Miles is available for hire

Miles Romello

Verified Expert in Engineering

Security Engineer and Developer

Location

Winston-Salem, NC, United States

Toptal Member Since

February 29, 2024

Miles is a seasoned technology and security executive with a proven leadership and innovation track record across various industries. He specializes in governance risk and compliance, security operations, and incident response. With a relentless commitment to excellence and a passion for driving positive change, Miles continues to be a driving force in the technology industry, shaping the future of IT and cybersecurity with his proactive leadership and innovative solutions.

Vulnerability Management GRC Windows Penetration Testing PCI Compliance OWASP Zed Attack Proxy (ZAP)Agile Azure Active Directory Visual Basic .NET (VB.NET)Amazon Web Services (AWS)Mathematical Modeling Linux Unix Microsoft SQL Server Google Cloud Incident Response Dynamic Application Security Testing Vulnerability Assessment

Portfolio

VF Corporation

Vulnerability Management, Vulnerability Assessment...

Global Brands Group

eCommerce, PCI DSS, SOX Compliance, Azure, Office 365...

Ems Management Centre

High-performance Computing

Experience

Team Leadership - 20 years Governance - 20 years Incident Management - 20 years Incident Response - 16 years Architecture - 15 years PCI Compliance - 14 years SOX Compliance - 11 years Attack Surface Management - 6 years

Availability

Full-time

Preferred Environment

Windows, Linux, Unix, Azure, Azure Active Directory, Amazon Web Services (AWS), Google Cloud

The most amazing...

...feat I've accomplished is building a solid security operations team enveloping security assurance, education training, cyber defense, and investigations.

Work Experience

Senior Director via Toptal

2016 - 2024

VF Corporation

Built a GRC program, including 3rd-party and enterprise risk management.
Led the construction of the security operations department.
Reduced budgets and improved operational efficiencies with year-over-year savings.

Technologies: Vulnerability Management, Vulnerability Assessment, OWASP Zed Attack Proxy (ZAP), Attack Surface Management, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Incident Response, Zscaler, Endpoint Detection and Response (EDR), Network Detection and Response, Security Operations Centers (SOC), Threat Management, GRC, Risk Assessment, Business Risk Assessment, IT Security

Senior Director of IT Operations

2014 - 2016

Global Brands Group

Led the development of eCommerce B2C capabilities.
Managed the architecture and implementation of the company's cloud strategy using Azure and Office 365.
Built high-performing IT operational teams and the company's 1st information security department.

Technologies: eCommerce, PCI DSS, SOX Compliance, Azure, Office 365, Enterprise Risk Management (ERM), IT Audits, IT Security

CIO

2013 - 2014

Ems Management Centre

Led the architecture and implementation of a new network, including database systems, increasing the throughput of billing and automation by 80%.
Implemented an information security program across the enterprise.
Handled the development of an updated client portal and website.

Technologies: High-performance Computing

CIO

2011 - 2013

Targacept

Led the development of "Chemically Aware," a pre-AI automation system that sped up the discovery of unique new compounds by 30% and was labeled "The Google for Chemists" by Jama.
Architected the high-performance computing cluster utilized by "Chemically Aware".
Managed the development of the information security program.

Technologies: Mathematical Modeling, High-performance Computing, SharePoint

Information Security Officer

2009 - 2011

High Point Medical Center

Contributed to North Carolina's health exchange security guidelines.
Developed a GRC program for the health system, including exception management and risk acceptance.
Implemented data loss prevention solutions using Symantec.

Technologies: Penetration Testing, Governance, HIPAA Compliance, GRC, Data Loss Prevention (DLP), Symantec, IT Security, IT Audits

Information Security Engineering Manager

2003 - 2009

Wells Fargo

Developed ATM standards adopted by Diebold Nixdorf and National Cash Register Corporation.
Led the development of automation solutions using SharePoint for remediation and response to security incidents.
Contributed to the configuration of Windows security standards.

Technologies: Linux, Unix, SharePoint, Windows

Experience

ATM Architecture

I led the development of ATM industry standards leveraged by National Cash Register Corporation and Diebold Nixdorf to deploy new Windows-based systems using centralized management and secure configurations. The architecture solutions included patch management, systems management, authentication management, and monitoring.

Cyber Shield

I developed a 6-step comprehensive risk profiling solution based on industry regulatory requirements, capability maturity models, and risk modeling. Based on client answers, the product produces a current risk profile and a 3-year action plan presentation for executives to act on.

Security Education, Training, and Awareness

I created and implemented a security education, training, and awareness program for my client. The program encompassed communications, social engineering, and education for a global retail holdings conglomeration and took the company from a -4.9 to a +2.3 resiliency score in three years. It also included social media management for employees, a phishing, smishing, and vishing global campaign, and custom-built education courses.

Education

2009 - 2013

Bachelor's Degree in Information Security Management

Strayer University - Greensboro, NC, USA

Certifications

MAY 2004 - PRESENT

Microsoft Certified Database Administrator

Microsoft

MAY 2003 - PRESENT

Microsoft Certified Systems Engineer

Microsoft

Skills

Libraries/APIs

WMI

Tools

OWASP Zed Attack Proxy (ZAP)

Platforms

Windows, Azure, Amazon Web Services (AWS), Zscaler, SharePoint, Linux, Unix

Languages

Visual Basic .NET (VB.NET)

Paradigms

Penetration Testing, Agile, HIPAA Compliance, High-performance Computing, SCORM

Storage

Azure Active Directory, Google Cloud, Microsoft SQL Server

Other

Team Leadership, Architecture, Incident Management, Incident Response, IT Operations Management (ITOM), Active Directory Federation, Governance, PCI DSS, Vulnerability Management, Vulnerability Assessment, Endpoint Detection and Response (EDR), Network Detection and Response, Security Operations Centers (SOC), Threat Management, GRC, PCI Compliance, SOX Compliance, Certificate Management, High Performance Compute clusters, eCommerce, Attack Surface Management, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), FDA 90 regulations, Mathematical Modeling, Excel Macros, Enterprise Risk Management (ERM), Risk Profiling, Cross-functional Team Leadership, Unified Communications, Phishing Simulation & Analysis, Social Engineering, Information Security, Office 365, Data Loss Prevention (DLP), Symantec, Risk Assessment, Business Risk Assessment, IT Audits, IT Security

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring