About Michel Kinasz
About
Michel Kinasz — Security Architect
I design and harden security architectures for organizations where failure is not an option — central banks, payment networks, defense contractors, and critical infrastructure operators.
Over 30 years I have worked at every layer of the stack: biometric national ID systems, smart card cryptographic middleware, DRM and content protection, mobile payment certification, central bank digital currency, embedded router operating systems, and post-quantum cryptography migration. I hold a Canadian security clearance.
Today my practice focuses on three areas where these threads converge:
- AI Security Architecture — threat modeling AI-integrated systems in regulated environments, adversarial resilience, and compliance
- Cryptographic Modernization — FIPS 140-3 validation, Common Criteria readiness, post-quantum migration (ML-KEM, SHL-DSA), and white-box cryptography
- Regulated Payment & Embedded Security — PCI-MPoC certification, CBDC endpoint protection, and embedded OS hardening
Selected Engagements
Ciena — Senior Security Engineer (2025–Present)
Strengthening the security posture of network routing infrastructure. Led the migration to OpenSSL 3.5.0 with FIPS mode and approved entropy sources. Enabled full ASLR across all router OS executables. Supporting FIPS 140-3 lab review and Common Criteria readiness assessment. Configured and validated cryptographic compliance across an embedded Linux (Yocto) platform.
Bank of Canada — Mobile Security Architect (2022–2025)
Architected mobile endpoint security for the Canadian Central Bank Digital Currency (CBDC) initiative. Defined mobile platform security principles, led system-level threat modeling (STRIDE, FAIR), and implemented a non-custodial digital currency wallet proof of concept. Evaluated mobile threat defense products and researched AI-automated threat analysis using MITRE ATT&CK and GPT-4.
Amadis — Senior Software Architect (2019–2022)
Designed and led the implementation of a PCI-MPoC certified mobile payment acceptance platform. Built a mobile threat defense SDK, produced certification documentation, and managed security laboratory engagements (Riscure, UL). Provided presales architecture support for customer-facing deals.
Irdeto — Principal Software Engineer (2011–2019)
Eight years building application protection and security infrastructure for DRM and IoT products. Designed a Linux Security Module (LSM) for kernel-level IoT threat monitoring. Implemented X.509 trust chain validation, maintained white-box cryptographic key management for set-top box provisioning, and built a multithreaded DRM notification subsystem for mobile platforms.
Earlier Career (1993–2011)
- MXI Security — Led development of multi-factor biometric authentication for encrypted storage devices
- CryptoMetrics — Built biometric travel document validation for a major airline
- ImageWare / BioDentity — Digital identity management (PIV, ICAO ePassport); architected a passport issuance blacklisting system
- ActivCard — Designed cryptographic middleware (PKCS#11, MS CSP) for high-security single sign-on
- Gemalto — Led smart card embedded loyalty applications and digital signature certification
- Schlumberger — Designed payment stack for point-of-sale terminals
- Sagem Morpho — Core developer for national biometric ID card systems deployed in two countries
- Photonics Research — Digital imaging systems for high-frame-rate cameras (first role)
Credentials & Standards
| Category | Detail |
|---|---|
| Security Clearance | Active Canadian government security clearance |
| Education | BSc Computer Science — University of Compiègne, France (1992) |
| Languages | French (native), English (full professional proficiency) |
| Certification Standards | FIPS 140-3, Common Criteria, PCI-MPoC, PCI-DSS, VISA security |
| Frameworks | MITRE ATT&CK, STRIDE, FAIR, OWASP MASVS, NIST CSF |
| Cryptography | OpenSSL, MbedTLS, WolfSSL, white-box crypto, HSM/TPM, PKI/X.509, PKCS#11, post-quantum (ML-KEM, SHL-DSA) |
| Platforms | Android (NDK/SDK/JNI), iOS/Swift, embedded Linux (Yocto), Linux kernel modules |
| Core Languages | C, C++, Python, Kotlin, Java, Rust |
How I Work
I operate as a senior technical advisor, not a staff augmentation resource. Typical engagements include:
- Architecture reviews — security design assessment for a new system or certification target
- Cryptographic migration — planning and executing transitions to FIPS-validated or post-quantum algorithms
- Certification support — documentation, lab coordination, and technical Q&A for FIPS 140-3, Common Criteria, or PCI-MPoC
- Threat modeling — structured analysis (STRIDE/FAIR/ATT&CK) with actionable risk prioritization
- AI security advisory — threat assessment for AI/ML integration in regulated products
Let’s Talk
If you are navigating a cryptographic migration, preparing for certification, or designing security architecture for a regulated product, I can help.
Contact me to schedule a consultation.