Gio Gallo

Director of Risk-Based Vulnerability Management at Proficio
  • Claim this Profile
Contact Information
us****@****om
(386) 825-5501
Location
Harkers Island, US

Topline Score

Topline score feature will be out soon.

Bio

Generated by
Topline AI

5.0

/5.0
/ Based on 2 ratings
  • (2)
  • (0)
  • (0)
  • (0)
  • (0)

Filter reviews by:

Dain Baltierra

I worked with gio for almost 6 years. he is the most passionate and driven security professional I have ever worked with. Gio will always put in the hours to accomplish whatever task is put in front of him. I highly recommend Gio to anybody.

Stewart Gott

Gio Gallo is unique in that he has the capability to approach any Information Assurance and Security (IA & S) matter from both an abstract (high level) and specific (nuts and bolts) perspective. His understanding of the IA & S Body of Knowledge is thorough and complete. Gio understands all aspects of IA & S engineering for any network, system or software design / development / implementation / re-engineering project both concisely and comprehensively.

You need to have a working account to view this content.
You need to have a working account to view this content.

Credentials

  • Certified Information Systems Security Professional (CISSP)
    (ISC)²
    Apr, 2001
    - Nov, 2024

Experience

    • United States
    • Computer and Network Security
    • 100 - 200 Employee
    • Director of Risk-Based Vulnerability Management
      • Jul 2021 - Present

      Ask me about how Proficio can help you reduce your cybersecurity risks with our RBVM service.

    • Principal Security Consultant - Vulnerability Management
      • Sep 2019 - Jul 2021

      Ask me about Risk-based Vulnerability Management

    • United States
    • Utilities
    • 700 & Above Employee
    • Senior Security Operations Manager
      • Apr 2012 - Aug 2019

      Grew Sensus’ Managed Services cyber security operational functions, processes, controls and security posture improvements starting from less than 20 managed services and SaaS clients to over 975 in 7 years. Reported to the Vice President of Managed Services. Managed 4 direct report security analysts. Collaborated with Sensus Engineering, Xylem corporate security teams and various Customer Operations support teams to meet organizational security objectives. Responsible for securing Sensus’ 3… Show more Grew Sensus’ Managed Services cyber security operational functions, processes, controls and security posture improvements starting from less than 20 managed services and SaaS clients to over 975 in 7 years. Reported to the Vice President of Managed Services. Managed 4 direct report security analysts. Collaborated with Sensus Engineering, Xylem corporate security teams and various Customer Operations support teams to meet organizational security objectives. Responsible for securing Sensus’ 3 on-prem North American production data centers and numerous Xylem AWS VPC’s with the highest level of security posture consistent with critical infrastructure protection security standards and best practices.

    • Senior Security Engineer
      • Jun 2010 - Apr 2012

      Delivered the Smart Grid industry’s first Achilles Communications Certification(IEC 62443-3-3) and Achilles Practices Certification (IEC 62443-2-4) for Sensus’ FlexNet AMI system. Initially a WurldTech only certification, I was a lead contributor to the IEC TC 65/WG 10 that developed the IEC 62443-2-4 standard from the WurldTech APC initial set of requirements. Participated in several Smart Grid security working groups including SGIP-CSW to develop the NISTIR 7628 Guidelines for Smart Grid… Show more Delivered the Smart Grid industry’s first Achilles Communications Certification(IEC 62443-3-3) and Achilles Practices Certification (IEC 62443-2-4) for Sensus’ FlexNet AMI system. Initially a WurldTech only certification, I was a lead contributor to the IEC TC 65/WG 10 that developed the IEC 62443-2-4 standard from the WurldTech APC initial set of requirements. Participated in several Smart Grid security working groups including SGIP-CSW to develop the NISTIR 7628 Guidelines for Smart Grid Cyber Security, Rev. 1.

    • Government Administration
    • 700 & Above Employee
    • Principal Information Security Analyst
      • Sep 2009 - Jun 2010

      Contracted through General Dynamics to the Dept of Homeland Security DC2 Security Operations Center and provided hands-on leadership and training to security analysts in support of DHS DC2 SOC functions. As a FISMA subject matter expert a 2nd role was also assumed shortly after joining the SOC as Information Assurance Team Lead to further DHS FISMA compliance objectives including systems security controls analysis, C&A package development and delivery. Contracted through General Dynamics to the Dept of Homeland Security DC2 Security Operations Center and provided hands-on leadership and training to security analysts in support of DHS DC2 SOC functions. As a FISMA subject matter expert a 2nd role was also assumed shortly after joining the SOC as Information Assurance Team Lead to further DHS FISMA compliance objectives including systems security controls analysis, C&A package development and delivery.

    • United States
    • Software Development
    • 700 & Above Employee
    • Technical Marketing Engineer
      • Sep 2007 - May 2009

      Primarily responsible for certification of Cisco security systems for Common Criteria security evaluations within Cisco’s Global Government Solutions Group, Government Certifications Team. Provided secondary support for FIPS 140-2 cryptographic module validations. Primarily responsible for certification of Cisco security systems for Common Criteria security evaluations within Cisco’s Global Government Solutions Group, Government Certifications Team. Provided secondary support for FIPS 140-2 cryptographic module validations.

    • United States
    • Defense and Space Manufacturing
    • 700 & Above Employee
    • Senior Security Engineer
      • Sep 2004 - Sep 2007

      As Senior Security Engineer for the EPA ITS-ESE contract I was responsible for developing solutions for system compliance to federal agency security requirements including FISMA, OMB, NIST and FIPS requirements and FISMA certification & accreditation of EPA information systems. Success in providing FISMA compliance solutions to the EPA lead to engagements for other federal agencis such as; NIEHS, NRC and eRulemaking while servicing the ITS-ESE contract. As Senior Security Engineer for the EPA ITS-ESE contract I was responsible for developing solutions for system compliance to federal agency security requirements including FISMA, OMB, NIST and FIPS requirements and FISMA certification & accreditation of EPA information systems. Success in providing FISMA compliance solutions to the EPA lead to engagements for other federal agencis such as; NIEHS, NRC and eRulemaking while servicing the ITS-ESE contract.

    • United States
    • Government Administration
    • 700 & Above Employee
    • Security Specialist
      • Jun 2004 - Sep 2004

      Contracted through TES to the USPS data center for a short-term engagement to provide Tier-3 firewall, VPN and remote access troubleshooting, support and solutions. Contracted through TES to the USPS data center for a short-term engagement to provide Tier-3 firewall, VPN and remote access troubleshooting, support and solutions.

    • United States
    • Software Development
    • 1 - 100 Employee
    • Senior Security Consultant
      • Mar 2003 - Jun 2004

      As Senior Security Consultant I provided security risk assessments for Innovate customers. Risk assessments performed included external perimeter PenTests, internal vulnerability, wireless and physical security assessments. Delivered on information protection goals and objectives consistent with customer security strategy and developed customer Information Security Risk Management Plans based on industry best practices and standards from ISO 17799, GAO and NIST publications. As Senior Security Consultant I provided security risk assessments for Innovate customers. Risk assessments performed included external perimeter PenTests, internal vulnerability, wireless and physical security assessments. Delivered on information protection goals and objectives consistent with customer security strategy and developed customer Information Security Risk Management Plans based on industry best practices and standards from ISO 17799, GAO and NIST publications.

    • Senior Security Consultant
      • Jan 2002 - Mar 2003

      Provided consulting and security assessment services including external pentests and internal vulnerability assessments for businesses and government agencies. Provided consulting and security assessment services including external pentests and internal vulnerability assessments for businesses and government agencies.

    • United States
    • Financial Services
    • 700 & Above Employee
    • Information Security Consultant
      • 2003 - 2003

    • Information Security Architect
      • Apr 2001 - Dec 2001

    • United States
    • Software Development
    • 700 & Above Employee
    • Network Security Engineer
      • Jun 1998 - Apr 2001

    • System Administrator
      • May 1995 - Jun 1998

    • United States
    • Higher Education
    • 700 & Above Employee
    • System Administrator
      • Sep 1990 - May 1995

Education

  • North Carolina State University
    B.S., Physics
    1989 - 1993

Community

You need to have a working account to view this content. Click here to join now