5 minutes with... Jean-François Tyrode

What is your background?

I have been working for Thales in various cyber-related roles for 20 years. Initially, I focused on developing security and dematerialisation solutions. However, I soon realised that legal challenges were an essential aspect of cybersecurity.

To gain a dual competency in IT and law, I pursued a specialized Master’s degree in IT Law at Paris-Sorbonne University, where I later taught a cybersecurity module. Upon returning to Thales, I transitioned into the Cyber Defence domain as a consultant. Today, as a Mission Director in the Cyber Consulting Department, I focus on cyber risk analysis and assessment in the Air Traffic Management (ATM) sector.

What is Thales’ key added value for cybersecurity in ATM?

Our Cyber Consulting Department consists of 150 experts dedicated to cybersecurity. We have nearly a decade of experience working with Air Traffic Management stakeholders.

It all started with a cyber risk assessment for a European Air Navigation Service Provider (ANSP). The success of this collaboration demonstrated the importance of combining ATM expertise with cybersecurity knowledge. Our unique added value lies in this dual expertise, ensuring tailored solutions that address specific ATM-related cyber risks.

What are the main challenges in ensuring cybersecurity in ATM?

There are two primary challenges:

• Complexity of ATM Systems
  ATM systems are vast networks of interconnected components—ATC centers, control towers, navigation systems, aircraft, and external services like SATCOM and weather updates. This complexity creates a large attack surface, especially when multiple suppliers are involved. Conducting in-depth risk analyses is crucial to identifying vulnerabilities and implementing appropriate security measures.
• Evolving Regulatory Landscape
  Regulations for ATM cybersecurity are constantly evolving. Key frameworks include ICAO Annex 17, EU Regulation 2019/1583, and EASA’s PART-IS regulation, effective for ANSPs from February 2026. Many organizations struggle to navigate these regulations, making expert guidance essential.

Why is Thales uniquely positioned to address these challenges?

Thales employs a two-step approach when conducting cybersecurity maturity audits for ANSPs:

Organizational Audit: We evaluate existing processes, procedures, and readiness to handle cyber risks.

Technical Audit: We perform penetration tests, network traffic analyses, and vulnerability assessments.

Our customers appreciate our support at every step, regardless of their cybersecurity maturity level. We leverage specialized tools, such as a regulatory compliance questionnaire, and hold key certifications (ISO 27001, EBIOS Risk Manager, EUROCONTROL/Cyber, IATA/Cyber) to ensure best-in-class security frameworks.

What do you enjoy about your work at Thales?

The diversity of projects and customers makes my role truly exciting. Each engagement presents unique challenges, influenced by cultural differences and varying levels of cybersecurity maturity. This dynamic environment fosters continuous learning and professional growth, strengthening our expertise in both cybersecurity and ATM.

Ensuring cybersecurity in Air Traffic Management is a growing challenge. With the increasing complexity of ATM systems and evolving regulations, ANSPs must adopt a proactive approach. Thales' unique expertise in both cybersecurity and ATM makes it the ideal partner for tackling these challenges.