Cyber Security Information
Resume:
David Gianna, MBA, PhD
Phone: 845-***-**** Email: *******@*****.***
• Senior executive with emphasis on Information/Cyber Security organizational transformation including policy, strategy, and organizational program development.
• Deep technical and functional experience developing cyber security teams and security program transformation.
• Making an impact as a thought leader, a public speaker, and as an adjunct professor.
CORE COMPETENCIES
Leadership · Strategy · Cyber Program Development · Business & Technology Alignment · Audit and Analysis · Network & System Security · Security Architecture · Internet of Things (IoT) · Cloud Services & security · Third Party Vendor Management · Payments Security (PCI DSS, ANSI TG-3/TR-39)
Standards Compliance: ISO 27001, ISO 31000, PCI-DSS, ANSI TG-3/TR-39, NIST 800-53, NIST CSF
Regulatory Requirements: FFIEC, GLBA, HIPAA, Visa PIN compliance
Industry Certifications: CISSP, CCSP, CTGA, AWS Solutions Architect, ISO 27001/31000, PCI QSA/ISA
PROFESSIONAL EXPERIENCE
Wells Fargo Bank: (May 2019 – present)
CURRENT ROLE: Vice President & Lead Operational Risk Officer (2021 – present)
- Reduced risk to cardholder data by 45% through second line oversight of the PCI program
- Continuous improvement of the delivery, execution and accountability for global PCI compliance at Wells Fargo
- Drive alignment of Wells Fargo controls to the PCI DSS requirements to achieve risk reduction and best practices
- Drive transformation to reduce scope of PCI, mitigate threats to cardholder data, to achieve global PCI compliance
- Ensure management of third-party vendors that store, process, or transmit cardholder data on behalf of Wells Fargo
- Collaborated with teams to drive full PCI-compliance of two partner-facing lines of business
FORMER ROLE: Business Risk & Control Officer (2019 – 2021)
- Delivered and executed assessments and baseline reviews of applications, processes, and platforms that store, process, or transmit cardholder data
- Enabled enterprise-wide risk reduction in payment channels through application of the PCI DSS
- Developed strategy for third-party vendors to measurably reduce risk to payment data
- Drove innovations in architecture for encryption, tokenization, and network segmentation to reduce PCI risk
- Raised awareness of payment security, and PCI compliance through PCI Center of Excellence
- Collaborated to revise Wells Fargo policies for regulatory compliance and alignment with Wells Fargo controls
Protiviti: Senior Manager: (September 2011 – April 2019)
Leadership, and technical/engagement management of medium to large task-based consulting teams
- PCI-DSS Assessment, Remediation, and Advisory services for Retail, Banking, and Transit services
- Developed mobile on-board rail fare payment system used by two large commuter railroads
- Designed and implemented a PCI-compliant parking payment system used at four airports
- Achieved a secure enterprise-wide network architecture for a large commuter railroad
- Designed a PCI-compliant architecture for an internal cloud hosted by a major bank
- Successfully led a PCI-initiative for a connected automobile services provider
- Created an internal PCI Center of Excellence at a major pharmaceutical corporation
- Audit against NIST 800-53 and NIST CSF, and remediation, Developed NIST training materials
- Acting virtual Chief Information Security Office (vCISO) for major client in retail industry
NetSPI: PCI Practice Lead (February 2010 – September 2011)
- Developed strategic vision and objectives to drive the consulting practice dedicated to the PCI DSS and the PA DSS
- Leadership of PCI-DSS compliance practice, consisting of 10 PCI-QSA and three PA-QSA consultants
- Introduced automated audit and reporting tools to streamline PCI-QSA processes
- Performed PCI Audits, PCI Readiness Assessments and Gap Analysis and managed PCI-related remediation projects
- Performed PA (Payment Applications) certification under PA-DSS in test lab for leading vendors
David Gianna, PhD
Verizon Business Security Solutions: Senior Security Consultant (September 2005 – January 2010) Functioned as an expert advisor to Fortune 50 companies regarding cyber security controls, infrastructure and architecture risks, strategies, business risk, and Information Security business alignment
- Provided expert level comprehensive analysis of industry and regulatory compliance standards as well as their associated impact upon client environments and business models
- PCI-DSS compliance assessments for Fortune 50 retail and financial institutions
- Performed wireless assessments, network vulnerability assessments, and penetration testing
- Delivered architectural reviews and assessments; Policy review and coaching; VoIP security for telco
- Provided pre-sales technical support and solutions engineering
Solutionary: Regional Technical Manager (September 2004 – September 2005)
Served as an expert advisor to Fortune 500 organizations, addressing cyber security strategy, roadmaps, maturity opportunities, and business alignment
- Delivered application assessments, architectural reviews, and internal vulnerability assessments
- Performed Visa CISP, MasterCard SDP and PCI compliance audits for retail and financial clients
- Delivered in-house Check Point firewall training to SOC analysts, engineers and project managers
Winmill Software: Senior Consultant and Security Instructor (September 2003 – September 2004)
- Performed security, Application Testing, Software Quality Assurance, and Business Analysis consulting
- Delivered security assessments, Check Point firewall configuration and installation
- Taught Check Point VPN-1/Firewall-1 Management I, II and III courses
Westcon: Information Security Sales Engineer (Four years)
- Developed security solutions, supported Value Added Resellers (VARs) and Sales teams
- Check Point firewall configuration and installation
- Taught Check Point VPN-1/Firewall-1 Management I, II and III courses
IBM Advanced Semiconductor Technology Center: Team Leader (Four years)
- Led five-member systems support team, including in-house Helpdesk and field/cleanroom operations
- AIX, Linux, and Windows NT server build, support, and administration
- OS/2 and proprietary industrial controls catered to the cleanroom/semiconductor facility
EDUCATION
Capitol Technical University, Washington, DC: PhD Technology: Cyber Security
Capella University, Minneapolis, MN: DsC Information Assurance & Security: (All but dissertation)
Marist College, Poughkeepsie, NY: Master of Business Administration: Information Systems
Marist College, Poughkeepsie, NY: Master of Science: Computer Science
Rochester Institute of Technology, Rochester, NY: Bachelor of Science: Electrical Engineering
INDUSTRY/COMMUNITY CONTRIBUTIONS
Doctoral dissertation: Dark Data Risk Management in Big IoT Data (2021)
Conference Speaker, 2018 PCI North American Community Meeting
International Information System Security Certification Consortium (ISC)2: SME for CCSP exam revisions
Payment Card Industry Security Standards Council (PCI SSC): Cloud Special Interest Group (2017 – 2018)
Pace University, Seidenberg School: Cybersecurity Advisory Board member (2020 – 2022)
Rutgers Center for Innovation Education: Advisory Board member (2018 – 2020)
OWASP: NY/NJ Metro Chapter Board member, Chapter Leader (2010 – 2012)
Civil Air Patrol, New York Wing: Information Technology Officer, Transport Mission Pilot
Adjunct: Marist College (2022 - Present) - Teach graduate Cybersecurity and Computer Science
Adjunct: University of Maryland (2011 - Present) - Teach graduate Cybersecurity
Adjunct: Yeshiva University (2019 - 2022) - Taught graduate Cyber & Information Security
Senior Professor: Everest College (2004 - 2014) - Taught Programming, Information Security
Contact this candidate