Josh Rendek

I've spent 15+ years building platform, SRE, and security organizations at startups and large enterprises. At SecureWorks I went from senior principal engineer to senior director in five years, grew platform engineering from 4 to more than 50 engineers, and led a multi-year effort that cut cloud spend by over $25M. The way I lead is simple: give people clear growth paths, honest feedback, and real ownership of their work, then get out of their way. Outside of work I'm usually woodworking, cooking, gardening, or gaming.

Grew platform engineering from 4 to more than 50 engineers across 6 managers, and built the hiring system behind it: structured interviews, post-interview surveys, and NPS tracking. Wrote the IC and manager career ladders and promotion guides teams still use to level up.

Led a multi-year initiative that cut cloud spend by over $25M.

Led platform and engineering work through the Sophos acquisition: platform consolidation, org integration, and tech stack rationalization, while keeping attrition under 3% through the transition.

Started and led an anonymous, org-wide developer happiness program, running since 2018, that tracks team mood, workload, and blockers, so leadership has a continuous read on team health.

Stood up 6 new product regions and coordinated the rollouts across the business.

Owned roadmap and delivery across business units with competing priorities.

Led the defensive security engineering and secure-by-default code frameworks behind the platform.

Led offensive security testing across Taegis and internal systems: purple-team exercises, internal penetration testing, and coordination of external pen-test engagements.

Ran C-level security and compliance reviews covering audit visibility, GDPR readiness, and infrastructure hardening.

Created the security training and guidance that reached 19+ teams and 100+ people across business units: presentations, secure-coding sessions, architecture and security reviews, playbooks and standards, and office hours.

Led security convergence across the XDR and MDR platforms, defined the multi-tenant architecture for the XDR/VDR offerings, and led partner engagements with MSSPs. Shipped the customer-facing pieces that came with it: custom RBAC, alert suppression workflows, and centralized partner access.

Led the migration from REST to GraphQL with gqlgen and nautilus, which later grew into a full GraphQL platform on Apollo, and launched the company's first product SDK for customers and partners.

Led the teams that built our platform tooling: release and deployment tracking across 50+ microservices that grew into a full observability platform on Datadog and APM, Kubernetes operators for service integrations, and a CLI developer toolkit. Set up the post-mortem process around PagerDuty and MTTR that gave us real operational visibility and reduced bus-factor risk.

Created the engineering onboarding program that cut ramp time roughly in half and a company-wide mentoring and internship pipeline. Ran internal tech talks and training on Kubernetes, deployments, and team practices.

Founder of SysWard, a Linux patch-management SaaS I've run end to end for over a decade: product, engineering, infrastructure, support, and billing, solo. It cross-references installed packages against live CVE feeds and ranks patching by real exploitability rather than raw CVSS score, for fleets from a single server to a thousand across every major Linux distribution.

Built a container scanning pipeline that ran static analysis on the container OS and its packages, plus the application's Go dependencies, to catch insecure packages before they shipped.

Built a WAF in Go with microsecond response times to protect customer applications against directory traversal, SQL injection, XSS, and bad HTTP verbs, with CSP, Content-Type, and X-Frame enforcement. It shipped as a sidecar or Helm dependency so customers could drop it into existing apps, and I built a test suite that replayed real ELB logs to make sure it never broke production traffic.

Built Kubernetes controllers and operators for customer deployments: secret storage, automatic OAuth client generation, and integration with legacy apps. Added per-tenant encryption to the shared secret system so customer data stayed encrypted at rest and in transit.

Built a release management system that let developers deploy continuously and promote builds from dev to staging to prod, wired into Helm, Kubernetes, and CI/CD. Led a cross-team effort for several months to get customers from initial standup to a working install on their own Kubernetes clusters.

Moved the fleet to Ansible for configuration management and taught other teams to use it. Built a hybrid dedicated/AWS setup for the scanning infrastructure, including hardware procurement in Europe and China, with a heavy focus on performance in Go and tools like nmap.

Built and scaled monitoring for Elasticsearch clusters holding over 50 billion documents, and ran upgrades across point and major releases at that scale. Consolidated scattered HTTP services and Redis instances onto RabbitMQ for reliability, and converted a large MySQL database to Postgres with a zero-downtime cutover.

Built a Shodan-like tool from scratch to scan the entire internet, using masscan, nmap, Go, RabbitMQ, and Elasticsearch.

Stood up the monitoring stack (Grafana, StatsD, InfluxDB, Zabbix, and the ELK stack) and the build pipeline on Jenkins, Docker, and Ansible, with security and vulnerability checks running on every build. Pushed tests into both the Rails and Go projects, gave internal talks on security and infrastructure automation, and wrote tools to audit AWS security groups and GitHub permissions automatically.

Go (2014-Present) · Ruby / Rails (2008-Present) · Angular & TypeScript (2018-Present)

PostgreSQL · Elasticsearch · MySQL · Redis / Memcached · Kafka · NATS · RabbitMQ

Kubernetes (bare metal, EKS, Rancher, DigitalOcean) · AWS · Docker · KVM / ESXi

Florida State University, Computer Science coursework (2008-2013)