Career · Jun 2025 - Aug 2025

Wintics

Operational Security Intern

Paris, France

Built an Ansible/Python hardening and audit tool for Ubuntu systems, aligned with CIS and ANSSI guidance, while contributing to Cityvision and Visionary product improvements.

Tools

CISANSSIVLM

01Operational Context

Wintics deploys local video-analysis systems on customer-hosted Ubuntu machines, sometimes without Internet access. The internship focused on reducing host attack surface while preserving the operational behavior required by Cityvision deployments.

02Hardening Tool

I designed a modular hardening tool around Ansible roles for CIS and ANSSI recommendations, with task tags and exclusions for selective execution. A Python CLI wrapped the playbooks so operators could enable rules, check status, and launch audits through a documented command interface.

03Auditing & Reliability

The tool integrated automated audits for services, firewall state, critical file permissions, and kernel parameters. I added status caching to avoid rerunning unchanged checks and batched handler execution to reduce repeated service restarts and configuration reloads.

04Compatibility Work

The Ubuntu 24 migration surfaced stricter Python package isolation and Ansible interpreter issues. I investigated the compatibility path around virtual environments and ansible_python_interpreter so deployment automation could continue to run predictably.

05Product Contributions

Alongside the hardening project, I automated VLM model integration in the Cityvision installation flow, investigated Ubuntu 24 compatibility around Python virtual environments and Ansible interpreter selection, and improved the Visionary frontend with internationalization and chat cleanup features for sales demonstrations.

Work evidence

Screens & artifacts

Team

Wintics team

Team photo from the Wintics internship.

Product context

Cityvision analysis setup

The Wintics platform configures video analytics directly on camera streams, with zones and trajectories drawn over live footage.

Generated indicators

The operational environment depended on local video-analysis deployments, making host hardening part of product reliability.

Hardening CLI

Terminal output showing harden CLI general help with ANSSI, CIS, and Wintics commands

Python CLI entrypoint

The harden command wrapped Ansible roles behind documented subcommands for operators.

Terminal output showing harden CIS help commands for enable, disable, audit, and status

CIS command surface

The CLI exposed role-specific commands to enable checks, inspect status, and launch audits without manually invoking playbooks.

Terminal output showing harden CIS enable options for level, rule, exclude-rule, and dry-run

Selective rule execution

Operators could target levels or individual rules, exclude problematic checks, and preview execution with dry-run mode.

Audit evidence

Terminal output showing hardening status table with rule identifiers and compliance state

Compliance status

Status output grouped CIS controls by chapter and displayed rule-level compliance results.

Terminal output showing detailed audit checks for systemd journal remote authentication

Detailed audit trace

Audit mode showed the commands and assertions used to verify whether hardening rules were correctly applied.

Visionary frontend

Visionary interface in French with language selector

French interface

Visionary frontend work included internationalization for product demonstrations.

Visionary language menu switching between French and English

Language switcher

A lightweight language selector made demos more accessible to different audiences.

Visionary interface translated into English

English interface

The same interface could be rendered in English for client-facing presentations.

Visionary chat interface showing image and video prompts with multimodal model responses

Conversation management

The chat workflow supported multimodal demonstrations and was improved with conversation cleanup controls.