February 2026 - Security Tools & Platforms Learning Roadmap

1. Executive Summary

This roadmap documents security tools and platforms requiring hands-on learning, implementation, or deeper integration into CHLA InfoSec operations starting February 2026. All items are currently marked as NOT STARTED and represent skill development and platform maturation goals for Q1/Q2 2026.

IMPORTANT: This is a Monday, February 3, 2026 planning document. All listed tools/platforms require dedicated learning time and operational integration. This roadmap ensures systematic skill development and prevents ad-hoc tool adoption.

1.1. Document Purpose

Track professional development and platform maturation across three categories:

  1. Threat Intelligence & Analysis Platforms - VirusTotal, Talos, URLScan.io, AbuseIPDB

  2. Extended Detection & Response (XDR) - Unified security operations

  3. Security Information & Event Management (SIEM) - IBM QRadar (enterprise platform)

1.2. Current State (February 2026)

Category Current Status Target State

Threat Intelligence

Ad-hoc manual lookups, no API integration

Automated threat feed integration, daily operational use

XDR Platform

Microsoft Defender for Endpoint only (siloed)

Full Microsoft Defender XDR or alternative platform evaluation

SIEM (QRadar)

Limited access, vendor-dependent for queries

Independent investigation capability, custom rule creation

2. Threat Intelligence & Analysis Platforms

2.1. Overview

External threat intelligence platforms provide real-time context for security investigations, incident response, and proactive threat hunting.

Business Justification: Accelerate incident response, improve threat detection accuracy, reduce false positives through reputation-based filtering.

2.2. Platform Details

2.2.1. Cisco Talos Intelligence

Attribute Details

URL

talosintelligence.com

Current Access

Public web interface only

Target Capabilities

  • Threat feed integration with ISE/Firepower

  • IP/domain reputation lookups via API

  • Malware analysis workflows

  • Vulnerability intelligence correlation

  • SIEM integration (QRadar/Sentinel)

Business Value

Real-time threat intelligence for network access control, IoT device profiling, DNS filtering (Umbrella integration)

Status

NOT STARTED

Priority

MEDIUM

Estimated Learning Time

20-30 hours (initial proficiency)

Learning Objectives:

  1. Subscribe to Talos Intelligence Blog (daily reading)

  2. Understand Talos threat categories and scoring

  3. Integrate Talos IP reputation with firewall rules

  4. Configure Umbrella DNS filtering with Talos feeds

  5. Create ISE profiling rules using Talos OUI database

Success Criteria:

  • Daily Talos blog reading habit established

  • Ability to query Talos reputation API programmatically

  • ISE profiling accuracy improved by 20% using Talos data

  • Documented integration procedures for team

2.2.2. VirusTotal

Attribute Details

URL

www.virustotal.com

Current Access

Free tier (web interface, no API key)

Target Capabilities

  • File/URL/hash analysis workflows

  • API integration for automated scanning

  • YARA rule creation and hunting

  • Community intelligence gathering

  • Private scanning capabilities (Enterprise tier evaluation)

Business Value

Incident response acceleration, malware triage, hash reputation checks, phishing URL validation

Status

NOT STARTED

Priority

HIGH

Estimated Learning Time

15-20 hours (free tier mastery), additional 10 hours (API integration)

Learning Objectives:

  1. Create VirusTotal account and obtain API key (free tier: 500 requests/day)

  2. Integrate VT API with Python scripts for automated hash lookups

  3. Develop YARA rules for CHLA-specific threat hunting

  4. Evaluate Enterprise tier for private scanning (compliance requirement)

  5. Create runbook for malware triage workflow

Success Criteria:

  • API integration functional (Python script for hash lookups)

  • Documented workflow for user-reported suspicious files

  • 3+ custom YARA rules created for CHLA threat patterns

  • Enterprise tier cost-benefit analysis completed

  • Incident response time reduced by 30% for malware triage

Free vs. Enterprise Tier:

Feature Free Tier Enterprise Tier

Daily API Requests

500/day, 4/min

10,000+/day

Private Scanning

No (results public)

Yes (HIPAA compliance)

Bulk Downloads

No

Yes

Retrohunt

No

Yes (historical search)

Cost

$0

(contact sales)

2.2.3. URLScan.io

Attribute Details

URL

urlscan.io

Current Access

None

Target Capabilities

  • URL behavior analysis (live rendering)

  • Phishing investigation workflows

  • Screenshot-based threat hunting

  • DOM analysis for obfuscated threats

  • API integration for bulk scanning

Business Value

Phishing response, suspicious link analysis, user-reported URL validation, safe browsing verification

Status

NOT STARTED

Priority

MEDIUM

Estimated Learning Time

10-15 hours

Learning Objectives:

  1. Create URLScan.io account (free tier)

  2. Understand URL analysis workflow (screenshots, DOM, network traffic)

  3. Integrate URLScan API with phishing response procedures

  4. Compare URLScan vs. VirusTotal for URL analysis

  5. Document best practices for URL submission (privacy considerations)

Success Criteria:

  • Account created, API key obtained

  • Phishing investigation runbook updated with URLScan workflow

  • 10+ phishing URLs analyzed and documented

  • API integration script created (Python)

  • Team training completed on URLScan usage

2.2.4. AbuseIPDB

Attribute Details

URL

www.abuseipdb.com

Current Access

None

Target Capabilities

  • IP reputation lookups

  • Malicious IP reporting

  • Threat feed integration

  • Geolocation correlation

  • API integration with firewall/IPS

Business Value

Network traffic analysis, firewall rule optimization, incident attribution, botnet detection

Status

NOT STARTED

Priority

HIGH

Estimated Learning Time

8-12 hours

Learning Objectives:

  1. Create AbuseIPDB account and obtain API key

  2. Integrate AbuseIPDB lookups into incident response workflow

  3. Automate IP reputation checks for firewall logs

  4. Report malicious IPs discovered during investigations

  5. Create dashboard for tracking threat actor IPs

Success Criteria:

  • API key obtained and tested

  • Python script for bulk IP reputation checks

  • QRadar integration for automatic IP reputation enrichment

  • Documented workflow for reporting malicious IPs

  • 50+ IP lookups performed in first month

3. Extended Detection & Response (XDR)

3.1. Overview

XDR platforms unify security telemetry across endpoints, network, cloud, and email to enable cross-domain threat correlation and automated response.

CRITICAL BUSINESS NEED: CHLA currently has siloed security tools (Defender for Endpoint, ISE, Firewall, Email Security). XDR provides unified visibility and reduces mean time to detect (MTTD) from days to hours.

3.2. Platform Evaluation

3.2.1. Microsoft Defender XDR (Recommended Path)

Attribute Details

Components

  • Microsoft Defender for Endpoint (currently deployed)

  • Microsoft Defender for Office 365 (email/collaboration)

  • Microsoft Defender for Identity (AD/Azure AD)

  • Microsoft Defender for Cloud Apps (SaaS security)

Current State

Defender for Endpoint only (Linux workstations starting January 2026)

Target Capabilities

  • Unified security console (Microsoft 365 Defender portal)

  • Cross-domain threat correlation (endpoint → email → identity)

  • Automated investigation and response (AIR)

  • Threat hunting with KQL (Kusto Query Language)

  • Integration with Azure Sentinel (SIEM)

  • Playbook automation (SOAR capabilities)

Business Value

Reduced MTTD, automated incident response, unified SOC operations, native Azure/M365 integration

Status

NOT STARTED

Priority

MEDIUM (Q2 2026 target)

Estimated Learning Time

40-60 hours (full platform proficiency)

Learning Objectives:

  1. Understand XDR architecture and data flows

  2. Master Microsoft 365 Defender portal navigation

  3. Learn KQL for advanced threat hunting

  4. Configure automated investigation and response (AIR) policies

  5. Integrate Defender XDR with QRadar SIEM

  6. Develop custom playbooks for common incidents

Success Criteria:

  • Defender XDR licensing evaluated (E5 vs. standalone)

  • Proof-of-concept deployment plan created

  • KQL proficiency demonstrated (10+ custom queries)

  • 3+ automated playbooks created (phishing, malware, account compromise)

  • Integration with existing security stack validated

  • Team training completed on XDR operations

Alternative XDR Platforms (If Not Microsoft):

  • Palo Alto Cortex XDR - Best for Palo Alto firewall/endpoint customers

  • CrowdStrike Falcon XDR - Best for endpoint-centric approach

  • SentinelOne Singularity XDR - Best for autonomous response

Recommendation: Start with Microsoft Defender XDR since CHLA already uses Microsoft Defender for Endpoint and likely has E5 licensing. Evaluate alternatives only if Microsoft solution doesn’t meet requirements.

4. Security Information & Event Management (SIEM)

4.1. IBM QRadar SIEM

CRITICAL DEPENDENCY: QRadar is CHLA’s enterprise SIEM. Operational proficiency is essential for incident investigation, compliance reporting, and security monitoring. This is the #1 priority on this roadmap.

Attribute Details

Platform

IBM QRadar SIEM (version TBD - confirm with IT)

Current Access

Limited view access, vendor-dependent for custom queries

Target Capabilities

  • Independent incident investigation (no vendor dependency)

  • Custom rule development (AQL - Ariel Query Language)

  • Correlation rule tuning for CHLA environment

  • Log source configuration (ISE, Firewall, AD, Azure, Defender)

  • Custom dashboard creation (executive and operational views)

  • Integration with Claroty XDome (OT security)

  • Reference set management (whitelists, threat intelligence feeds)

  • Report automation (compliance, executive summaries)

  • API-based automation (Python/REST API)

Business Value

Centralized security monitoring, compliance reporting (HIPAA, HITRUST), threat detection across hybrid infrastructure, reduced MTTR

Status

NOT STARTED

Priority

CRITICAL (Start immediately)

Estimated Learning Time

80-120 hours (comprehensive proficiency)

4.2. Learning Roadmap (QRadar)

4.2.1. Phase 1: Foundation (Weeks 1-2)

Objectives:

  1. Obtain QRadar access credentials (admin/analyst role)

  2. Understand QRadar architecture (console, event processors, flow processors)

  3. Navigate QRadar interface (Log Activity, Offenses, Network Activity, Assets)

  4. Learn basic AQL syntax for log searches

  5. Understand offense workflow (investigation → assignment → resolution)

Deliverables:

  • QRadar admin access obtained

  • QRadar architecture documented (CHLA-specific deployment)

  • 20+ basic AQL queries practiced

  • First 5 offenses investigated and documented

  • QRadar navigation cheat sheet created

4.2.2. Phase 2: Log Source Integration (Weeks 3-4)

Objectives:

  1. Configure ISE log source (RADIUS authentication events)

  2. Configure Defender for Endpoint log source

  3. Configure Active Directory log source (authentication, group changes)

  4. Verify log normalization and parsing

  5. Create custom log parsing rules (if needed)

Deliverables:

  • ISE RADIUS logs flowing to QRadar (802.1X successes/failures)

  • Defender alerts integrated (malware, suspicious behavior)

  • AD authentication events searchable in QRadar

  • Log source health monitoring dashboard created

  • Documentation: CHLA QRadar Log Source Reference

4.2.3. Phase 3: Custom Rules & Correlation (Weeks 5-8)

Objectives:

  1. Create custom rules for CHLA-specific use cases

  2. Tune existing correlation rules (reduce false positives)

  3. Implement threat intelligence feeds (AbuseIPDB, Talos, VirusTotal)

  4. Create reference sets (whitelisted IPs, approved applications)

  5. Develop correlation rules for multi-stage attacks

Custom Rule Examples:

Rule Name Detection Logic Priority

Linux 802.1X Auth Failures

>=5 failed EAP-TLS attempts from same MAC in 10 minutes

HIGH

Posture Compliance Violation

Defender posture status = non-compliant + network access granted

CRITICAL

dACL Violation Attempts

>=10 denied connections from same endpoint in 5 minutes

MEDIUM

Privileged Account Access from New Location

Domain admin login from IP not seen in last 30 days

CRITICAL

After-Hours Research Network Access

VLAN 40 (CHLA-IoT) access outside business hours (8 AM - 6 PM)

MEDIUM

Deliverables:

  • 5+ custom correlation rules deployed

  • Threat intelligence feeds integrated (IP/domain reputation)

  • Reference sets created (30+ entries documented)

  • False positive rate reduced by 40% through tuning

  • Documentation: CHLA QRadar Custom Rules Guide

4.2.4. Phase 4: Dashboards & Reporting (Weeks 9-10)

Objectives:

  1. Create executive dashboard (high-level security metrics)

  2. Create operational dashboard (daily SOC use)

  3. Create compliance dashboard (HIPAA audit evidence)

  4. Automate weekly/monthly security reports

  5. Create Linux workstation monitoring dashboard

Dashboard Examples:

  • Executive Dashboard:

    • Total offenses (critical/high/medium/low)

    • Top threat actors (by IP)

    • Most targeted assets

    • Compliance posture (policy violations)

  • Operational Dashboard (Linux 802.1X):

    • Authentication success rate

    • Top 10 failed authentication attempts

    • Posture compliance status

    • dACL violation attempts

    • Certificate expiration warnings

  • Compliance Dashboard (HIPAA):

    • Failed login attempts (PHI access)

    • Privileged account activity

    • Unauthorized data access attempts

    • Audit log completeness

Deliverables:

  • 3+ custom dashboards deployed

  • Automated weekly security report (PDF generation)

  • Linux 802.1X monitoring dashboard live

  • Compliance report automation (monthly HIPAA evidence)

  • Documentation: QRadar Dashboard User Guide

4.2.5. Phase 5: Advanced Analysis & Automation (Weeks 11-12)

Objectives:

  1. Master advanced AQL queries (joins, aggregations, time-series analysis)

  2. Develop Python scripts for QRadar API automation

  3. Integrate QRadar with Claroty XDome (OT security)

  4. Implement SOAR playbooks (automated response)

  5. Conduct tabletop exercise using QRadar for investigation

Automation Examples:

  • Automatic IP reputation lookup via AbuseIPDB API

  • Slack/Teams notification for critical offenses

  • Automated ticket creation in ServiceNow/JIRA

  • Threat intelligence enrichment (VirusTotal hash lookups)

Deliverables:

  • 5+ Python automation scripts deployed

  • Claroty XDome integration tested (OT alerts → QRadar)

  • SOAR playbook for phishing response (automated mailbox isolation)

  • Tabletop exercise completed (simulated breach investigation)

  • Documentation: QRadar Automation Playbook

4.3. QRadar Training Resources

Resource Description Cost

IBM QRadar Community Edition

Free virtual appliance for lab environment

FREE

IBM QRadar Admin Certification

Official IBM training and certification

$$$ (2-3k)

IBM QRadar Analyst Certification

Analyst-focused training

$$$ (1-2k)

Udemy: QRadar SIEM Mastery

Hands-on course (20-30 hours)

$ (<100)

CHLA Internal QRadar Admin

Shadowing, internal training sessions

FREE

QRadar Documentation

Official IBM Knowledge Center

FREE

Recommended Learning Path:

  1. Week 1: QRadar Community Edition (lab setup)

  2. Week 2: Udemy course (QRadar SIEM Mastery)

  3. Week 3-4: Shadow CHLA QRadar admin

  4. Week 5-12: Hands-on implementation (log sources, rules, dashboards)

  5. Month 4: IBM QRadar Analyst Certification (optional)

5. Learning & Implementation Priorities

5.1. Phase 1: Immediate (Next 30 Days) - February 2026

Tool/Platform Focus Area Business Impact Priority

IBM QRadar SIEM

  • Obtain access credentials

  • Learn QRadar navigation

  • Practice basic AQL queries

  • Investigate first 10 offenses

CRITICAL - Enterprise SIEM proficiency required for daily operations

CRITICAL

AbuseIPDB

IP reputation checks during incident response

HIGH - Accelerates incident attribution

HIGH

VirusTotal

Hash/URL lookups for malware triage

HIGH - Improves malware analysis speed

HIGH

Cisco Talos

Threat feed integration research

MEDIUM - Enhances threat intelligence

MEDIUM

Week-by-Week Breakdown:

  • Week 1 (Feb 3-7):

    • Monday: Obtain QRadar access, create AbuseIPDB/VirusTotal accounts

    • Tuesday-Wednesday: QRadar Community Edition lab setup

    • Thursday-Friday: First 10 AQL queries, first 5 offenses investigated

  • Week 2 (Feb 10-14):

    • QRadar training (Udemy course completion)

    • Shadow CHLA QRadar admin (scheduled sessions)

    • Document QRadar architecture (CHLA deployment)

  • Week 3 (Feb 17-21):

    • Configure ISE log source in QRadar

    • Create first custom rule (Linux 802.1X failures)

    • AbuseIPDB/VirusTotal API integration (Python scripts)

  • Week 4 (Feb 24-28):

    • Configure Defender log source in QRadar

    • Create Linux 802.1X monitoring dashboard

    • Talos threat feed research (integration planning)

5.2. Phase 2: Short-Term (Next 90 Days) - March-April 2026

Platform Focus Area Business Impact Priority

IBM QRadar SIEM

  • ISE/Defender log source configuration

  • Custom rules for 802.1X failures

  • Linux workstation activity dashboards

  • Threat intelligence integration

CRITICAL - Full operational capability

CRITICAL

URLScan.io

Phishing investigation workflows

MEDIUM - Enhances phishing response

MEDIUM

Microsoft Defender XDR

Architecture evaluation, POC planning

MEDIUM - Long-term SOC modernization

MEDIUM

Monthly Milestones:

  • March 2026:

    • QRadar: 5+ custom rules deployed, 2+ dashboards live

    • URLScan.io: Account created, first 20 URLs analyzed

    • Defender XDR: Licensing evaluation completed

  • April 2026:

    • QRadar: Automation scripts deployed (Python API integration)

    • QRadar: Claroty XDome integration tested

    • Defender XDR: POC deployment plan approved

5.3. Phase 3: Long-Term (Next 180 Days) - May-July 2026

Platform Focus Area Business Impact Priority

XDR Platform

  • Architecture evaluation

  • Proof-of-concept deployment

  • Integration with existing stack (ISE, QRadar, Defender)

  • Team training

MEDIUM - Strategic SOC enhancement

MEDIUM

VirusTotal Enterprise

Private scanning evaluation for sensitive files

LOW - Compliance improvement (nice-to-have)

LOW

QRadar Advanced Features

  • SOAR playbook development

  • Advanced threat hunting

  • User Behavior Analytics (UBA)

MEDIUM - SOC maturity advancement

MEDIUM

6. Success Metrics & KPIs

6.1. Operational Metrics (Monthly Tracking)

Metric Current State (Jan 2026) Target State (Q2 2026)

Threat Intelligence Lookups/Week

~10 (manual, ad-hoc)

>50 (automated, integrated)

QRadar Independent Investigations

0 (100% vendor-dependent)

10+ per week (fully independent)

SIEM Custom Rules Created

0

>=10 rules (CHLA-specific use cases)

Mean Time to Investigate (MTTI)

2-4 hours (waiting for QRadar admin)

<30 minutes (self-service)

Incident Response Time

Baseline (no metrics yet)

30% reduction (threat intel integration)

False Positive Rate

Baseline (unknown)

<15% (tuned correlation rules)

6.2. Learning Metrics (Individual Development)

Skill Area Proficiency Target Target Date

QRadar AQL

Intermediate (joins, aggregations, time-series)

April 2026

QRadar Custom Rules

Advanced (10+ production rules)

May 2026

Threat Intelligence

Operational (daily use of 4+ platforms)

March 2026

KQL (Defender XDR)

Basic (10+ custom queries)

June 2026

Python Security Automation

Intermediate (API integration, reporting)

July 2026

6.3. Team Impact Metrics

Metric Target

Team Training Completed

QRadar navigation training for 3+ InfoSec team members

Documentation Created

5+ runbooks/guides (QRadar, threat intel workflows)

Knowledge Transfer Sessions

Monthly lunch-and-learn on new tools/techniques

Cross-Training

2+ team members certified in QRadar fundamentals

7. Risk & Mitigation

7.1. Risks to Roadmap Execution

Risk Impact Mitigation Probability

Limited QRadar Access

Cannot complete Phase 1-5 learning

  • Escalate access request to IT/CISO

  • Document business justification

  • Provide IBM certifications if needed

MEDIUM

Operational Incidents Delay Training

Learning roadmap deprioritized during incidents

  • Block dedicated learning time (Fridays 1-3 PM)

  • Treat learning as project work (not optional)

  • Integrate learning with real incidents (hands-on)

HIGH

Budget Constraints (Paid Tools)

Cannot evaluate VirusTotal Enterprise, XDR platforms

  • Maximize free tiers first

  • Build ROI case studies for paid tools

  • Leverage vendor POC/trial programs

MEDIUM

QRadar Admin Unavailable for Training

Limited shadowing/mentorship opportunities

  • Rely on IBM training resources (Community Edition, Udemy)

  • Join QRadar user groups/forums

  • Schedule recurring monthly sessions (vs. ad-hoc)

LOW

Tool Sprawl / Lack of Integration

Tools remain siloed, not integrated into workflows

  • Prioritize API integration over manual use

  • Create unified runbooks (tools → workflows)

  • Automate where possible (Python scripts)

MEDIUM

8. Governance & Review

8.1. Monthly Review Cadence

Review Schedule:

  • First Monday of Each Month: Roadmap progress review

  • Metrics Review: Update KPI tracking dashboard

  • Adjustments: Reprioritize based on business needs, incidents, or strategic shifts

Review Attendees:

  • Evan Rosado (roadmap owner)

  • CISO / InfoSec Director (sponsor)

  • QRadar admin (technical mentor)

  • SOC team members (stakeholders)

8.2. Quarterly Milestones

Q1 2026 (Feb-Mar-Apr):

  • QRadar operational proficiency achieved

  • 5+ custom QRadar rules deployed

  • Threat intelligence platforms integrated (API automation)

  • Linux 802.1X monitoring dashboard live

Q2 2026 (May-Jun-Jul):

  • Defender XDR POC completed

  • QRadar SOAR playbooks deployed (3+ automated responses)

  • Advanced threat hunting capability demonstrated

  • Team training completed (3+ members certified in QRadar basics)

8.3. Document Updates

This roadmap will be updated:

  • Monthly: Progress tracking, metrics updates

  • Quarterly: Strategic adjustments, new tool evaluations

  • Ad-hoc: Major incidents, budget changes, technology shifts

Version History:

Version Date Changes

1.0

2026-02-03

Initial roadmap created for Monday planning session (February 2026)

9. Appendix A: Tool Comparison Matrix

9.1. Threat Intelligence Platforms

Platform Free Tier API Access Use Case Focus CHLA Priority Learning Time

VirusTotal

Yes

Yes (limited)

Malware, hash/URL analysis

HIGH

15-20 hrs

URLScan.io

Yes

Yes

Phishing, URL analysis

MEDIUM

10-15 hrs

AbuseIPDB

Yes

Yes

IP reputation

HIGH

8-12 hrs

Cisco Talos

Yes

Limited

Threat feeds, vulnerability intel

MEDIUM

20-30 hrs

AlienVault OTX

Yes

Yes

Community threat intel

LOW

10-15 hrs

Shodan

Paid

Yes

Internet-exposed device search

LOW

15-20 hrs

9.2. XDR Platform Comparison

Platform Best For CHLA Fit Estimated Cost

Microsoft Defender XDR

Microsoft-heavy environments (E5 licensing)

EXCELLENT (already use Defender for Endpoint)

Included in E5 or ~$10/user/mo

Palo Alto Cortex XDR

Palo Alto firewall customers

MEDIUM (don’t use PA firewalls)

$$$ (~50k/yr)

CrowdStrike Falcon XDR

Endpoint-centric security

MEDIUM (overlap with Defender)

$$$ (~40k/yr)

SentinelOne Singularity XDR

Autonomous response, AI-driven

LOW (expensive, redundant)

$$$ (~60k/yr)

Recommendation: Evaluate Microsoft Defender XDR first due to existing Defender for Endpoint deployment and likely E5 licensing.

10. Appendix B: Training Budget Estimate

10.1. Q1/Q2 2026 Training Costs

Training Resource Cost Timeframe Priority

IBM QRadar Analyst Certification

~$2,000

Q2 2026

HIGH

Udemy QRadar Course

~$50

February 2026

HIGH

VirusTotal Enterprise Trial

FREE (30-day trial)

March 2026

MEDIUM

Microsoft Defender XDR Training (Ninja)

FREE

Q2 2026

MEDIUM

SANS Threat Intelligence Course

~$7,000

Q3 2026 (future consideration)

LOW

Books/Online Resources

~$200

Q1 2026

MEDIUM

Total Estimated Cost (Q1/Q2 2026): ~$2,250

Budget Justification:

  • QRadar proficiency is critical for daily operations (reduces vendor dependency)

  • ROI: 30% faster incident response, independent investigation capability

  • Long-term: Team cross-training, succession planning

11. Appendix C: Contact Information

Name Role Contact

Evan Rosado

Senior Network Security Engineer (Roadmap Owner)

erosado@chla.usc.edu

[REDACTED]

CISO (Sponsor)

TBD

[REDACTED]

QRadar Admin (Technical Mentor)

TBD

IBM Support

QRadar Vendor Support

Via support portal

Document Information

Document ID: ROADMAP-2026-02-SECURITY-TOOLS

Classification: INTERNAL USE ONLY

Distribution: CHLA InfoSec Team

Planning Period: February 2026 - Q1/Q2 2026

Generated: 2026-02-03

Author: Evan Rosado (Senior Network Security Engineer)

Department: Information Security

Organization: Children’s Hospital Los Angeles

This document contains confidential information. Unauthorized distribution prohibited.