Vincent Cervone Email & Phone Number

Raleigh, North Carolina, US

Partnering with small and medium sized businesses (SMBs) as their vCISO / Fractional CISO to implement practical security and achieve their security compliance goals.

vCISO working to transform the accessability of rare disease data through a secure, privacy oriented, worldwide data-sharing network.

San Diego, CA, US

• Implemented SOC-as-a-Service to achieve 24/7/365 security monitoring of enterprise assets and Incident Response (IR) retainer agreements for timely and cost effective support
• Lead revamp of security “way of working” to follow Agile Scrum and Kanban methodologies for enhanced visibility into common requests and maintain focus on organizational goals and priority tasks
• Consolidated Endpoint Detection and Response (EDR), Network Detection and Response (NDR), and Asset Detection tooling suite to reduce operational support cycles and overall cyber spend.

San Diego, CA, US

• Built Operational Technology (OT) / Industrial Control Systems (ICS) / Industrial Internet of Things (IIOT) security integration team focused on hardening & configuring business critical manufacturing systems for CAPEX.
• Established enterprise OT monitoring & vulnerability management processes with Tenable (OT, SC, and IO) deployment to over 50k manufacturing and lab assets
• Created IT & ICS/OT security policies with supporting security education & awareness campaigns and ongoing training programs for developers and manufacturing automation engineers
• Established enterprise penetration testing program including: 1/ Organizational penetration testing methodologies and standards, 2/ Network of third-party penetration testing partners, and 3/ Continuous penetration.

San Diego, CA, US

• Lead build-out of supply chain security function to support Information Technology (IT) and Operational Technology (OT) / Industrial Control Systems (ICS) / Industrial Internet of Things (IIOT)
• Developed threat modeling procedures in third-party evaluations driving threat vector based risk mitigations and supply chain security resilience
• Identified key business values (business continuity, disaster recovery, compliance requirements, etc.) need to develop of vendor tiering system capable of evaluating 350+ vendor services annually across multiple.
• Integrated Software Bill of Materials (SBOM) solution into Vendor Evaluation tooling to identify vulnerabilities pre-purchase and ingest into vulnerability management program post deployment

Bloomfield, CT, US

• Lead team to develop and integrate application security program supporting 3,500+ cloud and on-prem applications with enterprise CI/CD pipeline for continuous security evaluation including Security Information and.
• Performed comprehensive evaluations of information systems for the identification of vulnerabilities (OWASP Top 10, scanning results, secure authentication, appropriate IAM procedures, etc.) and enterprise policy.
• Supported regulatory reviews of HIPAA, SWIFT, and PCI information systems & the compilation of enterprise certifications such as SOC2,Type 2
• Motivated mentor who strives to educate others on security best practices & influence secure by design information systems

Bloomfield, CT, US

• Lead merger and acquisition team integrating 150 critical supplier security contracts to achieve enterprise goal of $90M supplier rate savings
• Overhauled enterprise outsourcing security model for global ITO and BPO services to align to National Institute of Standards and Technology (NIST) standards & customer requirementso Managed ongoing security compliance.
• Performed onsite audits of supplier physical, logical, and technical security controlso Developed standardized onsite assessment model for physical and technical controls to ensure consistent enforcement

Bloomfield, CT, US

• Performed security evaluations of 3rd party security posture & cloud solutions (AWS, Azure, & Google Cloud)o Created standardized process for security evaluations during 3rd Party RFP for timely identification of.
• Developed 3rd party risk assessment process and Standard Operating Procedures (SOP) to meet evolving business needs and align with relative industry standards (NIST, FISMA, ISO, etc.)o Incorporated industry standard.
• Financial system auditor to ensure compliance with constantly changing industry regulatory requirements (PCI, SOX, SWIFT, etc.)

Bloomfield, CT, US

• Lead Identity and Access Management (IAM) system implementation across multiple international business lineso Automated onboarding procedures which reduced average resource onboarding time by 35%
• Redesigned PMO intake processes to consistently prioritize strategic business and IT initiatives
• Orchestrated strategic effort to deploy secure hash algorithms across critical applications

Bloomfield, CT, US

• Create and manage application business requirements under Agile methodology ensuring critical business deliverable were met
• Lead cost saving effort to strategically partner with a 3rd party for production support services:o Developed resource model which supported 35% cost reduction goalso Created flexible resource access model support 500+.

Wilmington, NC, US

• Led team to convert over 3000 physical case files to digital format.
• Assisted District Attorney in day to day case preparation and supported schedule of over 30 case hearings.

Wilmington, NC, US

Effectively used teamwork to achieve goalsCoordinated meetings and deadlines of major projectsProduced and validated software projects

Bachelor Of Science (B.S.), Finance And Management Information Systems

Associate Of Arts (A.A.)