Go directly to the content of the page Go to main navigation Go to research
Back home

A series of portraits of VINCI Energies employees. They hail from a whole range of backgrounds and personal career paths, and work around the world in one of the multiple business activities that allow VINCI Energies to prosper.

Back home

Bertrand Leclerc on high alert

A pure “home-grown” product of VINCI Energies, where he began as a student intern 25 years ago, its cybersecurity director is a keen ultra-trail runner who combines endurance and vigilance to protect an international group constantly exposed to cyber threats.

On 28 August 2026, Bertrand Leclerc will be taking part in the incredibly demanding Ultra-Trail du Mont-Blanc. This event involves 174 km of running and 9,900 m of elevation gain. For the VINCI Energies cybersecurity director, this passion for ultra-trail, which in October 2024, took him to Reunion Island to run the Diagonale des Fous – an event renowned for its extreme conditions, is also a way to raise money for the VINCI Energies-supported charity Mécénat Chirurgie Cardiaque. “Through this partnership, I get to combine a social commitment with a passion that allows me to disconnect from a job that can at times be quite anxiety-inducing,” he explains.

An attack every second

The pressure inherent in taking responsibility for cybersecurity at a group like VINCI Energies becomes clear when you know that it sustains on average one cyberattack per second and that its teams have to manage approximately 55,000 events (computing operations within the Group) in the same interval.

Bertrand Leclerc can call on a battle-hardened team, which he has built up since the VINCI Energies cybersecurity department was created in 2018. “There were four of us in the beginning, and we are now a team of 50 working out of two sites in Le Mans and Saint‑Denis,” he says. “We started with a clean slate from which to create our ‘Follow the Sun’ strategy, which enables us to operate 24 hours a day, 7 days a week, with posts in Canada and Australia, and to cover the Group’s 2,200 or so business units in 61 countries.”

“We operate 24 hours a day, 7 days a week, to cover the Group’s 2,200 business units in 61 countries.”

These 50 employees are organised in four teams. The first and largest of these is charged with detecting and responding to cyber threats, day and night. The second is devoted to implementing best practice in cybersecurity. The third ensures the Group’s compliance with regulations and standards such as ISO 27001. The fourth team’s mission is to spread “cyberculture” throughout VINCI Energies -for example by organising phishing tests and crisis simulations- and to organise the 60-strong PISO -Pole Information Security Officer- network, which spans the world and provides cybersecurity expertise at the local level.

Automating processes

There is no shortage of jobs to be tackled. In addition to governance and upskilling the PISOs, which he deems a “constant priority”, Bertrand Leclerc is currently managing two major projects. “We are working to automate cybersecurity processes. Given the volume of events to be managed, human intervention alone will never be enough. We are therefore using AI to identify incidents.”

To give an example of a suspect operation: a user logs in to his email in France at 8:00 a.m. then a new login to the same account from the United States is detected at 8:01. The AI, under human supervision, can then launch an automated procedure to block the account and alert the user.

“But when we use AI, we also have to think about how to protect it,” says Bertrand Leclerc. “This is another area we are working on, developing a ‘Security by Design’ strategy. The aim is to ensure that the AI is working from reliable – by which I mean internally certified – data, and that it doesn’t present any vulnerabilities.”

Another priority for the VINCI Energies cybersecurity team is compliance with the different regulations around the world, and particularly in Europe with the AI Act and NIS 2 Directive.*

Reducing the environmental impact

Bertrand Leclerc does not underestimate the environmental impact of his team’s activity. “In ecological terms, cybersecurity is clearly not neutral, given the massive quantity of data being processed. But over the past four years, our Sustainable IT team has been minutely screening all our projects to reduce their footprints.”

For example, computers and phones, which were previously replaced every three years, will no longer have a predefined lifetime, provided they can be kept up-to-date. “Also, by favouring resilient infrastructure, we reduce new equipment purchases, and thus reduce our carbon footprint.”

“A pure VINCI Energies product”

Since his January 2025 appointment as the head of the Cybersecurity Department, Bertrand Leclerc has been able to measure his progress in terms of the business processes implemented and also on a personal level. Since joining the Group as a student intern in 2001, Bertrand Leclerc, who describes himself as “a pure VINCI Energies product”, has worked at every level, from support technician to manager of the ERP architecture and information systems security team. Today, as the cybersecurity director, his area of responsibility has expanded to include strategy, human resources, the environment and budget management.

At the age of 43, he feels he still has a great deal to learn in a job he loves, one in which the relationships and psychological aspects are as important as technical expertise. “In this sector, the ground is perpetually shifting. We have to maintain constant awareness of the latest topics, such as AI. In addition to the solidarity and regular liaison with the ten directors at VINCI Energies Information Systems, our close collaboration with Axians, the VINCI Energies ICT brand, is a real asset, especially in terms of cyberattack detection tools. And we are fortunate to be working on cross-business issues that affect every department, in an international group with multiple business lines, which has made cybersecurity one of its priorities.”

For Bertrand Leclerc, cybersecurity is like a permanent ultra-trail: unpredictable terrain with attacks rising like a series of hills to conquer through constant, unwavering vigilance. In this long-distance race where giving up is not an option, the only things that count are endurance, lucidity and the ability to adapt. All the way to the finish line.

The AI Act is European legislation that introduces a common regulatory and legal framework for artificial intelligence in the European Union. The Network and Information Security 2.0 -NIS 2- Directive re-examines and extends the requirements of the previous cybersecurity directive.

05/20/2026

Find out more

From store to site: the essence of a successful transformation

Jamie Kauffeld: on the finance fast track

A taste for sharing, a collective appetite

A passion for knowledge-sharing