pentaROOT Information Security

Founder/Consultant, 2018 – Present

  • Founder, operator, and information security consultant
  • Provides services in vulnerability management, automation, security architecture, and penetration testing
  • Current clients include multiple Fortune 500 companies in technology, manufacturing, and healthcare
  • Recent work includes being tasked to lead teams of more than 10 employees, build vulnerability management programs from scratch, and implement governance and compliance programs
  • Additional services offered as needed such as a technical contact for post-testing remediation and training for internal employees


Banner Health

Information Security Consultant – Vulnerability Management/Penetration Tester, 2016 – 2018

  • Created and maintained all policies, procedures, and runbooks surrounding vulnerability management, asset identification, vulnerability remediation, vulnerability assessments, and penetration testing adhering to government regulations and HIPAA compliance
  • Conducted routine testing on more than 140 externally facing devices; ad-hoc testing internally and for 3rd party applications
  • Lead and coordinated with all 3rd party penetration testing efforts including contracting, scoping, rules of engagement, testing, and reporting
  • Lead nine teams in remediation projects following vulnerability identification from vulnerability management program, internal penetration testing, and 3rd party penetration testing
  • Created executive and technical reports on penetration testing, vulnerability findings, and recommendations presented to executive management throughout multiple stages of the lifecycle


SurgCenter at Pima Crossing

Network Administrator, 2014 – 2016


Valley Pain Consultants

IT Support Specialist, 2014 – 2015


Albion Psychological Associates

System Administrator, 2013 – 2014


Pinnacle Security

Tech Support Supervisor, 2009 – 2013


APX Security

Lead Technician, 2005 – 2007



  • Programming: Bash, C, C++, Java, Javascript, .NET, Perl, PHP, PowerShell, Python, Ruby, Visual Basic
  • Software: Archer, Burp Suite, Core Impact, FireEye, GitHub, McAfee, Metasploit, NetBrain, Rapid7 Nexpose/InsightVM, Tenable Nessus, Qualys, RedSeal, SafeNet, ServiceNow, Splunk, Wireshark, ZAP
  • Systems: Unix, Linux, Windows, Macintosh OS




Indiana University – Currently Enrolled

Master of Business Administration – MBA, Concentration in Business Analytics

University of West Georgia

Master of Science, Applied Computer Science

University of Utah

Bachelor of Science, Psychology



Offensive Security Certified Professional – OSCP

Offensive Security

GIAC Penetration Tester – GPEN

Global Information Assurance Certification



Nexpose Certified Administrator, InsightVM Certified Administrator, Advanced Vulnerability Management Certified Administrator


Internet Security, HIPAA Security



Joshua Lemon Resume – Word

Joshua Lemon Resume – PDF