JOSH CEDENO

Profile Philosophy Strategy The Lab

Cybersecurity Executive
& Strategic Advisor

Building resilient T-shaped teams and protecting business integrity with the steady hand of experience.

The "Steady Hand" Framework

I’ve spent the last two decades at the intersection of complex technology and high-stakes business strategy. As a cybersecurity leader, my job isn’t just to manage risk—it’s to ensure that security serves as a foundation for growth, not a bottleneck for innovation.

Holding CISSP and CISM certifications, I believe that the most important tools in a CISO’s arsenal aren't just technical—they are clarity, composure, and a deep understanding of organizational goals. Risk is inherent to business, but data integrity is non-negotiable. If your data cannot be trusted, your business cannot function.

When I’m not defending the perimeter, I’m likely coaching a youth baseball game, exploring the nuances of 90s Hip Hop and R&B, or working on initiatives to bridge the communication gap between technical experts and business stakeholders.

Leadership Manifesto

Principles for organizational excellence and resilient team building.

The Dugout Mentality

Inspired by 90s championship dynamics, I build "T-Shaped" teams. Deep specialists who share a foundational crossbar of knowledge, ensuring we never leave a gap uncovered in a crisis.

The Partner of "How"

Security should not be the "Department of No." I view friction as a managed speed bump. We focus on controllables and find the "blessing in disguise" to improve processes safely.

Safety-First Innovator

Shadow IT is inevitable. Rather than fight the future, I set high-integrity guardrails. I champion "innovation in isolation," allowing talent to safely stress-test tools like AI before enterprise deployment.

Personalized Mentorship

Succession planning is vital. I set an uncompromising standard of excellence but personalize the path to help each team member reach it. I lead to leave a department better than I found it.

The Steady Hand of Trust

Political capital is built through service. From directly assisting stakeholders to translating technical risk into business narratives, I build the trust required to secure boardroom backing before a crisis hits.

The Briefcase

Measurable ROI, Risk Mitigation, and Strategic Execution.

Zero-Trust Architecture Migration

Transitioned from aging hyperconverged IaaS to a cloud-native, identity-centric Zero-Trust model. Deployed via MDM with zero downtime for a nationwide workforce over two weeks.

80% Attack Surface Reduction

20% OpEx Reduction

Read Full Brief →

CMMC Enclave Development

Led the strategic shift to M365 GCC High, creating an isolated regulated data enclave. Controlled audit scope, avoided costly physical infrastructure flow-downs, and overhauled SSP and POA&M.

VALIDATED SPRS Score & Bidding

SECURED Revenue Readiness

Read Full Brief →

The Innovation Hub

To lead in cybersecurity is to be a perpetual student. I maintain a private, production-grade R&D environment—anchored by a Dell PowerEdge R440—where I stress-test emerging technologies. Currently, my focus is on the intersection of AI and Automation, exploring how local LLMs and automated defensive frameworks can be leveraged to reduce the 'Mean Time to Detect' (MTTD) in enterprise environments.

Transitioning to an Identity-Centric Cloud Architecture

The Challenge: Legacy Friction & Technical Debt

The organization was facing a critical inflection point. Our aging hyperconverged IaaS infrastructure, housed in a high-cost colocation environment, was reaching end-of-life (EOL). This created a dual-threat: rising operational costs and mounting security vulnerabilities. As the business shifted toward a remote-first culture and modern PaaS application development, our "castle-and-moat" security model—anchored by a central firewall and traditional VPN—became a bottleneck. The legacy setup was no longer capable of supporting the speed of the business, and initial tests of standard cloud VPNs proved unreliable, threatening to drive users toward "Shadow IT" solutions.

The Strategy: Orchestrating a Zero-Trust Migration

Recognizing that the perimeter had effectively disappeared, I led a strategic pivot to a Zero-Trust Architecture. The goal was to move security from the network edge directly to the user identity and the device.

Execution Excellence: We bypassed the unreliability of traditional cloud VPNs by implementing an "always-on" Zero-Trust connectivity model.
Rapid Deployment: Utilizing MDM solutions (Intune and Kandji), my team executed the software and connection profile rollout in just two weeks with zero downtime for the nationwide workforce.
The Human Factor: While the end-user experience was vastly improved, I focused heavily on the internal admin staff. By leveraging long-term trust and providing comprehensive documentation, we turned skeptical stakeholders into advocates.

The Impact: Measurable ROI & Risk Mitigation

The migration successfully decoupled our security posture from physical hardware, delivering immediate and long-term value to the organization:

Financial ROI: Realized an immediate 20% reduction in OpEx by decommissioning the physical colocation footprint and legacy hardware.
Attack Surface Reduction: Eliminated the need for traditional VPNs, resulting in an 80% reduction in our external attack surface.
Enhanced Governance: Achieved 100% visibility into asset access with mandatory host-posture checks ensuring compliance prior to resource connection.
Productivity Gains: Delivered a seamless connection for remote employees, significantly reducing help-desk tickets related to connectivity.

Compliance as a Competitive Advantage (CMMC Enclave)

The Challenge: Transitioning from "Best Practice" to "Audit-Ready"

As a long-standing government contractor, our organization operated under a "best-practice" security model aligned with NIST CSF. However, the introduction of the Golden Dome Initiative and the formalization of CMMC (Cybersecurity Maturity Model Certification) shifted the requirement from "planned alignment" to "demonstrated compliance." Our existing corporate network was highly interconnected. Attempting a full-company CMMC audit would have led to massive "scope creep," forcing a costly and high-friction overhaul of tools and resources. Furthermore, maintaining our legacy on-prem datacenter introduced expensive third-party flow-down requirements.

The Strategy: The "Enclave" Pivot & Cloud Sovereignty

I led the strategic decision to architect a CMMC Enclave, specifically designed to isolate regulated data and drastically reduce the organization’s audit footprint.

Strategic Isolation: By carving out a dedicated environment, we limited the scope of the upcoming CMMC Level 2/3 audit to a fraction of the company's total infrastructure, saving significant capital.
The GCC High Move: I transitioned our CMMC operations to Microsoft 365 GCC High. This move minimized our side of the "Cloud Shared Responsibility Model," offloading infrastructure security requirements to the provider.
Governance Over Gadgets: I recognized that compliance is 70% Policy and Procedure and 30% Technology. While we leveraged advanced tech like Azure Virtual Desktop (AVD), MFA, and DLP, the real heavy lifting was the overhaul of our System Security Plan (SSP) and Information Management and Control Plan.

The Impact: Unlocking Revenue & Market Readiness

This initiative didn't just "tighten security"; it directly enabled the business to continue competing for high-value government contracts:

Revenue Protection: The development of our SSP, POA&M, and improved SPRS score validated our eligibility to bid for mission-critical work that would have otherwise been out of reach.
Operational Familiarity: To avoid a "productivity nightmare," we mirrored the corporate structure within the AVD environment. While users maintain separate identities, the workflow remains familiar, ensuring security does not hinder speed.
Future-Proofing: By moving away from physical datacenters into a sovereign cloud enclave, we eliminated physical flow-down requirements, creating a scalable model that grows with contract volume.

Cybersecurity Executive & Strategic Advisor