Aaron S. Dellamano
"Be Curious, Not Judgemental"
Aaron S. Dellamano
Cybersecurity Leader | Executive CISO Path
Strengthening Enterprises through Security Innovation, Risk Reduction, Talent Mentorship & Scalable Growth.
A cybersecurity leader with deep expertise in strengthening resilience across financial services, retail, technology, and government sectors. Experienced in leading global security operations, incident response, and risk management, with a track record of building programs that align cybersecurity with business growth and regulatory demands. Recognized for embedding secure-by-design practices into cloud, application, and infrastructure lifecycles, enabling innovation while reducing enterprise risk. CISSP-certified with deep expertise in SOC leadership, DevSecOps, cloud security, and frameworks including NIST CSF, MITRE ATT&CK, and Zero Trust.
aarondellamano@gmail.com • 618-972-8925
Experience
Enterprise Cyber Security Architect
“I specialize in strengthening organizational resilience by uniting technology, governance, and cross-functional collaboration to protect what matters most - client data and brand & reputation. With nearly two decades of experience, I have led global security operations, guided enterprises through high-severity incidents, and built programs that align cybersecurity with business growth and regulatory demands.
My leadership philosophy is rooted in transparency, precision, and empowerment—developing teams that thrive under pressure while embedding secure-by-design practices into cloud, application, and infrastructure lifecycles. By pairing technical depth with executive communication, I ensure organizations not only defend against today’s evolving threats but also enable innovation, trust, and long-term success.”
- Aaron S. Dellamano
Director of Cyber Security Operations
Leads a globally distributed program safeguarding 1,200+ retail locations, 8,000 endpoints, and multi-cloud infrastructure across the U.S. and Mexico; drives SOC leadership, cloud & application security, and executive risk reporting. Launched enterprise DAST, optimized Azure Front Door/WAF, deployed Microsoft Defender for Endpoint, and stood up SOC/MDR metrics (MTTR, false-positive rates, threat mix) that informed leadership decisions and justified headcount growth.
June 2024 – Present
Principal, Global Cyber Security Operations Center Analyst
Nov 2021 – May 2024
Professional Background
Escalation lead and technical strategist for a 24/7 global SOC of 25 analysts supporting 80,000+ employees across U.S. and U.K. Built executive & SOC dashboards in ServiceNow, conducted ~130 monthly ticket reviews mapped to NIST NICE KSAs, and partnered with engineering to refine Splunk, Cortex XDR, and Prisma CSPM detections aligned to MITRE ATT&CK ultimately elevating identity-centric detection and reducing false positives.
Principal Threat & Vulnerability Practice Analyst
Apr 2021 – Nov 2021
Owned vulnerability programs for 25+ clients (including Fortune 100), delivering monthly risk assessments and prioritized remediation for executive audiences. Re-architected enterprise vulnerability management platform designs to sync with patch cycles and cut discovery time from weeks to days, and delivered capability-maturity roadmaps that drove year-over-year remediation gains. Delivered strategic direction to CISOs to secure program funding derived from findings of capability maturity model assessments for clients in the retail, insurance, and entertainment industries.
Senior Director, Cyber Security Services
Nov 2019 – Apr 2021
Established the company’s first enterprise cybersecurity program; led a $2.5M budget and a 12-member cross-functional team across security architecture & engineering, application security, vulnerability management, and an internal security operations center (SOC). Embedded security into cloud/IT roadmaps during a technology transformation from on premises to cloud hosting, launched CI/CD-integrated AppSec with secure code reviews and developer training, and oversaw SOC 2 & PCI initiatives while leading major incidents and executive tabletop exercises.
Jun 2018 – Nov 2019
Co-designed secure multi-cloud (AWS, Azure, GCP, OCI) and network architectures, optimizing enterprise network taps/IDS and integrating native alerting & log forwarding for efficient detection. Replaced legacy SIEM/VM with next-gen platforms integrated into ITSM to improve visibility and reduce false positives while maintaining a flat budget. Authored NIST CSF–aligned roadmaps that enhanced audit readiness and improved response KPIs over a two-year plan, providing executives with clear attack surface visibility to drive risk-informed operational decisions.
Jun 2017 – Jun 2018
Threat & Vulnerability Management Lead
Lead a team responsible for enterprise vulnerability scanning, reporting, and penetration testing across 5,000+ assets and partnered with GRC on PCI requirements. Formalized the vulnerability management program using NIST SP 800-40 methodology and helped refine patch policy for measurable uplift in patch compliance and risk reduction.
May 2016 – May 2017
Threat Assessment Practice Manager
Owned end-to-end client engagements (scoping, proposals, delivery, executive brief-backs) for a $1M+ assessment portfolio. Executed 2–3 threat assessments monthly across SMB and mid-market (financial services, retail, healthcare, hospitality), blending vulnerability assessments, penetration testing, and tailored social-engineering/tabletop scenarios for execs and IT.
Sept 2015 – Apr 2016
Senior Security Strategist
Delivered network and web-app vulnerability assessments (Kill Chain-driven) with Kali toolsets; produced executive-ready reporting and remediation guidance and briefed both technical leaders and business stakeholders to accelerate risk reduction.
2007 – 2015
Early Career – U.S. Army & Defense Contractor Roles
Built foundational expertise across SIGINT, SOC operations, and cyber defense in support of national-level missions and DoDIN operations. Mentored analysts, conducted threat detection and network forensics, and advanced into cybersecurity engineering—performing enterprise vulnerability assessments, site surveys, and compliance support for Air Force mission locations—establishing the technical and leadership base for later executive roles.
Expertise
Risk Analysis
Secure-by-Design
Identity & Access Management
Executive Briefing & Communication
Threat Detection Optimization
Cyber Security Strategy
Incident Command & Response Strategy
Leadership Development
Education
Bachelor of Science
(BS)
Cybersecurity Management & Policy
Issued Mar 2024 · Expires Mar 2030
Credential ID: #2074497
Interests & Hobbies
Hiking
Bowling
Golf
Q & A
Why did you choose your profession?
Growing up, I was always drawn to technology, but opportunities to pursue that passion didn’t come easily. Before I found my path, I worked as a floor associate at Blockbuster, picked produce on a farm in the rural Midwest, stocked shelves at an office supply store, and even poured concrete for a time. It wasn’t until I joined the Army that I was introduced to the world of technology in a meaningful way. During my analyst training, I discovered how much I enjoyed solving puzzles and applying structured problem-solving to complex challenges.
That moment became the spark for my career in cybersecurity. Over the years, I’ve had the privilege of serving in roles as an analyst, engineer, architect, and now as a leader, always bringing forward that same curiosity and problem-solving mindset. What has remained constant throughout my journey is my passion for coaching and developing others. Building and scaling security programs has never been just about technology for me, it has been about empowering teams, strengthening resilience, and enabling businesses to thrive securely.
What advice would you give to someone just starting out in your profession?
Never assume you know the solution to a problem. In cybersecurity, the same issue can surface from entirely different causes, and assumption bias is the fastest way to miss the truth. Staying open-minded not only sharpens investigations but also builds your reputation as someone who is always learning and adapting. That mindset strengthens your skills and deepens connections across the security community, where sharing lessons learned is part of the craft.
