Jose Rodriguez
Kennesaw,USA
Summary
Customer-focused cybersecurity executive with 18 + years of cross-sector experience—federal, enterprise, and private—leading end-to-end security transformations that align with NIST, FIPS, FISMA, FEDRAMP, and Executive Order requirements. As Acting Chief Information Security Officer, I have architected a risk-centric DevSecOps pipeline (SAST, DAST, dependency scanning, CI/CD approvals) that reduced code-review turnaround by 55 % and delivered secure releases to production at scale. I routinely design and maintain enterprise-wide threat-intelligence programs, leveraging CISA, OSINT, Commercial and custom Python/PowerShell automation to proactively detect and prevent threats and vulnerabilities across public-facing web apps, Office 365, Docker/Kubernetes, and emerging AI/LLM platforms, cutting incident-response time by 50 % and elevating accuracy through cross-tool correlation. Beyond technology, I have served as the federal CIO’s trusted advisor on risk, compliance, and cloud-container governance, authoring System Security Plans that meet FedRAMP and other federal mandates. I spearhead incident-response, vulnerability management, and patch-management programs, leading a high-performance security team, mentoring analysts, and driving continuous improvement through metrics-driven dashboards and custom tool integration. My leadership consistently delivers measurable business value—enhancing security posture, ensuring regulatory compliance, and protecting mission-critical assets—while fostering a culture of innovation, collaboration, and lifelong learning.
Overview
19
19
years of professional experience
14
14
Certification
Work History
Acting Chief Information Security Officer (CISO) / Security Team Manager / Senior Systems/Network Engineer / Cybersecurity Engineer
TCG, Inc.
05.2021 - Current
- Spearheaded a full-scope security program for a federal agency, developing and maintaining policies that satisfied FISMA, NIST, FEDRAMP, and Executive Order requirements, and served as the trusted Cybersecurity advisor to the Federal CIO on risk, compliance, incident response, and AI-related security.
- Designed and implemented a DevSecOps pipeline that integrated SAST, DAST, dependency-scanning, and ticketing, reducing code-review turnaround by 55 % and enabling secure CI/CD approvals at the change-control board.
- Increased team productivity by 19% and overall resolution efficiency by over 10%.
- Developed Artificial Intelligence risk management framework, assessments and processes for the organization.
- Conducted LLM review, research, evaluation, implementation and enhancements via Retrieval-Augmented Generation (RAG), API integrations and container hardening.
- Built a comprehensive incident-response framework (plans, playbooks, dashboards) and drove cross-tool correlations that increased detection accuracy and cut investigation time in customer environments by 50 %.
- Conducted manual penetration testing and zero-day exploit development on public-facing systems, client software, and internal tools, uncovering 120+ previously undetected vulnerabilities and delivering prioritized remediation plans that strengthened compensating controls.
- Hardened an Office 365 cloud environment (FedRAMP-level) as a proof-of-concept and performed full-stack assessments (ORCA, SCUBA, Kali) against AI/LLM platforms, authentication flows, and container Docker/Kubernetes ecosystems, establishing proactive risk-management frameworks for all workloads.
- Managed enterprise security tooling (SIEM, WAF, vulnerability scanners, hardening baselines), orchestrated weekly tool-implementation reviews, and acted as the escalation point for analysts, pen-testers, and dev teams, ensuring rapid, end-to-end resolution of malware, data-spill, and misconfiguration incidents.
- Authored System Security Plans, network flow diagrams, custom OS signatures, and virtual-machine life-cycle processes that met stringent federal documentation standards while mentoring and hiring a high-performance security team across the organization.
- This role fused strategic policy leadership with hands-on security engineering, delivering a 55 % reduction in code-review turnaround, halving incident-response investigations, exposing 120 + zero-day flaws, and establishing a FedRAMP-compliant AI/LLM security posture—all while building a high-performance, federally-certified security team.
IT Consultant
Self-Employed Rquadrant LLC
01.2007 - Current
- Delivered end-to-end IT, security, and digital-marketing solutions for small-to-mid-size businesses, ensuring regulatory compliance, system reliability, and brand visibility.
- Deployed and managed OSSIM (HIPS) on Linux servers, installing agents on 30+ critical assets to achieve FISMA compliance, while configuring software firewalls, AV, and host-based intrusion prevention across Windows, Linux, and macOS platforms.
- Conducted blockchain based investigations leveraging etherscan, btc, wallet addresses and reviewing solidity smart contracts.
- Installed, patched, and troubleshot operating systems, virtualization stacks (VirtualBox, Hyper-V, VMware, Parallels), and network infrastructure (cabling, wireless routers, APs, switches), reducing downtime by 40 %.
- Executed comprehensive malware scans (Malwarebytes, Sophos, Cylance, TrendMicro) and recovered deleted databases, restoring 100 % of lost data without business interruption.
- Implemented automated, off-site backups for mission-critical servers and scheduled recoveries, achieving a 99.9 % recovery point objective.
- Supported accounting suites (QuickBooks, Peachtree, Quicken), configured Outlook 2007-2013 on multiple devices, and migrated email and data (Time Capsule → OneDrive) to Microsoft 365, boosting productivity and collaboration.
- Provided threat-hunting services and custom Splunk content for a Fortune 200 client, enhancing detection coverage by 35 %.
- Crafted digital-marketing assets—website design, photo content, social-media management, and print collateral (business cards, flyers, posters)—for a restaurant client, driving a 25 % increase in online engagement.
- This role blends rigorous security engineering, robust IT operations, and creative marketing, delivering measurable improvements in compliance, system up-time, and brand reach.
Director SOC/ Technical Lead Analyst/Threat-Intelligence Lead
The WatchTower/Government Contracting
05.2019 - 01.2021
- Oversaw a 24×7 security operations center, driving incident response excellence, process automation, and analyst development for a multi-customer environment.
- Managed all customer and internal communication (Slack, email, Zoom), earning an “Outstanding Service & Excellence” award from a key client.
- Led a team of analysts: mentored new hires, reviewed and approved tickets, served as the escalation point, and maintained 100 % shift coverage for continuous SOC operations.
- Designed and refined investigation workflows, developed workflow charts, and created a SOC skills matrix that increased analyst efficiency by 35 %.
- Built and maintained Splunk dashboards, ES correlation searches, and custom alerts that provided real-time threat visibility and KPI reporting for customers.
- Automated IOC gathering with a Python web scraper (Palo Alto, Unit 42, OSINT) and deployed a Security Onion environment on AWS for live packet analysis.
- Conducted threat-hunting, vulnerability research, and deep-log investigations (Splunk, Security Onion, Polarity, Symantec, TrendMicro, O365).
- Implemented proactive defenses (adding hashes to Cylance Protect, configuring Splunk universal forwarders, managing accounts in Splunk/ Security Onion).
- Developed knowledge-base articles and a SOC experience matrix, and served as a product tester to drive continuous improvement of internal tools.
- This role blended tactical incident handling with strategic process engineering, delivering measurable reductions in response time, improved analyst performance, and enhanced customer confidence.
Senior Security Analyst
Genuine Parts Company
01.2018 - 04.2019
- Drove end-to-end threat detection, incident response, and security architecture for a global enterprise with > 200,000 endpoints and multi-regional subsidiaries.
- Investigated and remediated security incidents generated by Symantec MSSP, Cisco Umbrella, Cisco FirePower IPS, and endpoint agents—reducing mean time to containment from 3 h to 45 min through fine tuning.
- Discovered and reported a zero-day flaw in a newly-released Symantec feature, leading to a rapid patch release and avoidance of a potential enterprise-wide detection gap.
- Developed and maintained custom Python utilities and a Red-Hat threat-feed server that centralized OSINT ingestion, accelerating IOC discovery by 70 %.
- Authored a global WordPress hardening framework adopted as the company standard, cutting web-application vulnerabilities by 55 % across all sites.
- Conducted phishing, web-application, and network penetration tests; performed forensic analyses to determine root cause, then applied risk-based mitigation strategies that reduced repeat incidents by 40 %.
- Tuned Cisco FirePower IPS and AMP rules, integrated threat-intelligence feeds, and implemented proactive blocking of IOCs, lowering false-positive rates to < 5 %.
- Created dynamic Splunk dashboards and automated Forcepoint Websense reports, delivering actionable threat visibility to senior security leadership on a daily basis.
- Led cross-team change-management meetings, performed global security-product POCs, and provided vendor evaluation and ROI analysis for future procurement.
- Served as the primary escalation point for incident handling, malware analysis, digital forensics, and threat-intelligence across all subsidiaries, ensuring rapid, coordinated response worldwide.
- This role blended global threat-detection architecture with process optimization, reducing mean time to containment from 3h to 45 min, accelerating IOC discovery by 70 %, cutting web-application vulnerabilities by 55 %, and lowering false-positive rates to under 5 %—all while serving as the primary escalation point for incident response and guiding worldwide vendor ROI.
Information Security Analyst
Federal Home Loan Bank of Atlanta
01.2016 - 01.2018
- Led enterprise-wide threat hunting, incident response, and security tool engineering for a multi-branch banking organization, driving proactive defense, automation, and business continuity.
- Directed a cross-functional threat-intelligence team, producing daily IOC feeds (IPs, URLs, hashes, domains), trend analysis, and actionable recommendations for the bank’s security operations center and partner banks.
- Engineered advanced log enrichment and correlation in McAfee SIEM (custom Syslog parsers, RSA Security Analytics meta-groups, watchlists), reducing false positives by 30% and delivering real-time alerts for ransomware, exfiltration, TOR traffic, and malicious email delivery.
- Orchestrated the full incident-response lifecycle: malware reverse engineering (Remnux, Volatility, Rekall), IOC extraction, rapid mitigation of global threats (WannaCry, NotPetya), and integration of detection rules across McAfee IDS/IPS, SIEM, RSA Analytics, Carbon Black, and web-proxy layers.
- Designed and implemented a dual-4 G LTE (Plumcase) disaster-recovery architecture that guarantees uninterrupted bank operations, and maintained vulnerability management via Qualys and NVD feeds.
- Developed Python automation scripts (SIEM-RSA API session lookups, alert-testing) and guided MSSP services (Rackspace/AlertLogic, ServiceNow) to whitelist IPs, tune detection, and lower false-positive rates by more than 50%.
- This role combined deep technical expertise, proactive threat hunting, and strategic leadership to safeguard the organization’s assets and maintain regulatory compliance.
Network & Storage Engineer
Cobb EMC
02.2012 - 06.2016
- Led end-to-end security engineering, incident response, and SCADA protection for a mid-size utility, delivering resilient network infrastructure, advanced threat analysis, and comprehensive user training.
- Designed and maintained a secure off-site network for the Board of Directors’ annual election—wireless access, 4G hotspots, Linux server, switches, and cabling—serving 3,000+ customers for three consecutive years.
- Engineered firewall, VPN, and authentication layers using Checkpoint Gaia 77.10, Juniper SSG, RSA SecurID, and Aruba/Extreme wireless technologies; authored policy/rule sets, VLAN micro-segmentation, and load-balancer routing schemes.
- Conducted deep-dive malware reverse engineering (static/ dynamic analysis, memory forensics with Volatility/Rekall, Remnux), producing IOCs, blocking IPs/domains on the Checkpoint firewall, and delivering actionable incident-response reports.
- Delivered SIEM insights via LogRhythm, Forescout, and Checkpoint analytics; deployed Extreme Netsight for SNMP monitoring, automated configuration backups, and real-time alerting.
- Led wireless penetration testing, remediation, and developed technical manuals and best-practice guides for junior staff; served on the company’s security education & awareness committee.
- Oversaw fiber-optic and switch infrastructure (Brocade 5300, Extreme Layer-3) including firmware upgrades, VLAN tagging, and SAN integration; drafted the organization’s confidential information policy adopted across the enterprise.
- This role blended SCADA-centric security engineering, end-to-end incident response, and resilient network design—protecting 3,000+ customers for three consecutive years, reverse-engineering malware to generate actionable IOCs, delivering SIEM insights, and mentoring staff—while establishing enterprise-wide policies and ensuring world-class utility protection.
Computer Operations Administrator
Cobb EMC
06.2010 - 02.2012
- Managed end-to-end IT operations for a mid-size organization (200+ endpoints), delivering robust, secure, and cost-effective technology solutions.
- Oversaw software licensing and hardware inventory, ensuring compliance and optimal utilization across desktops, laptops, tablets, printers, and mobile devices.
- Implemented and administered Clonezilla/DRBL imaging for Windows PCs, dramatically reducing deployment time and configuration drift.
- Developed automated deployment scripts (VBScript & batch) to provision software on remote machines without user interaction, improving efficiency by 40 %.
- Administered the Linux imaging server, Microsoft System Center Configuration Manager 2012, and Apple macOS environments, supporting Windows, macOS, and mobile (iOS, Android) platforms.
- Provided Tier I/II technical support for MS Office, LAN, Lotus Notes, and VPN access; diagnosed and resolved application, driver, and network issues for internal and off-site users.
- Conducted hardware/software troubleshooting, upgrades, and routine maintenance; restored accidentally deleted data using professional recovery tools.
- Created comprehensive knowledge-base articles, installation guides, and training manuals; facilitated technical training sessions for users and management.
- Remediated all malware incidents on PCs and Macs; tuned IDS/snort alerts to reduce false positives and secure the network.
- Managed Active Directory user groups, GPO troubleshooting, and mobile fleet (GPS/laptop) support for field crews.
- Maintained a ticketing system for incident tracking, ensuring SLA compliance and superior customer service.
- This role combined deep technical expertise with proactive process improvement, delivering reliable IT support and continuous enhancement of the organization’s technology ecosystem.
Education
B.S. - Network Operations and Security
Western Governors University
01.2020
A.S. - Network Systems Administration
DeVry University
01.2007
Skills
- Operating Systems & Platforms: Windows (95 – current, Server 2008 – 2022), Linux (OpenSUSE, CentOS 6-7 / 8-10, Ubuntu Server 16-2404, Debian, Fedora, Rocky Linux 7-10), UNIX-style shells (Bash, C Shell, Perl, Python 2/3), macOS X 106 (including current), DOS/command-line utilities
- AI / ML / Web-Scraping (Emerging): Complete build (hardware, Nvidia GPUs [T4, P8, A2, RTX 40XX,], Open-WebUI, Ollama, Inference, Gradient Descent, Retrieval-Augmented Generation, model deployment, web-scraping tools, AnyLLM, ChatRTX, API integrations, security/penetration testing)
- Quantum Computing knowledge: Superposition, QBITs
- Frameworks & Compliance: PCI DSS, NIST (800 series), FIPS, HIPAA, SOX, MITRE ATT&CK, Cyber Kill Chain, Diamond Model, SOC 2 Type 1
- Virtualization / Cloud / Hypervisors: VMware ESXi 6x - current, Workstation 7-current, Vmware Fusion (Mac OS), Parallels (Mac OS), VirtualBox, Proxmox, Hyper-V, Citrix, Hyper-V, Azure / AWS (general)
- Network & Infrastructure: Routing & Switching (Cisco 9300/2900/2900, Extreme X150/250/440/450/460, Aruba, Juniper SSG, Brocade Vyatta), Wireshark, TCPdump
- Firewalls & UTM: Checkpoint, Palo Alto (Panorama, Wildfire), McAfee, Untangle, Fortinet (FortiManager, FortiAnalyzer, FortiGate), Cisco (ASA, Firepower), OPNsense
- Load-balancers & Proxies: F5, FatPipe, Arkime/Moloch, Websense cloud/on-prem, RSA Security Analytics
- VPN & Remote-Access: OpenVPN, NoMachine, TeamViewer, LogMeIn, Radmin, VNC, Remote Desktop, RSA SecurID, SSH
- SIEM / Log Management: Splunk (Enterprise Security, Core), LogRhythm, AlienVault, McAfee Nitro, Graylog
- Vulnerability Scanners: OpenVAS, Rapid 7 Nexpose, Qualys, Nessus/Tenable Security Center
- Penetration / Red-team: Kali Linux, BlackArch, Metasploit, Veil Framework, Shellter, SEToolkit, Nmap, Wireshark, Aircrack-ng, Pyrit, Tcpdump, Cowpatty, John the Ripper, Hydra, Medusa, BurpSuite Enterprise/Professional, ZAP Proxy
- Malware / EDR / Endpoint Protection: Cylance Protect/Optics, Symantec, Trend Micro, Kaspersky, Kaspersky, Panda, Webroot, Bitdefender, Sophos, Malwarebytes, HitmanPro, Heimdall, ThreatFire, Superantispyware, ClamAV, Spyware Doctor
- Malware Reverse Engineering/Analysis & Forensics: Balbuzard, Radare2, PDFid, PE-Bear, Officeparser, Remnux, FlareVM, exeinfope, Rekall, Volatility, Belkasoft, DumpIT, Arkime (Moloch)
- Threat Intelligence Platforms: Anomali Staxx, MISP, Recorded Future, ThreatConnect, VirusTotal
- Web & Application Security: WordPress hardening, web-server headers, BurpSuite Enterprise, ZAP Proxy, Nginx/Apache reverse-proxy, LAMP stack
- Container & Orchestration Security (CI/CD): Docker, Kubernetes, CIS Benchmarks, Aqua Security, Jenkins, SonarQube
- Identity & Access Management: Active Directory (implementation, troubleshooting, Group Policy), RSA SecurID 2FA administration & troubleshooting
- System Administration & Imaging: SCCM 2012, Altiris, Ghost, Acronis, Clonezilla/DRBL, SCCM imaging, Altiris, OS Ticket, ServiceNow, RSA Archer, Jira
- Data-Recovery & File-Forensics: Easus Recovery Wizard, Recuva, SpinRite
- Design & Multimedia: Adobe Acrobat, Photoshop CS3-CS6, GIMP, Captivate, Fruity Loops
- Vulnerability assessment
- Risk management expertise
- Business continuity planning
- Regulatory compliance
- Penetration testing
- Application security
- Incident response
- Forensic analysis
- Network security
- Patch management
- Compliance management
- Information governance
- Cloud security
- Firewall configuration
- Disaster recovery planning
- Adaptability and flexibility
- Intrusion detection
- Virus monitoring
- Resource allocation
- Excellent communication
- Time management
- Task prioritization
- Procedure documentation
Certification
- Network+, CompTIA
- Server+, CompTIA
- ACSP (Apple Certified Support Professional)
- HP-ATA Networks (HP Accredited Technical Associate Networks)
- Project+, CompTIA
- A+, CompTIA
- Linux +, CompTIA
- LPIC-1, Linux Professional Institute
- SUSE Administrator 11, Novell
- CCNA Routing & Switching, Cisco
- CISSP, ISC2
- CEH|, EC-Council
- Security+, CompTIA
- Cloud Essentials, CompTIA
AWARDS
Customer Appreciation Award, Ortho Clinical Diagnostics (2020)
VOLUNTEER WORK/COMMUNITY SERVICE
Riverside Primary, Career Day, Cybersecurity, 2018-04, Designed an engaging, kid-friendly interactive presentation on Cybersecurity careers, featuring animated visuals and practical password-security tips.
PUBLICATIONS
- Pentest Magazine – 05/2019 Authored the article “The Red of Blue,” detailing how blue-team activities can leverage red-team techniques—such as Shodan-based asset discovery and adversarial threat-hunting/OSINT methods—to uncover hidden vulnerabilities and guide effective remediation.
- Pentest Magazine – 12/2025 Authored the article “Cracking WPA2 via Pixie-Dust Attack,” outlining how a known WPS PIN flaw can be exploited to recover a WPA2-PSK rapidly, and presenting practical mitigation for environments where patching is unavailable.
CORE COMPETENCIES
- Strategic security program architecture & federal compliance (FISMA, NIST 800-53, FedRAMP)
- DevSecOps pipeline design – SAST/DAST, dependency scanning, CI/CD gatekeeping (-55 % turnaround)
- AI/LLM risk management, RAG integration & container hardening
- Threat intelligence automation (Python/PowerShell) + SOC correlation dashboards (+35 % analyst efficiency)
- Cloud security governance – FedRAMP-level O365, AWS/Azure hardenings, Kubernetes CIS benchmarks
- Incident-response lifecycle & forensics (malware reverse engineering, IOC extraction)
- Vulnerability management & patch automation (Custom Python/Ansible workflows)
- Executive stakeholder communication & cross-functional governance (risk advisory to Federal CIO)
Languages
Spanish
Native or Bilingual
Japanese
Limited Working
English
Full Professional
Timeline
Acting Chief Information Security Officer (CISO) / Security Team Manager / Senior Systems/Network Engineer / Cybersecurity Engineer
TCG, Inc.
05.2021 - Current
Director SOC/ Technical Lead Analyst/Threat-Intelligence Lead
The WatchTower/Government Contracting
05.2019 - 01.2021
Senior Security Analyst
Genuine Parts Company
01.2018 - 04.2019
Information Security Analyst
Federal Home Loan Bank of Atlanta
01.2016 - 01.2018
Network & Storage Engineer
Cobb EMC
02.2012 - 06.2016
Computer Operations Administrator
Cobb EMC
06.2010 - 02.2012
IT Consultant
Self-Employed Rquadrant LLC
01.2007 - Current
A.S. - Network Systems Administration
DeVry University
B.S. - Network Operations and Security
Western Governors University