Aniello Giugliano
Cybersecurity Advisor & GRC Expert

I’m a cybersecurity professional with around 5 years of experience across both technical and governance roles. My background spans all three key areas of GRC: governance, risk management, and compliance. I started in technical cybersecurity, focusing on vulnerability assessment and penetration testing, and over time transitioned into GRC, which is now the core of my professional activity.This dual expertise allows me to bridge the gap between strategic objectives and practical security implementations, supporting organizations in building effective, structured, and risk-aware security programs across both public and private sectors.

Education & Training

Postgraduate Master in Data Protection & Privacy Law (DPO)
University Suor Orsola Benincasa
11/2024 – 09/2025

Master’s Degree in Cybersecurity
University of Salerno
09/2018 - 09/2020

Bachelor's Degree in Computer- Science
University of Salerno
09/2014 - 07/2018

Areas of Expertise

Security Governance
Risk Management
Risk Assessment
Compliance Auditing
Vulnerability Assessment
Penetration Testing
Data Protection
Privacy Compliance

Professional Experiences

GRC Consultat | Cybersecurity Advisor
Bulletproof (GLI Company)
09/2023 - Present
Supporting organizations in achieving compliance and strengthening security through audits, assessments, and advisory services. Key responsibilities include conducting security audits, vulnerability assessments, and limited-scope penetration testing.
I work across various frameworks and regulatory contexts, providing strategic guidance and technical insights to enhance risk posture and regulatory alignment.

Privacy & Data Protection Consultant
Comune di Scisciano
03/2025 - 06/2025
Supported the municipality in achieving GDPR compliance for its video surveillance system.
Drafted the complete privacy documentation package, including DPIA, privacy notices, internal regulations, and data processor appointments, ensuring alignment with national and EU guidelines.

Senior Cybersecurity Associate
Intellera Consulting
05/2022 to 09/2023
Delivered cybersecurity support for public sector clients, with a focus on vulnerability assessments, penetration testing, audits, and technical documentation.
Contributed to both operational and strategic activities, including drafting standardized reporting templates, supporting compliance efforts, and authoring technical content for international project proposals.

Cybersecurity Consultant
DGS spa
10/2020 - 05/2022
Provided technical cybersecurity services to financial sector clients, including comprehensive vulnerability assessments and penetration testing activities.
Focused on identifying and remediating security issues across web, mobile, and network infrastructures using industry-standard tools.

Community & Thought Leadership

Cybersecurity Writer & Contributor
Red Hot Cyber
Regular contributor to Red Hot Cyber, writing in-depth articles on cybersecurity, GRC, and digital risk topics to support knowledge sharing and community awareness.

Board Member
CyberStrategy Initiative
Active board member of the CyberStrategy Initiative Association, contributing to strategic direction and public engagement on cybersecurity culture and policy.

Technical & Regulatory Expertise

Governance
• Development of cybersecurity policies and procedures
• Definition of security roles and responsibilities across departments, aligned with regulatory
oi frameworks
• Drafting of internal regulations and data governance structures, tailored to sector-specific
oiirequirements
• Design of organizational models for information security governance, based on industry best
oipractices
• Coordination with internal and external stakeholders during the implementation of governance
oiiframeworks
• Experienced in the practical application of key standards and frameworks, including ISO/IEC 27001,
oi NIS2, DORA, GDPR, and PCI DSS.

Risk Management & Assessment
• Risk identification and classification through structured methodologies and industry standards
• Risk analysis using qualitative and quantitative models to assess likelihood and impact
• Evaluation of existing controls and residual risks to define appropriate mitigation strategies
• Development of risk treatment plans aligned with organizational risk appetite and compliance
oiobligations
• Implementation of continuous risk monitoring processes integrated with corporate GRC programs
• Creation of risk registers and reports for internal and external stakeholders
• Experienced in applying frameworks such as ISO/IEC 27005 and NIST RMF

Compliance
• Coordination with legal and technical teams to ensure end-to-end compliance coverage
• Development of data protection frameworks aligned with privacy laws and best practices
• Compliance gap analysis to assess alignment with legal, regulatory, and contractual requirements
• Privacy compliance implementation in line with GDPR, including DPIA drafting, privacy notices,
oiigovernance documents, and internal/external processor appointments.

Vulnerability Assessment & Penetration Test
• Vulnerability scans and analysis using industry-standard tools including Qualys, Nessus, and
o Rapid7
• Identification and prioritization of vulnerabilities based on CVSS scores, asset criticality, and
oiexposure
• Testing of web, mobile, and network infrastructures to identify real-world exploitability of findings
• Support in remediation and retesting phases to validate fixes and hardening actions

Professional Certifications

PCI Approved Scanning Vendor (ASV)
PCI SSC

ISO/IEC 27001 Lead Auditor
PECB

Certified Red Team Expert
Altered Security

Certified Bug Bounty Hunter
Hack The Box

eWPTX
INE Security

eCPPT
INE Security

CySA+
CompTIA

Lenguages

English
Professional working proficiency

Spanish
Basic proficiency

Italian
Native

Get in Touch

Whether you're a recruiter, collaborator, or just curious about my work, feel free to reach out. I'm always open to professional connections and new challenges.📧[email protected]