Author

Thomas Ferreira

Security Engineer

CISSPGCFAGCIHGCFE

CISSP-certified and holding multiple GIAC certifications (GCFA, GCIH, GCFE), Thomas specializes in security incident management and digital forensic analysis. He designs the phishing simulation scenarios and AI analysis engines at nophi.sh, drawing on over a decade of hands-on experience in cyber incident response.

Areas of expertise

Phishing simulationIncident responseDigital forensicsNIS2 complianceISO 27001Social engineering

Professional certifications

CISSPISC²

Certified Information Systems Security Professional - issued by ISC², the global benchmark in information security.

GCFAGIAC / SANS Institute

GIAC Certified Forensic Analyst - specialization in advanced forensic analysis and incident response.

GCIHGIAC / SANS Institute

GIAC Certified Incident Handler - expertise in security incident management and threat detection.

GCFEGIAC / SANS Institute

GIAC Certified Forensic Examiner - skills in digital investigation and evidence collection.

Thomas Ferreira

Professional certifications

Published articles

10 French SMEs That Got Hacked: Real Stories That Should Keep You Up at Night

Free, SFR, Orange, Bouygues: French Telecom Operators Under Siege from Cyberattacks

CEO Fraud and Targeted Phishing: The Most Costly BEC Cases in France

The Real Cost of Ransomware in France: Hard Numbers, Case Studies, and Ground-Level Reality

Health Data: Why It Is the Number One Hacker Target in France

CNIL: The 20 Biggest GDPR Fines in France (and What They Teach Us)

Cyberattacks on French Hospitals: An Alarming Track Record (2019-2026)

Viamedis and Almerys: 33 Million French Citizens Exposed by a Flaw at Two Health Insurance Processors

The 50 Largest Data Breaches in France (2020-2026)

France Travail: 43 Million Records Stolen - A Complete Analysis

Email security for SMBs: why testing SPF, DKIM and DMARC is urgent

How to Trace the Origin of a Suspicious Email Using Headers

Why a Simple E-Learning Module Is No Longer Enough to Train Your Teams on Cybersecurity

Cybersecurity training vs phishing simulation: what's the difference, and what actually works?

Phishing simulation for businesses: a practical 2026 guide

Phishing Psychology: Why the Smartest People Still Click

Malicious QR Codes, Voice Deepfakes, Trap SMS: New Forms of Phishing in 2026

KnowBe4 vs French Solutions: What SMBs Need to Compare

How to Choose a Phishing Awareness Solution in 2026

Does Your Cyber Insurer Require Proof of Employee Training?

Phishing Click Rate: Industry Benchmarks and How to Reduce It

What a Cyberattack Really Costs an SMB with 50 Employees

Cybersecurity Awareness ROI: How to Convince Your Management

Business Phishing: 2026 Statistics, Real-World Examples, and Solutions

How to Train Your Employees on Cybersecurity: A Complete Guide for SMBs

Published guides

How to Analyze Email Headers: A Practical Guide for Security Teams

How to Configure SPF, DKIM, and DMARC: The Complete Guide to Protecting Your Email Domain

How to Spot a Fraudulent Email: 9 Warning Signs Your Employees Must Know

What to Do After a Phishing Attack: Complete Incident Response Guide

NIS2 Compliance for SMEs: Obligations, Penalties, and Complete Checklist