EDF Entrusts Cybersecurity Lot to Ascent Formation: A Strategic €7M Partnership

A Major Contract to Strengthen Critical Infrastructure IT Security

Ascent Formation wins a strategic contract with EDF for the design and delivery of advanced IT cybersecurity training. This IT market, with a duration of 6 years and a budget of 7 million euros, aims to strengthen the operational capabilities of the IT and security teams of the French energy group.

This agreement is part of a global approach to securing critical information systems and demonstrates the growing importance of cybersecurity training for large organizations.

Objective: Transform Threat Detection and Response Capabilities

The training program designed by Ascent Formation targets three key objectives:

• ▸Strengthen incident detection: Train teams to quickly identify weak signals and abnormal behaviors in network environments.
• ▸Improve threat analysis: Develop skills in forensic investigation and security event correlation.
• ▸Accelerate operational response: Implement effective cyber crisis management procedures, particularly critical in the context of energy infrastructures.

To achieve this, the program relies on realistic scenarios reproducing concrete cyberattack situations and modules specifically designed to counter current threats in the cyber landscape.

A Training Program Covering All Cybersecurity Domains

The training offered by Ascent Formation covers a wide spectrum of IT security skills:

Identity and Access Management (IAM)

Mastery of authentication and access control principles in complex environments.

Code Audit and Application Security

Identification of vulnerabilities within critical applications.

SCADA Cybersecurity and Industrial Information Systems

Securing automation and industrial control systems essential to the energy sector.

Applied Cryptography

Understanding encryption mechanisms and protection of sensitive data.

Vulnerability Management

Detection, classification and treatment of security flaws.

DevSecOps

Integration of security into development and deployment cycles.

Standards and Compliance (ISO 62443)

Compliance with cybersecurity standards applicable to industrial systems.

Red Teaming and Penetration Testing

Attack simulation to assess defense robustness.

Security Architecture

Design of resilient and secure IT systems.

Pedagogy Centered on Practice and Experience Sharing

The program's strength lies in an experiential pedagogical approach. Training combines operational situations and experience sharing, allowing participants to immediately apply learned concepts.

Particular emphasis is placed on cyber crisis management in critical environments. This dimension is essential for the energy sector, where issues related to service availability and prevention of security incidents are major.

A Highly Qualified Audience: Senior Expert Profiles

The program targets senior security professionals at EDF, including:

• ▸SOC analysts (Security Operations Center) responsible for 24/7 system monitoring.
• ▸SIEM experts responsible for correlation and analysis of security events.
• ▸Resilience specialists ensuring service continuity in the face of incidents.
• ▸Digital forensics experts investigating security incidents.

This focus on senior profiles ensures immediate impact and skills development for the most strategic teams.

Context: Strategic Importance of Cybersecurity for Critical Infrastructures

The energy sector faces a constant increase in cyber threats. Critical infrastructures, including power plants and electricity distribution networks, have become preferred targets for increasingly sophisticated malicious actors.

Threats Facing the Energy Sector

Ransomware attacks: Blocking of operational systems with ransom demands Industrial espionage: Theft of sensitive data and intellectual property Sabotage: Intentional disruption of production and distribution infrastructures APT (Advanced Persistent Threats): Stealthy and prolonged intrusions into networks

Faced with these risks, EDF has chosen to invest massively in training its teams, recognizing that the human factor remains the essential link in the security chain.

A Partnership Aligned with Digital Sovereignty Issues

This contract is part of a broader strategy of digital sovereignty and re-internalization of critical skills. By training its internal teams rather than outsourcing these sensitive missions, EDF:

• ▸Maintains control of its information assets
• ▸Develops lasting internal expertise
• ▸Reduces its dependence on external service providers on strategic subjects
• ▸Strengthens its reaction capacity in the face of incidents

Philippe Lambert, EDF CISO, specifies: "Cybersecurity is not a function that can be entirely delegated. It must be mastered internally, at all levels. This partnership with Ascent Formation allows us to develop the advanced skills we need to protect our critical infrastructures."

Why Ascent Formation?

The choice of Ascent Formation is explained by several differentiating factors:

Recognized Technical Expertise

More than 15 years of experience in cybersecurity training for large public and private organizations.

Expert Trainers

Active consultants in cybersecurity, bringing field vision and up-to-date knowledge of real threats.

Pedagogy Adapted to Senior Profiles

Learning methods centered on real case studies and peer exchange rather than theoretical transmission.

Adaptation Capacity

Customizable modules according to EDF's specific technical environments and threat landscape evolution.

Quality Commitment

Multiple certifications (Qualiopi, Datadock) and continuous improvement processes based on participant feedback.

Expected Impact on EDF's Security Posture

The expected results of this training program are multiple:

Reduction in incident detection time: Objective of -30% thanks to better identification of abnormal behaviors.

Improvement in effective response rate: Reduction in reaction time to confirmed incidents.

Reduction in false positives: Better correlation of security events to distinguish real threats from irrelevant alerts.

Strengthening of security culture: Dissemination of best practices beyond SOC teams, to all IT collaborators.

Enhanced compliance: Alignment with sectoral regulatory requirements (NIS 2, ISO 27001, ISO 62443).

Operational Deployment Over 6 Years

The program will be deployed progressively over the entire contract duration:

Phase 1 (Years 1-2): Fundamental Base

Training SOC teams in the fundamentals of incident detection and response.

Phase 2 (Years 3-4): Advanced Specializations

Skills development in advanced technical areas (forensics, threat intelligence, ICS/SCADA security).

Phase 3 (Years 5-6): Consolidation and Evolution

Continuous content updates in the face of new threats, capitalization of experience feedback.

Key Deployment Figures:

• ▸1,200 training days planned over 6 years
• ▸400 employees trained
• ▸25 different training modules
• ▸Mix of face-to-face / remote / hybrid according to themes

Reactions and Perspectives

Reaction from Nicolas Duval, General Manager of Ascent Formation

"We are very proud of the trust that EDF places in us on such a strategic subject. This contract demonstrates our ability to support the largest French organizations on critical cybersecurity issues. Our teams are mobilized to guarantee the operational excellence of this program."

A Cyber Training Market in Full Expansion

The French cybersecurity training market is experiencing +15% annual growth, driven by:

• ▸The increase in cyberattacks (+38% in 2024 according to ANSSI)
• ▸The strengthening of regulatory obligations (NIS 2, DORA, GDPR)
• ▸The shortage of qualified IT security profiles
• ▸The generalized awareness of cyber issues

Large companies and administrations are investing massively in internal training to compensate for the skills deficit available on the recruitment market.

Conclusion: A Strong Signal for the French Cybersecurity Sector

The EDF-Ascent Formation contract marks a significant step in the structuring of the French cybersecurity sector. It demonstrates the will of critical infrastructure operators to develop sovereign and sustainable expertise in cyber defense.

This partnership also illustrates the recognition of French skills in cybersecurity training, a sector where France has recognized expertise at the European level.

For Cybersecurity Professionals

This type of market confirms the growing attractiveness of cybersecurity professions and the importance of continuous training to stay up to date with the constant evolution of threats.

Training paths offered by organizations like Ascent Formation constitute a major lever for career development for professionals wishing to evolve towards positions of responsibility in IT security.

To Learn More

If you wish to discover our cybersecurity training or discuss your IT and security skills development needs, please do not hesitate to contact us.

Ascent Formation - Expert in IT and cybersecurity training since 2008 Website: www.ascent-formation.fr Contact: site@ascent-group.fr