Josh Hedges
Cyber Threat Intelligence
Woodbine,MD
Summary
An accomplished leader with a proven track record of building high-performing organizations tasked with executing the intelligence community's most critical missions, ranging from counterterrorism to cybersecurity. With over 15 years of experience collaborating with domestic and international partners in high-pressure, technically complex environments, excel at distilling complex challenges into actionable solutions. Adept at aligning organizational efforts with strategic goals, while also prioritizing developing future leaders through effective delegation, mentorship, and fostering a culture of growth and accountability.
Overview
25
25
years of professional experience
3
3
Certifications
Work History
Head of Cyber Threat Intelligence for North America
JP Morgan Chase
04.2024 - Current
- Led JPMC’s Cyber Threat Intelligence (CTI) mission in North America, overseeing the production of high-impact intelligence products and support tailored to the needs of a diverse stakeholder group including executives, security teams, and business units for the world’s largest financial institution
- Managed a team of 8 analysts in North America while providing strategic guidance to the global CTI mission, fostering collaboration across regions and teams
- Delivered exceptional results, producing novel insights into China-nexus botnets, identifying fake North Korean IT workers seeking employment in the FinTech sector, and proactively identifying hundreds of threat actor command and control nodes
- Developed and implemented a 'Focus Area' leadership model, empowering senior analysts to drive targeted intelligence production across three different timezones and growing JPMC’s leadership cadre
- Introduced a new priorities framework to streamline CTI operations, ensuring global CTI efforts were concentrated on issues with the highest potential impact to the firm
- Delivered regular, high-level briefings on emerging cyber threats to JPMC’s C-suite executives, internal stakeholders, and external partners
- Represented JPMC as a thought leader in the cybersecurity field, speaking at high-profile industry conferences, including Recorded Future’s Predict Conference
Cyber Threat Intelligence Analyst, Vice President
JP Morgan Chase
08.2022 - 04.2024
- Functioned as a senior CTI analyst focusing on China and North Korea-nexus actors
- Authoring in-depth reports on strategic cyber threats as well as daily updates and new threat activity
- Tracked priority threat actors by creating 'signatures' for threat actor behaviors and infrastructure, identifying new malicious infrastructure as it was created
- Regularly relied upon to author quick-turnaround executive communications detailing emerging threats or cyber incidents and the firm’s response, as well as brief findings or more in-depth presentations on the cyber threat landscape
- Hosted multiple training sessions to share analytic tradecraft and best-practices within the broader JPMC Cybersecurity Operations organization
- Proficient with a range of CTI tools and intelligence vendors, to include ThreatConnect, VirusTotal, DomainTools, Recon, Censys, Shodan, ReSecurity, Mandiant, Recorded Future, Crowdstrike, BAE, and others
Chief of Operations, Office of Iran Cyber Threats (ICT), Cybersecurity Directorate
National Security Agency
10.2020 - 08.2022
- Drive operational requirements that best position ICT to identify malicious Iranian cyber activity impacting U.S
- National security interests
- Develop and coordinate ICT’s cybersecurity operations throughout the Cybersecurity Directorate (CSD), NSA, the intelligence community (IC), and foreign partners
- Lead large workforce of multi-disciplined technical and strategic analysts to identify, evaluate, and mitigate Iranian cyber threats
- Dave strategic and tactical reporting as well as the development and dissemination of mitigation tactics
- Ensure CSD, NSA, and NSC leaders are well-informed of cyber threats from Iranian actors, translating complex technical concepts into accurate an east to understand language to best enable policymakers to make pivotal national security decisions
- Spur analytic and tradecraft innovation within ICT and the raider directorate; constituently advocate for organizational learning that further NSA’s cybersecurity analysis and mitigation mission
Chief, Cryptographic Tradecraft Section, office of Enterprise Discovery Operations
National Security Agency
05.2019 - 10.2020
- Led workforce of highly skilled data scientists, computer scientists, and developers working some of NSA’s most complex and cutting edge cryptographic obstacles
- Defined the section’s focus on the creation of analytics and tradecraft directly benefiting NSA priorities in cybersecurity, addressing enduring gaps in understanding between NSA tradecraft and tool developers, and SIGINT analysts working priority missions
- Recruited, developed, and trained highly qualified workforce to drive innovation
Deputy Chief, Russia Senior Leadership Section
National Security Agency
11.2017 - 05.2019
- Directed three branches against one of the IC’s hardest targets, achieving results meriting a National Intelligence Meritorious Unit Citation from the Office of the Director of National Intelligence
- Adeptly coordinated SIGINT development, production, and partner collaboration in an exceptionally sensitive environment, navigating numerous data equity and reporting sensitivities to ensure optimal partner collaboration and utilization of intelligence while protecting fragile SIGINT equities
- Created and chaired a directorate-level leadership development working group empowering Directorate of Operations leaders at all levels to identify gaps in training and leader development and pursue solutions with the support of the directorate
Team Lead/Subject Matter Expert, Office of Counterterrorism, Directorate of Operations
National Security Agency
01.2010 - 11.2017
- Led multi-disciplinary teams and served as the NSA subject matter expert for both an al-Qaida (January 2010-August 2013) ISIS External Operations (August 2013 - November 2017) missions
- Created analytic projects uncovering and disrupting terrorist attacks against the U.S
- By assessing the operational focus of the adversary, the SIGINT collection environment, and available U.S
- And partner resources
- Authored executive-level products for the NSA director, IC principles, and NSC executives on a regular basis
- Envisioned and implemented unprecedented data sharing partnership with foreign partner to four increased collaboration and access to a terrorist group; led to critical and unique insight into terrorist operations an the disruption of multiple attacks
- Recognized as tradecraft expert within the Office of Counterterrorism, developing cutting-edge SIGINT tradecraft in support of tactical customers, endpoint exploitation, and target development
Sergeant
US ARMY Reserve
05.2000 - 05.2008
- Operation Iraqi Freedom - 2003
Education
Masters of Arts - International Relations
Maxwell School of International Relations, Syracuse University
Bachelors of Arts - Political Science
State University of New York at Geneseo
Executive Certificate - Counter-Terrorism Studies
Institute for Counter-Terrorism, Interdisciplinary Center, Herzliya, Israel
Certificate - Security Studies
Institute for National Security and Counterterrorism, Syracuse University
Publications
“Evaluating a Terrorist Organization’s Potential for WMD Terrorism,” The Fund for Peace, (February 2008)
“Eliminating the Learning Curve: A Pragmatic Look at Jihadist Use of the Internet,” Journal of Applied Security Research Vol. 3 No. 1 (2007)
“Tenuous Balance: Saudi Arabia and Wahhabi Islam,” Political Realm (Spring 2006)
Certification
Top Secret/Sensitive Compartmented Information security clearance
Accomplishments
Professional: Five-time recipient of the National Meritorious Unit Citation • Army Commendation Medal • Army Achievement Medal • Armed Forces Reserve Medal • National Defense Service Ribbon • Army Service Ribbon
Academic: Phi Beta Kappa Honor Society • Pi Sigma Alpha Honor Society • Golden Key International Honor Society • Outstanding Graduate in Political Science • President’s List • Dean’s List
Timeline
Head of Cyber Threat Intelligence for North America
JP Morgan Chase
04.2024 - Current
Cyber Threat Intelligence Analyst, Vice President
JP Morgan Chase
08.2022 - 04.2024
Chief of Operations, Office of Iran Cyber Threats (ICT), Cybersecurity Directorate
National Security Agency
10.2020 - 08.2022
Chief, Cryptographic Tradecraft Section, office of Enterprise Discovery Operations
National Security Agency
05.2019 - 10.2020
Deputy Chief, Russia Senior Leadership Section
National Security Agency
11.2017 - 05.2019
Team Lead/Subject Matter Expert, Office of Counterterrorism, Directorate of Operations
National Security Agency
01.2010 - 11.2017
Sergeant
US ARMY Reserve
05.2000 - 05.2008
Executive Certificate - Counter-Terrorism Studies
Institute for Counter-Terrorism, Interdisciplinary Center, Herzliya, Israel
Certificate - Security Studies
Institute for National Security and Counterterrorism, Syracuse University
Masters of Arts - International Relations
Maxwell School of International Relations, Syracuse University
Bachelors of Arts - Political Science
State University of New York at Geneseo