Joshua Cornutt

I am a cloud architect, software engineer, and security practitioner with 20 years building infrastructure that has to work. I have been a startup CTO, a Red Hat consultant, a founder twice over, and a hands-on engineer who still writes the automation. Today I run two companies and partner with a small number of founders to take their products production-grade.

The short version

I build and operate compliant, high-performance cloud at federal scale, and I help founders do the same. I have raised money as a founder and I have run technical due diligence for an $80M raise as a CTO, so I understand both sides of the table the founders I work with are sitting at.

From a repair bench to the boardroom

My first company came before any of the cloud work. At 20 I raised angel funding to build DiNS, a drop-in network operating system that filtered peer-to-peer traffic at line rate. In 2010 I started a computer-repair and small-business technology company in Vermont, and I sold it to a larger Vermont firm two years later. That is where I learned that shipping something real, to paying customers, is a different discipline than building something clever.

From there I went deep on infrastructure. I was Director of Software Development at WWPass, then a senior cloud automation engineer at Zefflin Systems, where I worked enterprise cloud and network functions virtualization for clients including TD Bank, Morgan Stanley, and AT&T. I then joined Red Hat as a senior cloud consultant, running cloud automation and security for an all-Red Hat federal cloud service provider supporting a federal aerospace agency.

CTO of ORock Technologies

From 2021 to 2025 I was CTO of ORock Technologies, where I led a 30-person technology organization. We delivered FedRAMP Moderate and FedRAMP High cloud platforms, which by Department of Defense reciprocity also cover Impact Levels 2 and 4, built on OpenStack and Ceph. That meant 100GbE spine-leaf fabrics, NVIDIA and Mellanox smart NICs, SafeNet Luna hardware security modules at FIPS 140-2 Level 3, and a 99.99% uptime SLA held against strict federal compliance obligations. We passed four FedRAMP audits, working directly with our PMO and our third-party assessment organization.

The FedRAMP High and IL4 environment I built went on to host the US Army’s DRUID program, the cloud DevSecOps pipeline that delivers defensive cyber tools to soldiers. I also led the technical due-diligence process behind the company’s $80M raise and owned our technology and go-to-market partnerships.

What I care about

I care about craft, which to me means systems that are secure, observable, and survive real customers, not demos. I care about being straight with the people I work with, including telling a founder when an architectural decision is wrong. And I care about betting on the right people, which is why I now spend part of my time building for founders I believe will close their next round.

Certifications

Red Hat Certified Specialist in Containers for Kubernetes. Red Hat Certified System Administrator. Certified OpenStack Administrator. SUSE Certified Administrator in OpenStack Cloud. AWS Certified Solutions Architect. AWS Certified Developer. CompTIA Security+.