Eddy Thesee | Vice President Products Cybersecurity | Alstom

Eddy Thesee

Vice President, Group Products & Solutions Cybersecurity
Alstom

Biography

Eddy Thesee is Vice President, for products&solutions cybersecurity at Alstom, appointed in September 2018. Prior to joining Alstom, Eddy was working in consulting companies implementing mathematical algorithms for the prediction of stock market prices or the conduct of oil drilling.

Eddy Joined Alstom in 1999 to support the activities related to “year 2000” mitigation. After several positions in IT for Alstom global operations and end users support, Signalling, Turnkey & Infrastructure and Asia Pacific, he has been in charge for Processes, Methods, and tools for Signalling and Digital Mobility. His current scope of responsibilities includes the definition of the cybersecurity strategy for products and solutions across Alstom portfolio, the execution of cybersecurity activities in projects and new products, and the development of the cybersecurity standalone business allowing Alstom to provide services and solutions answering to the growing demand in the railway market.

Eddy has a strong background in IT build from his leading positions in information system management. He has been responsible for change management and transformation projects in the area of ERP deployment, System engineering (requirement and configuration management), software development, operating systems development and he is passionate with hacking and new technologies.

Eddy is an energic leader with international exposure, who value, teamwork, commitment and consistency are part of his management style. Eddy studied Mathematics, Telecommunication, Information technologies and psychology at the University Renee Descartes in Paris and holds master degrees in these disciplines. He lives in Paris, France, with his daughter.

Presentation

The EU Cyber Resilience Act (CRA) represents a significant shift in how cybersecurity obligations are applied across digital products and supply chains. While the regulation is intended to improve baseline security, its application to safety-critical, long-lifecycle rail systems raises a number of unresolved questions.

This session provides a structured briefing on how the CRA intersects with rail engineering, supplier management, and existing sector-specific standards. It will explore where interpretation remains unclear, how requirements may impact rolling stock, signalling, and supporting systems, and why alignment with established rail cybersecurity and safety frameworks is critical.

The focus of this session is not on compliance solutions, but on understanding regulatory intent, practical constraints, and the areas where further clarification and coordination across the rail ecosystem are still required.