Damian Romano - Mba(C) B.Sc, Giacx 4, Ccsp, Sscp Email & Phone Number

Florida, United States

Florida, United States

St Petersburg, Florida, US

• As VP of Cybersecurity, I continuously develop and execute a comprehensive information security strategy aligned with business objectives, ensuring robust policy communication/enforcement and continuous adaptation to.
• Spearheaded the successful attainment of ISO27001:2022 certification in 6 months, ensuring alignment with industry-leading standards and bolstering organizational security posture.
• Orchestrated the seamless integration of cutting-edge security technologies within complex technological ecosystems, elevating operational resilience.
• Revamped vulnerability management and incident response protocols, driving a substantial reduction in risk exposure across mission-critical infrastructures.
• Executed a comprehensive third-party evaluation to meticulously assess and fortify our alignment with the NIST Cybersecurity Framework, thereby enhancing our strategic security posture and ensuring rigorous adherence.

In pursuit of preserving my well-being and achieving a balance between professional commitments and personal growth, I made the mindful decision to step away from my previous role. This brief sabbatical served as an intentional period of introspection, restoration, and preparation for the next chapter, focusing on fortifying my mental health and augmenting.

Raleigh, NC, US

• Responsible for leading and providing programmatic creation, direction, and maturity for the following cybersecurity domains at NC SECU: Vulnerability Management, Application Security, Secure Design Architecture.
• Lead an organization of four VPs with a total of 12 FTE's.
• Assist Chief Security Officer and EVPs in the development and maintenance of security initiatives and roadmap considerations toward NIST-CSF framework alignment and execution.
• Collaborate with the Security Operations team ensuring proper Security Operations Center (SOC) performance, threat strategy, management, and reporting across the organization.
• Maintain and enhance the credit unions' security vulnerability program and board-driven metrics.
• Manage the oversight of security vulnerabilities and risks including identifying and supporting application/system owners to manage risks and remediate vulnerabilities.

Minneapolis, MN, US

• Lead advisory practices for customer engagements via prescriptive, program-centered approach to Insider Risk Management, tailored to their industry priorities.
• Provide thought leadership to CISO's, Directors, and engineers on best practices for Insider Risk reduction and/or mitigation.

Burlington, Massachusetts, US

• Establish and drive enterprise-wide risk management programs for application vulnerability testing.
• Advise customers on how to best utilize the Veracode solutions within their organization.
• Advise customers with creating, educating, and delivering rollout plans, security policies, and integrated SDLC processes.
• Advise customers with onboarding of development teams, understanding compilation policies, and executing Consultation Calls to drive adoption and utilization.
• Ensure consistently positive customer experiences by working closely with Veracode Support, Consulting, and Operations teams and providing oversight and management of customer issues and initiatives.
• Create and manage account plans with customers which cover the entire customer journey.

St. Petersburg, Florida, US

• Program manager and developer of the Secure Design Consulting program within Raymond James. There I primarily serve as the principal liaison between project teams (program/project managers, AppDev teams, etc.) InfoSec.
• Coordinated and established Red Team, Purple Team, and pentesting engagements (White Cell), both internally and externally, in conjunction with leadership approved remediation efforts for business-critical applications.
• Maintain oversight of the Secure Coding governance program, ensuring the necessary application code is being scanned from a security, compliance, and regulatory standpoint – through metric-driven analytics.
• Provide operational security oversight for onboarding of new suppliers though extensive audits and regular gap analysis sessions.
• Participant in the Cloud Center of Excellence for Raymond James to establish a formal adoption, implementation, and sustenance strategy.
• Serve as a subject matter expert and information security risk and control advisement, to facilitate the identification and assessment of technology/security risks toward the effectiveness and efficiency of IT security.

Rockville, Maryland, US

Assisted Adrien de Beaupre in performing course facilitation for the SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment course.

San Francisco, California, US

• Technical subject matter expert on CloudPassage Halo solution guiding the customer to properly deploy, configure, and maximize product usage toward a DevSecOps methodology.
• Configuration hardening, assessment, and forensics with Linux and Windows servers.
• Host-based intrusion detection and prevention (state-based, event-based, signature-based).
• Management of software & package vulnerabilities, patching, and related technical & operational functions.
• Guided customers in implementing host-based security strategies on a large scale across a variety of environments using project management-based methodologies.
• Educated user communities by assisting with the production of security-related blog postings, how-to-videos, and answers to questions.

Rockville, Maryland, US

Assisted G. Mark Hardy in performing course facilitation for the MGT512: Security Leadership Essentials for Managers course.

San Jose, California, US

• Provided technical account management for customers (at C-level down through support) who purchase Gold or Platinum support from WhiteHat's SaaS-based services (DAST, SAST, and Mobile), driving satisfaction, adoption.
• Trusted advisor to the customer's AppSec program and SDLC development process providing guidance and best practices to mitigate OWASP Top 10, et al. within multiple complex applications.
• Responsible for overall post-sales relationship (account administration, on-boarding, escalations, diagnosing technical issues, delivering user interface training, and facilitating/participating in vulnerability.
• Provide a high-touch experience for key clients – including monthly trending reports, providing business insight to their use of WhiteHat product lines, ensure quick onboarding and adoption of their purchased products.
• Initiated and presented Quarterly Business Reviews in order to reinforce WhiteHat's value, review product usage, establish mutual attainable metrics and expectations, and align with customer’s goals.
• Assist customers in the evaluation of web application vulnerabilities, web application business logic flaws, and threats.

New York, NY, US

Engagement Coordinator for the IT Strategy division of InformationWeek.com. InformationWeek is the world's most trusted online community for business technology professionals like you. Our community members include thought-leading CIOs, CTOs, IT VPs and managers, along with hundreds of thousands of other IT professionals.Primary responsibility includes.

Fort Lauderdale, FL, US

• Primary responsibility was maintaining security and compliance efforts in a fully cloud-based infrastructure (Amazon AWS and Azure) with working knowledge of application architectures, web front-ends/server-side apps.
• Developed, established, and maintain the Security and Vulnerability Management Program for Citrix ShareFile with an Agile run environment.
• Performed automated and manual web/infrastructural vulnerability assessments to identify exploit/configuration/patch related vulnerabilities. (Tools/Vendors include Rapid7 Nexpose, Whitehat Sentinel, Trustwave, &.
• Manually assessed web application vulnerabilities discovered in house, by third-parties, and security researchers. Tools included Burp Suite, ZAP, custom python scripts, and various sites to test for verification.
• Monitored network, system, and application logs for security events via IDS/IPS, SIEM, host-based firewalls, configuration, and file integrity monitoring. (Tools include CloudPassage, Alert Logic, Dome9, nmap, and.
• Assisted in the evaluation process of vulnerability management tools and ultimately vendor selection.

Dallas, TX, US

• Responsible for Managed Security Services for AT&T Security Operations Center performing Tier 1.5 and Tier 2 level troubleshooting skills to devices such as Cisco PIX firewalls, Routers, Switches, Checkpoint firewalls.
• Supported and Troubleshot multiple assignments using knowledge, skills, and abilities that are demonstrated in the following network technologies: such as Cisco Systems, Cisco Application Control Engine, ASA series.
• Utilized FortiManager 3000C for firewall, web filter, and VPN (et al) policy review for network based firewall customers for troubleshooting and the MACD change process.
• Provided security event analysis and support via SEIM monitoring, looking at security event logs, investigating and troubleshooting. Utilize and monitor network daemons including Hobbit and Nagios.
• Chiefly utilized basic troubleshooting: ping, traceroute, whois, netstat, dig, grep - via SSH and telnet.
• Network protocols: TCP, UDP, DNS, NTP, RPC, FTP, SMTP, SSL, TLS, etc.

Raleigh, North Carolina, US

• Customer facing technical analyst providing 1st and 2nd level support to community banks’ technical, procedural, and business related questions, within an ITIL based change environment.
• Primary role was to manage, train, support, audit, and administer the Security Application (user access) in the FIS Horizon core banking platform for 5 client banks.
• Collaborated with system administrators and IT managers to customize and configure workflow and enabling technology to facilitate all software interface applications between the Horizon Core system and compatible.
• Conducted ongoing and quarterly security assessments and implemented security solutions to assist business with assessment and improvement of the core application and IBM's AS/400 server, (i.e. IT SOX, GLBA.).
• Assisted in departmental policy and procedural writing for the security application, interface products, and AS400 extract files.
• Participated in annual software release through test and production implementation verification and accountable for validating security module system quality. Back up application owner for FIS’s online banking platform.

Durham, NC, US

• Managed and built a client service cycle (staff of 10), monitored timeframes and deadlines, oversaw workflow, report maintenance, schedule management, and trained employees.
• Responsible for onboarding and maintaining all customers' account portfolios and any additional services, including remote deposit check technology.
• Assisted clients in product selection, implementation, and training. Product familiarity included credit cards, online banking, positive pay, ACH, controlled disbursement, etc.
• Examined and resolve compliance and regulation issues on client accounts to identify potential problems or status of high-risk accounts and situations.
• Worked thoroughly with both the Horizon Core system as well as the Fiserv core.
• Serviced a portfolio of clients from Palo Alto and San Diego by actively partnering with the Relationship Managers to discuss prospects, current customers, and trends.

New York, NY, US

• Accountable for managing a portfolio of NYS government clients within the Middle Market/Commercial banking line of business.
• Identified potential new business opportunities for JP Morgan Treasury Services and provide the appropriate solution(s).
• Accompanied Relationship Manager, Treasury Services Officers, and other product specialists on sales calls to develop and improve the portfolio. Worked closely with the relationship managers to expand existing business.
• Operational familiarity included all account reconcilement and banking functions as well as numerous computer applications and database operations performed.
• As TSC (Technical Support Analyst) Primary technical contact for critical issues between the local office and the information technology department. Acted as the first line support of all technical and computer.

Buffalo, NY, US

• Managed a staff of 8 while responsible for all branch operations, customer service issues. In addition, responsible for supervising and coordinating the activities of the Head Teller and the Relationship Bankers to.
• Lead and supervised the branch’s operational and administrative success through process improvement in accordance with customer transactions to prescribed policies and procedures.
• Assist in managing overall sales performance of the branch to reach productivity and growth goals through maximizing cross-selling efforts with walk-in to service requests opportunities.
• Leveraged sales tools, in-branch routines, call lists and best practices to increase sales productivity.

Software Engineering Institute Cert Insider Threat Program Manager Certificate, Insider Threat

Mba | It Management, Computer/Information Technology Administration And Management

Bsc, Cybersecurity And Information Assurance (Bscsia)

Sec460: Enterprise And Cloud | Threat And Vulnerability Assessment

Sec501: Advanced Security Essentials - Enterprise Defender

Mgt512: Security Leadership Essentials For Managers

Information Systems Security: Systems Security Practitioner - Certificate

Information Technology: Linux Security Specialist - Certificate

Sec542: Web Application Penetration Testing And Ethical Hacking

Sec503: Intrusion Detection In-Depth

Microsoft Certified It Professional - Mcitp -- Certificate

Global Certified Windows Security Administrator (Gcwn)

Automated Administration With Windows Powershell

Network Security Administration

As, Computer Applications And Business Management.

Regents Diploma