Summary
Overview
Work History
Education
Skills
Websites
Languages
Timeline
Generic

Vito Bruno

Cincinnati

Summary

Senior management professional, bringing strategic leadership and operational excellence to drive organizational success. Skilled in project management, team collaboration, and process optimization with keen focus on achieving results. Adept at navigating complex challenges, fostering culture of accountability, and adapting to evolving business needs. Known for strong decision-making, effective communication, and building high-performing teams.

Overview

13
13
years of professional experience

Work History

Sr. Manager, Cyber Security Operations

CNGHolding’s Inc
03.2024 - Current
  • Built out the Cyber Security Team, started with 2 analyses to a fully staffed team.
  • Direct report to the CIO/CISO as head of all security for the organization.
  • Managing threat detection and incident response detection and remediation.
  • Implemented an enterprise SIEM/Soar for all log correlation and alerting of Cyber events.
  • Managing Identity and Access Management with over 25K accounts.
  • Created the vulnerability management program and onboard vulnerability tools like Tenable & Rapid 7
  • Ongoing management of vulnerability scanning for PCI and Non-PCI zone and working with BU’s for remediation.
  • Manage MFA using Entra MFA and Dual for all user connections.
  • Manage SSO for all enterprises and SaaS applications ~300 applications.
  • Lead for all internal and external security audits including the internal controls audit, PCI compliance.
  • Performing Internal and External Pen Testing initiatives and working with an MSSP.
  • Manage the Third-Party Risk Management onboarding of new vendors.
  • Managing all identified security risks and tracking remediation with the business stakeholders
  • Authored the Cybersecurity Incident Response playbook with yearly reviews.
  • Authored the Ransomware Playbook with yearly reviews.
  • Managed DLP and reviewing policies on a quarterly basis.
  • Managing all external web access requests and reviewing any suspicious activity.
  • Implemented the enterprise Security Awareness program with quarterly phishing simulations and training.
  • Deployed AV/EDR to all corporate workstations and serverless computing infrastructure.
  • Developed and implemented AWS WAF/Shield policy to protect all AWS workloads, including APIs from DDoS, Rate Limit, Geo policies in both Non-Prod and Prod environments adding 80% protection to our critical LMS systems.
  • Leading the Microsoft Zero-Trust best practices resulting in a 45% risk reduction.
  • During a new company acquisition I led the internal security assessment and migrated/transitioned all security services to my team saving $750K yearly.
  • Generate and present security metrics for our quarterly meeting with the Board members.
  • Implemented the enterprise Certificate Management tool to request, onboard and manage all internal and external TLS certificates.
  • Manage a $1.1MM yearly security budget and all MSSP renewals including software licenses.

Director, Security Posture Management

Ally Financial
12.2018 - 01.2023
  • Managed the Identity & Access Management program with over 32 thousand identities across Azure & AD.
  • Remediated 85% of the security vulnerabilities, by leading the vulnerability management program.
  • Managed the cyber security and incident response process including on call 24/7 during a security incident.
  • Managing the change management outage process for all P1/P2 incidents and minimizing the corporate outages by 40% by establishing and authoring incident change processes and a mature incident response plan.
  • Implemented an automated Firewall implementation process using GitHub, Firemon and Ansible playbooks which reduced the manual process by 75%.
  • Configuration Posture review of over 30 security controls and increasing the overall security strength by 40%.
  • Managed a team of 10 information security professionals, overseeing the hiring, spearheaded weekly team meetings, onboarding new employees, quarterly performance reviews, and mentorship.
  • Assisted in developing, writing, and publishing the Information Security strategy using the NIST framework.
  • Managed the MSSP relationship for all security related vendors.
  • Managed the cloud security posture for our AWS virtual environment using Wiz and CloudSec reducing exposure by 40%.
  • Performed the quarterly user access review of all high-risk user groups to maintain compliance.
  • Monthly C-Suite metrics to present our overall SPM coverage and risks during.
  • Oversee the Data Loss Prevention policies and assisted with policy implementation decisions by working with the stakeholder pre-and-post deployment to minimize any outages.
  • Managed projects and tasks using confluence and Jira to maintain cross team communication.
  • Decision maker for POC & RFI’s for all new security tools.
  • Managed a $2.2MM budget with yearly budget review and cost savings.
  • Managed the zero-trust technology migration and on-boarding Palo Alto Prisma, Panorama, Global Protect using all security services a $2.5MM project and completed in one year.

Manager, Cyber Security Engineering

Ally Financial
12.2012 - 01.2018
  • Managed a team of high-performing architects and security engineers.
  • Designed and executed SSL/TLS Interception to cover all outgoing internet traffic.
  • Implemented the enterprise content filtering solution and edge level Anti-Virus appliances using Bluecoat/Symantec Proxy, Proxy Client.
  • Implemented and enterprise-wide Network Access Control solution using Forescout.
  • Managed Checkpoint Firewall and PaloAlto using physical and virtual appliances.
  • Served as the Technical Security Lead for the Data Center migration project, moving from 12 DCs to 2 in 4 months.
  • Exhibited outstanding management and leadership skills.
  • Oversaw the execution of Information Security and privacy inherent to client engagement.
  • Created and updated network and security diagrams and as we built out the network topologies.
  • Managed systems health checks, incident reporting, and generated audit artifacts and reports to auditors and senior leadership.
  • Performed troubleshooting using tools like Wireshark, Nmap, Splunk for SIEM, Traceroute and Packet Capture.
  • Implemented and maintained the security controls following NIST standards.
  • Managed and maintained the 24/7 on call process and prioritization for all P1/P2 Network and Security related incidents.

Manager, Network & Security Engineer

Consumers Energy
12.2012 - 01.2018
  • Designed and managed user and contractor MFA authentication, network access control, intrusion detection solutions, endpoint protection, data leakage protection and encryption solutions.
  • Provided full end-to-end route-based IP network solutions, including solutions for remote access technology and high availability and disaster recovery.
  • Designed and Managed vital controls for DCS and SCADA networks.
  • Assessed the ability and efficiency of a large-scale network with over 12,000 employees to resolve complex network problems.
  • Trained employees on over 10 distinct Cisco security devices such as Cisco ASA, ISR’s, Nexus.
  • Implemented and configured SolarWinds/Orion for enterprise-level logging and alerting.
  • Implemented and managed the data center network switches and core routers to support 18K+ user network.
  • Provided tier 2 and 3 support for customers' remote access and all security- related devices. Carried out end-to-end troubleshooting between major transport layers 1 and 2 circuits
  • Configured ACL policies on Cisco security devices, including PIX, ASA and routers.
  • Implemented and supported corporate IPsec, SSL, and Site-to-Site VPN solutions
  • Implemented enterprise content filtering and SSL decryption using Bluecoat proxies
  • Implemented and managed MFA for enterprise Admin accounts using SSH and all VPN Connections

Education

undefined

John Glenn High School
Westland, Michigan

Information Technology

Henry Ford College
Dearborn, Michigan

Skills

  • Strategic planning
  • Cross-functional collaboration
  • Operations management
  • Cross-functional team coordination
  • Troubleshooting and problem resolution
  • Data-driven decision making

Websites

Languages

English
Native or Bilingual
Italian
Professional Working

Timeline

Sr. Manager, Cyber Security Operations

CNGHolding’s Inc
03.2024 - Current

Director, Security Posture Management

Ally Financial
12.2018 - 01.2023

Manager, Cyber Security Engineering

Ally Financial
12.2012 - 01.2018

Manager, Network & Security Engineer

Consumers Energy
12.2012 - 01.2018

undefined

John Glenn High School

Information Technology

Henry Ford College

Similar Profiles

CREATE PROFILE
Vito Bruno