me to change my perspective and adapt to different scientific environments. But it was around 2018, while exploring statistics and then machine learning, that I discovered cybersecurity, almost by chance, through the podcast “Security Now!” At the time, the importance of the cloud and the challenges it posed were becoming more visible to the general public, of which I was then a part. I was immediately interested in security vulnerabilities.

PC: Why did you choose to specialize in homomorphic encryption and the cloud?

AC: Homomorphic encryption is a fascinating technology: it allows calculations to be performed on encrypted data without ever having to decrypt it. For a mathematician, it’s an ideal playground, because it’s based on very elegant theories and offers tools that are particularly well suited to the field. At the CEA, I joined a team working on this technology because it offers a concrete solution to a major challenge: how to outsource sensitive data to the cloud without compromising its confidentiality.

For example, imagine that several hospitals want to collaborate to improve a medical diagnosis model. Thanks to homomorphic encryption, they can aggregate their data securely, without ever exposing it. The cloud is the natural environment for deploying these solutions, as it allows resources and skills to be pooled on a large scale.

• TRUSTINCloudS: Orchestrating efforts for a more secure and sovereign cloud

PC: As co-pilot of TRUSTINCloudS, what is your role and what methods do you use to achieve the project’s objectives?

AC: My role is primarily human and strategic. I am not a technical expert in the cloud, but my experience in project management and scientific facilitation allows me to ask the right questions: Are we aligned with the objectives? Have we clearly identified the challenges? My goal is to bring everyone together, clarify the issues, and ensure that each partner is moving in the right direction.

My methodology is based on an approach I developed in mathematics: asking questions to understand, clarify, and reduce uncertainty. I ask questions, sometimes naive ones, to encourage teams to take a step back and think about the interactions between their work. The idea is not to direct, but to facilitate communication and ensure that everyone sees how their work fits into the overall project.

PC: What are the main challenges you have identified in the context of TRUSTINCloudS?

AC: Adopting new technologies: The cloud is a complex ecosystem, with infrastructure that is often obsolete. Users and developers need to be convinced to change their habits, which is no easy task, especially since any change involves a cost in terms of resources and time.

System heterogeneity: The cloud is a puzzle of platforms, frameworks, and software. It is not a question of rebuilding everything, but of evolving what already exists, for example to integrate compliance by design and security by design.

The human factor: Safety depends not only on technology, but also on practices and team training.

PC: How do you envision collaborating with the project members?

AC: I draw inspiration from my experience in mathematics, where precision and clear objectives are essential. My role is to raise the right issues, clarify objectives, and ensure that everyone is moving in the right direction. For example, I can guide teams to see how their work fits in with that of others. By asking simple questions, I can help them identify synergies and better understand the impact of their work on the overall project.

• European sovereignty: a crucial issue for the future of the cloud

PC: Why is European sovereignty so important to you?

AC: Digital sovereignty is a vital issue. Today, the cloud is largely dominated by non-European players. To remain relevant, we must consolidate our strengths at the French and European levels. TRUSTINCloudS is a key step: it is about showing that Europe can innovate, lead the way, and impose its standards in terms of security.

This is not a question of political conviction, but of geopolitical reality. We have the skills, the infrastructure, and the will: it is time to act. Europe must rise to the challenge of cloud security in order to remain relevant on the international stage.

PC: How will you measure the success of the project?

AC: Success will be measured by the impact of our work: will our solutions be adopted in other projects? Will we be able to forge new partnerships, particularly at the European level? The PEPR (Priority Research Programs and Equipment) represent a major opportunity to position France as a leader in cybersecurity. If our results inspire European initiatives, it will be a collective victory.