Download PDF

Multicertified Cybersecurity Expert

Over the last 20 years, I’ve built my security career on simple principles: Work smarter, deliver results, and the pursuit of excellence. I’m the person who looks for and streamlines inefficient procedures, finds ways to enable business goals while not compromising security, and strives to boost everyone around me. That's what has earned me 'Employee of the Year' eight times. That's what I bring to the table. 

Skills

  • Authorization
  • Auditing
  • Computer Security
  • Cyber Defense
  • Cyber Planning
  • Disaster Recovery
  • Disaster Response
  • Enterprise Risk Management
  • Forensics
  • Infrastructure             
  • Incident Response
  • Information Assurance
  • Information Security Management
  • Nessus
  • Network Security
  • Nmap
  • Penetration Testing
  • Risk Management
  • Standards Compliance
  • Vulnerability Management

Work History

Dec 2015Present

Information Systems Security Manager (ISSM)

Defense Information Systems Agency

DISA Pacific (9 months) Honolulu, HI, United States.

CYBER INCIDENT HANDLING, RESPONSE AND FORENSICS: Investigates, analyzes and reports on all information security incidents until resolution. Supports cyber security operations of the organizations Cyber Fusion Center.  Conducts in-depth analyses of security incidents to identify potential compromise, perform intrusion scope and root cause analyses and implement triaging protocols to mitigate potential impacts. Provides guidance to tier one and regional Cyber responders for the proper handling of Cybersecurity incidents. Coordinates efforts of Cyber defense team and provides timely updates to senior leaders. Provides recommendations to leaders and Cyber responders, as required.

CYBER SECURITY MEASURES: Provides guidance on network monitoring, analysis, troubleshooting, and configuration control technologies. Conducts vulnerability analyses, including wireless penetration testing. Executes FISMA compliance activities include annual assessments of security control status, vulnerability assessments, annual testing of contingency plans and incident response plans, configuration management, and conducts Privacy Impact Assessments (PIAs).

INFORMATION SECURITY GUIDANCE/RECOMMENDATIONS: Controls, reviews, and records the organization’s information security program by performing internal control and security investigations, and reviews /documents results and provided reports.

Aug 2013Dec 2015

Information Security Officer (ISO)

Department of Veterans Affairs

VA Pacific Islands Health Care System (2 years 4 months) 1 recommendation available upon request. Honolulu, HI, United States.

INFORMATION SECURITY POLICY/PLANNING: Developed policies and procedures to ensure information systems reliability and accessibility; prevented and safeguarded against unauthorized access to automated information systems, networks, and data.

NETWORK SECURITY MEASURES: Conducted vulnerability analysis and risk assessment studies of planned/installed information systems to assure AIS security plans and policies established are adequate for protection needs and are in compliance by statute.

INFORMATION SECURITY GUIDANCE/RECOMMENDATIONS: Controlled, reviewed, and recorded the organization’s information security program by performing internal control and security investigations, and reviewed/documented results and provided reports.

INCIDENT RESPONSE, DISASTER RECOVERY AND RISK ASSESSMENT: Investigated and reported all information security incidents and provided updates until resolved. Made mitigation recommendations to management for corrective action to ensure the confidentiality, integrity, and availability of IT systems and employees.

Key Achievements:
+ Selected as the 2015 FSS Incentive Program (FSSIP) Customer Service Award for Region
+ Routinely performed security analyses and reviews of pre-acquisition (including medical devices) and human research studies, utilizing specialized checklists and protocols that met the customer's requirements. For 2014, I performed 140 contract and 119 research protocol reviews consisting of 150+ man hours of analysis and collaboration. My efforts directly contributed to a stellar, "10" rating on the research component of the January 2015 VA Central Office Privacy Inspection and was lauded by the ACoS for Research & Development.
+ Briefed senior leadership on specific security needs. In addition, I conducted a formal presentation to upper management on a Facility-wide Incident Response Plan. My presentation included a realistic table-top scenario that afforded participants opportunity to discuss their responses, brainstorm on solutions, and inculcate the Incident Response Plan into their operational mindset.
+ Successfully wrote the (ISC)2 Certified Authorization Professional (CAP) examination, held by only 1,790 people worldwide

Jul 2009Present

Adjunct Associate Professor

University of Maryland

Cyber Security, Network Security and Ethical Hacking (7 years). Adelphi, MD United States.

ADJUNCT ASSISTANT PROFESSOR of INFORMATION SYSTEMS, INFORMATION ASSURANCE, and CYBERSECURITY: Plans/teaches courses which fulfill University curriculum goals and objectives. Supports the IT and IA program course load and works toward enhancement by engaging in course teaching, planning and development. Remains current with subject matter and instructional methodology. Maintains posted office hours in accordance with departmental and college policies. Communicated progress in the course to students in a timely manner. Determines and submits students' grades in accordance with established college policies and procedures. Develops Syllabi for established and new courses. Supports the mission of the program, school, and college. Conducts research in areas related to IT and IA and other duties as assigned by the course chair. Served on system level college committee work as Adjunct representative to the 2012-2014 Faculty Advisory Council (FAC). Two-time (2011 and 2012) Stanley J. Drazek Nominee in IFSM and CSIA. The award recognizes faculty that emphasize UMUC's commitment to high-quality adult education; who consistently show exceptional skill in promoting student learning and providing a quality education to UMUC's cyber learners; Encourage students to recognize and reward teaching excellence; and, identifies a pool of talented, dedicated faculty members who can serve as faculty mentors and support other faculty development initiatives.

May 2011Aug 2013

IT Specialist (Planning/Policy/Enterprise Architecture)

U.S. Air Force

Detachment 1, 561 Network Operations Squadron (2 years 4 months). Honolulu, HI, United States.

INFORMATION TECHNOLOGY POLICY/PLANNING: Served as the senior information technology (IT) specialist and consultant to management in support of command IT policy and plans. Performed studies and establishes plans of action for improving the efficiency of information technology applications. Performed studies covering the command's information technology status. Evaluated existing systems and capabilities and initiates feasibility studies and cost-benefit analyses to determine ways and means necessary to enhance mission performance. Ensured full compliance with Enterprise network, desktop, and server standards. Showed problem-solving skills by identifying problems; determined accuracy and relevance of information; used sound judgment to generate and evaluate alternatives, and to make recommendations to leadership. Managed complex projects, often served as the lead project manager.


INFORMATION TECHNOLOGY INFORMATION ASSURANCE: Identified analyzes, and corrects security measures. Conducted security analysis to ID trends, ineffective practices/procedures, and operational shortcomings. Planned for security integration and works issues for compatibility and standardization based on IA policy and emerging threats. Analyzed component interrelationships and evaluates network systems and computer applications from an operational perspective. Provided subject matter expertise for IT security, C & A, and other information assurance efforts. Participated in business processes evaluation and design. Developed standardized server and application configurations, documentation. Ensured the rigorous application of information security and assurance policies. Expert in FISMA-based risk management, information assurance, and relevant DoD IA guidance. Uniquely placed and qualified to ensure 100+ domain-level administrators adhere to IA principles and guidelines.

Feb 2010Jul 2011

IT Specialist (Networking)

U.S. Air Force

17 Operational Weather Squadron (1 year 6 months). Honolulu, HI, United States.

INFORMATION TECHNOLOGY MANAGEMENT: Serves as Operational Weather Squadron (OWS) system administrator for LAN/WAN, including planning, analysis, acquisition, design, implementation, quality assurance, installation, integration, testing, operational integrity, and management of networked systems for data transmission in voice, data, and/or video formats. Manages complex LAN/WAN systems, configures and installs network hardware/software, and maintains LAN operations. Performs feasibility studies to develop/modify information systems to meet network and/or telecommunication requirements. Ensures full compliance with enterprise network, desktop, and server standards. Shows problem solving skills by identifying problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations to leadership. Manages complex projects, often serving as the lead project manager.

INFORMATION TECHNOLOGY INFORMATION ASSURANCE: Identifies analyzes, and corrects security measures. Conducts security analysis to ID trends, ineffective practices/procedures, and operational shortcomings. Plans for security integration and works issues for compatibility/standardization based on IA policy and emerging threats. Analyzes component interrelationships and evaluates network systems and computer applications from an operational perspective. Ensures the rigorous application of information security and assurance policies.

Key Achievements:
+ Impact player! Spearheaded 6 person configuration team; applied enhanced security baseline--updated 45 servers/150 workstations over 3 enclaves. 2-yr old systemic deficiency corrected, garnered 94% rating during DISA Compliance Inspection. Awarded Employee of the Quarter.
+ Recognized problem solver. Tackled tough issue by resolving long-standing issue managing assets. Forged solution, coord'd changes, achieved success where others had failed for 1.5 yrs; saved 40+ hrs/month!
+ Appointed by AF DAA for 2 Cross Domain Solution (CDS) Systems, providing critical weather intelligence transfer to classified enclaves. Implemented IA controls and ensured 4 ATO/ATCs obtained on-time: avoided $150K in contractor fees.
+ Validated 300+ user accounts across multiple weather systems and three (3) security enclaves/removed 12 obsolete servers/2 switches--maintenance footprint slashed 15%; attack vectors significantly reduced.
+ Defined processes, wrote 45 SOPs, drove 208 trouble tickets; facilitated 24-hr weather capability/uninterrupted support ensured.
+ Commended by AF Weather Agency/Raytheon contractors as gifted technician w/extensive system knowledge; lauded by SQ/Group CC for going above/beyond: "Mr. Galliano has played a key role in my Systems Flight--his actions directly contributed to OWS mission success."

Jun 2008Jan 2010

IT Specialist (Customer Support)

US Army

201st Signal Company (1 year 8 months) 2 recommendations available upon request. Seoul, South Korea.

INFORMATION TECHNOLOGY ACQUISITION: Analyze acquisition practices, regulations and operations associated w/major complex IT procurement activities. Apply responsive, flexible decision-making and problem-solving to manage IT programs/technology acquisition and procurement tasks. Formulate and perform 225+ configuration recommendations worth $8.1M. Plan and deliver IT customer support services, including installation, configuration, troubleshooting, customer assistance and training. Diagnose and resolve complex technical problems. Research, analyze, evaluate and provide feedback on problematic trends/patterns in acquisition requirements and processes. Leverage data to develop and manage acquisition support policies, procedures and standards.

INFORMATION TECHNOLOGY MANAGEMENT: Ensures full compliance with enterprise network, desktop, and server standards. Serve as key System Administrator contributor to scanning/updating over 16,000 computer systems during Operations RAMPART YANKEE and BUCKSHOT YANKEE. Maintain/upgrade to AGM 8.0 on systems to ensure network security. Coordinate/update computer systems accountability reports to 311th TSC/NETCOM. Spearheads $2M storage services, backup and COOP upgrade to systems, server equipment and WAN optimization for Area II LandWarNet. Manage 2009 equipment purchasing actions in excess of $200K / property in excess of $1M. Leverage excess equipment to obtain no-cost upgrades, saving $25,000+ in 2009 alone.

INFORMATION TECHNOLOGY CUSTOMER SERVICE: Valued Area II NIPR, SIPR and RIPRnet Army Gold Master (AGM) program team member. Helps design automated workstation rollouts and re-imaging processes. Administer six Ghost image servers, manages OS images, creates bootable ROMs, and authors user documentation using Symantec's Ghost disk duplication products. Project success resulted in huge efficiency gains: facilitated fast mitigation of vulnerabilities throughout Army in Korea; saved technicians hundreds of hours monthly; ensured a logical/repeatable process across the enterprise.

Key Achievements:
+ Awarded the Army Achievement Medal for Operation BUCKSHOT YANKEE. Earned the unit’s first-ever 100% score on the Command Inspection Program (CIP).
+ My persistence and insistence on high standards resolved 2.5 year-long BDE Engineer inability to utilize a $40K power measuring device. Expertly troubleshot system, coordinated and presented solution to leadership. Facilitated Engineers' mission accomplishment and won praise for succeeding where others had failed.
+ Repeatedly lauded by Company and Battalion Commanders for my training, experience, and knowledge as an IT specialist: "Mr. Galliano's ability to produce exceptional results reflects his devotion to duty and commitment to the mission." "Mr. Galliano has proven instrumental in working out computer system errors and training team members in computer operations and procedures...Mr. Galliano is very knowledgeable and proven to be a highly viable asset to the Brigade."

Jun 2003Jul 2008

Program/Project Manager

HQ Pacific Air Forces

HQ Pacific Air Forces (5 years, 1 month) 4 recommendations available upon request. Honolulu, HI, United States.

ENSURED FULL COMPLIANCE WITH ENTERPRISE NETWORK, desktop and server standards. Managed telephone accounts (Avaya) and related equipment. Coordinated planning/installation of new backbone installation for Secure Local Area Network. Provided full technical support for the location, and met needs of all users for network resources and the operation of supported software applications. Maintained hardware, upgrades, PCs, scanners, printers, and peripherals.

ESTABLISHED AND MAINTAINED NETWORK USER ACCOUNTS, WORKSTATIONS, USER ENVIRONMENT AND ACCESS, using Active Directory. Spearheaded A3A stand-up/integration efforts by expertly managing 105 users, 90 workstations and multiple classified/unclassified websites. Provided seamless changeover and availability of netops, applications and remote access to division despite numerous changes.

PROACTIVELY MAINTAINED COMPUTERIZED SYSTEMS AND HARDWARE. Prevented technical problems from impacting validated state of network by quickly applying 125+ time-sensitive performing Critical System Work Orders, Change Controls and resolving Incident Reports to ensure no degradation to mission.

PARTNERED WITH NETWORKING MANAGEMENT to establish/enforce and monitor networking policies and standards. Provided technical and validation support for meteorological programs/processes. Hand-picked as test monitor for A3As #1 priority, the PACAF Global Broadcast System (GBS) Test, directing the efforts of a 6-person Team across three security enclaves. Managed PC hardware and software inventory, as well as Microsoft software licenses

PARTNERED WITH DEPARTMENT HEADS TO PLAN AND IMPLEMENT TRAINING NEEDS. Provided software and hardware training in computer fundamentals, word processing, spreadsheets, and office applications for Division’s 75+ users; primary lead for all weather systems.

Key Accomplishments:
+ Awarded the Air Force Civilian Exemplary Service Medal.
+ Led transition from CoP website to new PACAF Gateway Microsoft Portal. Tight integration w/Microsoft apps lauded by staff/field units; lead content manager for A3A transition to AF Portal. Lauded by A3A Deputy, "Great job putting together our SharePoint website. Once again the weather guys lead the way."
+ Easily satisfied rigorous 15 CS CSA re-cert criteria; hand-selected for 40-hr CompTIA Security+ certification course.
+ Garnered IE7/Office 2007/Vista test group for A3AW; contributed to Hickam FOT&E for eventual migration and roll-out across AF. Leveraged early training opportunities and eased migration to AF Standard Desktop Configuration 2.0.
+ A3s #1 choice for AF Portal Content Management Training; 1 of only 4 in division trained.

Education

20142017

DIA Student/Candidate

University of Fairfax

University of Fairfax, VA United States
GPA: 3.85 of a maximum 4.00
Credits Earned: 21 Semester hours
Major: Doctorate of Information Assurance (DIA)
Relevant Coursework, Licenses and Certifications: Information Security Professional Practices (ISPP)
Graduate Certificate

Aug 2007Aug 2007

Asia-Pacific Orientation Course

Asia-Pacific Center for Security Studies

Asia-Pacific Center for Security Studies
College of Security Studies Honolulu, Hawaii US Professional - 8/2007
Major: Asia-Pacific Orientation Course
Minor: Leadership and Professional Development

20042005

Project Management

Villanova University

Villanova University
Valley Forge, Pennsylvania US Certification - 9/2004
Major: Project Management
GPA: 4.00 out of 4.00
Relevant Coursework, Licensures and Certifications: Master's Certificate in Project Management

20002001

MS/Management Information Systems

University of Maryland University College

University of Maryland College Park, MD United States
Master's Degree 05/2001
GPA: 3.65 of a maximum 4.00
Credits Earned: 36 Semester hours
Major: Management Information Systems and Business Minor: Project Management
Relevant Coursework, Licenses and Certifications: MIS Certificant

19962000

BS/Computer Systems and Internetworking

City University of Seattle

City University Seattle, WA United States
Bachelor's Degree 09/2000
GPA: 3.5 of a maximum 4.00
Credits Earned: 120 Semester hours
Major: Computer Systems Minor: Internetworking

19951996

AAS/Computer Technology

Pierce College

Pierce College Puyallup, WA United States
Associate Degree - 5/1995
60 Semester Hours Major: Technology Minor: Computers GPA: 3.80 out of 4.00

Certifications

- Cisco Certified Network Associate (CCNA, #CSC012990333), 2016
- Certified Expert Incident Manager (CEIM, #3506271601), 2016
- (ISC)2 Healthcare Certified Information Security and Privacy Professional (HCISPP, #372929), 2015
- CompTIA Server+ (COMPTIA, #COMP001004356471), 2015
- (ISC)2 Certified Accreditation Professional (CAP, #372929), 2015
- CNSS-4012, Senior Systems Managers, 2015
- NSTISSI-4011, Information Systems Security Professionals, 2015
- VMware Certified Associate Data Center Virtualization (#VMW-01224017J-00382546), 2014
- CompTIA Advanced Security Practitioner (CASP, #COMP001004356471), 2013
- EC-Council Certified Ethical Hacker (C|EH, #ECC971934), 2012
- Microsoft Certified IT Professional Enterprise Administrator (MCITP) Enterprise Desktop Support on
Windows 7 (MCP, #3294354), 2012
- Microsoft Certified Technology Specialist (MCTS) on Windows 7 (MCP, #3294354) 2012
- Microsoft Certified Systems Admin (MCSA) on Windows Server 2008 & 7 (MCP, #3294354), 2012
- ISACA Certified Information Security Manager (CISM, #1219884), 2012
- Information Technology Infrastructure Library, 2012 (ITILv3 #4441129)
- Microsoft Certified IT Professional Enterprise Administrator (MCITP) Enterprise Administrator on
Windows Server 2008 (MCP, #3294354), 2011
- Microsoft Certified Systems Engineer (MCSE), on Windows Server 2003 (MCP, #3294354), 2010
- (ISC)2 Certified Information Systems Professional (CISSP, #372929), 2010
- Dell Certified Systems Engineer (DCSE), 2009
- Microsoft Certified Systems Administrator (MCSA) Windows Server 2003 (MCP, #3294354), 2008
- CompTIA A+, Network+, Security+ (#COMP001004356471), 2005/2008
- Project Management Professional Project Management Institute (PMP #206318), 2007

Job Related Training

- ForeScout Counter Act, 2016
- DoD-NSS PKI Local Registration Authority (LRA), Registration Authority (RA), Key Recovery Agent (KRA), 2016
- DISA Incident Response, Investigations and Network Forensics, 2016
- DISA Assessing Network Vulnerabilities, 2016
- DISA System Exploits and Intrusion Detection, 2016
- Cisco CCNA Bootcamp, 2016
- Official (ISC)2 Health Certified Information Security and Privacy Practitioner Training, 2015
- Official (ISC)2 Certified Authorization Professional (CAP) Live Online Training, 2015
- DataCenter Virtualization, VMware, 2014
- Essentials of Community CyberSecurity (AWR-136) TEEX, 2013
- Microsoft SharePoint (WSS & MOSS) Advanced, 2013
- Microsoft PowerShell for the IT Administrator I & II, 2013
- DISA Securing Microsoft Windows 7, 2012
- DISA Host Based Security System (HBSS) 301 for the System Administrator, 2011
- Certification and Accreditation (CA) DIACAP Training, 2010
- PERL Scripting Fundamentals with CGI and Dynamic Web, 2010
- DISA Information Assurance (IA) BootCamp, 2010
- Information Management Officer (IMO) Course, 2008

Affiliations

- FBI Infragard (Honolulu Chapter) - Member, Community Participant
- Armed Forces Communications and Electronics Ascn - Member
- Information Systems Audit and Control Association (ISACA) - Member
- International Information Systems Security Certification Consortium, Inc., (ISC)2 - Member
- Electronic Frontier Foundation (EFF) - Member

Distinctions

- 2016 Honolulu-Pacific Federal Executive Board 'Excellence in Federal Government Award' Team Excellence
- 2015 Region 1 Employee of the Year for 2015 + Cash Award

- 2014 Outstanding Work Performance Appraisal + Cash Award
- 2014 Employee of the Quarter (Oct-Dec 2014)
- 2013 Outstanding Work Performance Appraisal Time Off + Cash Award
- 2013 Employee of the Quarter (Jan-Mar 2013)
- 2013 Air Force Outstanding Unit Award with Valor (2010-2012)
- 2012 Outstanding Work Performance Appraisal Time Off + Cash Award
- 2011 67 NWW awarded 2011 "Omaha Trophy" for superior DoD-level Global Ops/Net Defense
- 2011 Outstanding Work Performance Appraisal Time Off + Cash Award
- 2011 17th Operational Weather Squadron Systems Flight Team Award
- 2010 Employee of the Year (613 Air Operations Center)
- 2010 Employee of the Quarter (Mar-Jun 2010)
- 2010 Outstanding Work Performance Appraisal Time Off + Cash Award
- 2009 Army Civilian Achievement Medal
- 2009 Civilian Performance Appraisal Cash Award
- 2008 Air Force Civilian Exemplary Service Medal

Community Service

- Po‘oihe Cyber Security Exercise, University of Hawai‘i Mānoa Information & Computer Sciences Department, University of Hawai‘i Information Technology Services Department, and State of Hawai‘i National Guard. Served as White Team Evaluator (2015, 2013), Red Team Participant (2014)
- Air Force Association (AFA) CyberPatriot Mentor, Sacred Hearts Academy (2013, 2014)

Portfolio

Cyber Security Journal Reviewer, International Journal of Cyber-Security and Digital Forensics (IJCSDF)