Personal Summary

When I’m not tackling security challenges, you’ll find me embracing life’s adventures as a husband and father to two young kids. My biggest passion is aviation—there’s nothing quite like firing up our Beechcraft Bonanza for a cross-country adventure or a quick hop to Friday Harbor for ice cream with the family, or down to Oregon when we’re craving some In-N-Out Burger.

As Treasurer for the Bremerton Pilots Association, I’m committed to inspiring the next generation of aviators and helping talented young people pursue their dreams through our scholarship program. When I’m grounded, I enjoy tinkering with my home lab and diving into networking projects—because apparently I can’t escape technology even in my spare time.

Whether I’m at 8,000 feet or knee-deep in router configurations, I’m always looking for the next challenge and opportunity to learn something new.

Professional Summary

Experienced, hands-on security, engineering, and product leader with a passion for challenging the status quo while encouraging a culture that prioritizes the needs of the business. Proven track record of building and scaling security programs across multiple industries, with expertise in product security, cloud security, identity and access management, and leading high-performing teams.

Core Competencies

  • Security Leadership: Product Security, Application Security, Cloud Security, DevSecOps
  • Identity & Access Management: SAML, OAuth, OpenID Connect
  • Cloud Platforms: AWS Security Specialty, Multi-cloud Architecture, Container Security
  • Compliance & Governance: SOC 2, ISO 27001, PCI DSS, HIPAA, NIST Frameworks
  • Programming & Architecture: C#, Java, Python, System Architecture, REST APIs
  • Leadership & Mentoring: Team Building, Cross-functional Collaboration, Executive Communication

Professional Experience

Alteryx - Director, Information Security

January 2020 - Present

  • Leadership & Team Building: Led teams of 15+ across multiple continents, managing Product Security, DevSecOps, Security Architecture & Engineering, and Vulnerability Management programs
  • Product Security Innovation:
    • Developed comprehensive security design patterns for eliminating hard-coded encryption keys and secure credential handling
    • Performed extensive threat modeling and security consultation across all Alteryx products
    • Built automated test frameworks for OWASP ASVS L1 requirements
    • Created golden container images and automatic update processes for Go, NodeJS, Java, nginx, and Python
  • Compliance & Standards:
    • Led product and engineering efforts to achieve SOC 2 Type II, ISO 27001, and PCI compliance
    • Developed and implemented Secure Software Development Lifecycle (SSDLC) aligned with OWASP ASVS
    • Established Application Security and Logging Standards
  • Customer & Business Impact:
    • Partnered with Fortune 500 customers to address security requirements
    • Developed security use cases within Alteryx products for vulnerability management and firewall rule review
    • Streamlined sales processes by delivering precise security responses and minimizing obstacles
  • Incident Response & Risk Management:
    • Shaped Product Security Incident Response (PSIRT) process
    • Led incident response for critical vulnerabilities including Log4Shell
    • Managed security aspects of M&A activities

Slalom Consulting - Solution Architect (Cloud, DevOps, and Security)

February 2018 - January 2020

  • Practice Development: Established Security and Risk Services sub-practice in Denver market, serving as model for global Slalom offices
  • Client Engagement: Led engagements across telecommunications, software, consulting, higher education, government, and food & beverage verticals
  • AWS Security Expertise:
    • Built PCI-compliant AWS Fargate environments
    • Designed new AWS PCI environment for credit card manufacturer
    • Developed home surveillance streaming integration for major telecommunications company
  • Framework Implementation: Leveraged NIST 800-53, HITRUST CSF, and ISO 27000 series to align organizations with secure practices
  • Knowledge Sharing: Presented security talks at BSides, Denver Modern Web, and OWASP chapter meetings
  • Training Development: Created internal training on Defense in Depth, AWS Security Automation, Container Security, IAM, OSINT, and password security

ProofID (Ping Identity & SailPoint Professional Services) - Principal Security Architect

November 2015 - February 2018

  • Technical Leadership: Lead technical consultant specializing in Identity and Access Management architecture and implementation
  • Enterprise Solutions: Engaged with 5-10 Fortune 2000 clients weekly providing end-to-end IAM services
  • Product Innovation: Developed Password Recovery Module Plugin for PingFederate, later acquired by Ping Identity and integrated into core product
  • Standards Expertise: Deep specialization in SAML, OAuth, OpenID Connect, and SCIM protocols
  • Comprehensive IAM Knowledge: Expert across full technology stack including PKI, DNS, firewalls, load balancing, disaster recovery, and SIEM integration
  • Risk Management: Owned risk assessment activities including source code scanning, vulnerability scanning, and penetration testing

K2 - Software Engineering Manager

September 2014 - November 2015

  • Engineering Leadership: Led high-performing software engineering team as engineering manager, product manager, and scrum master
  • Process Optimization: Developed and enhanced processes to optimize delivery of high-quality software with increased efficiency
  • Product Lifecycle Management: Oversaw complete product lifecycle from roadmap creation to release management
  • Global Collaboration: Worked closely with local and global product, business, and engineering units

AIM Consulting Group - Senior Software Engineering Consultant

June 2014 - September 2014

  • Application Modernization: Led redesign, maintenance, and optimization of core business applications for hardware integration company
  • DevOps Implementation: Spearheaded DevOps initiatives including TFS upgrades, gated check-ins, and continuous build/deployment for Windows services and web applications
  • Architecture Design: Executed comprehensive redesign using n-tier approach with REST services and dependency injection
  • Quality Assurance: Ensured code quality through documentation, unit tests, and integration tests

HOSTING.com - Technical Lead, Engineering

October 2012 - June 2014

  • Architecture & Performance: Led database design and product architecture with performance-centric approach using dependency inversion and fault tolerance principles
  • Technology Stack: Proficient in product development using Kendo, C#, jQuery, and Microsoft Entity Framework ORM
  • Security Projects: Created Windows PCI Compliance scripts for server operating systems
  • Infrastructure Innovation: Orchestrated transition from pull-based to push-based architecture and explored ElasticSearch implementation

Seros - Security Engineer

June 2011 - October 2012

  • IAM Specialization: Security engineer specializing in Single Sign-On implementations, Federated Identity Management, and Password Management
  • Customer Engagement: Dedicated consultant with weekly travel to customer sites across the United States
  • Product Extension: Extended PingFederate to meet specific customer requirements and designed SSO integrations
  • Comprehensive Security: Expertise across network architecture, systems hardening, penetration testing, business continuity, and regulatory compliance (HIPAA, PCI DSS)

Colorado State University - Web Application Developer

November 2006 - May 2011

  • Career Progression: Advanced from IT help desk intern to primary web application developer for central IT department
  • Leadership Experience: Managed sub-domain within Active Directory forest and supervised 25+ employees operating university computer labs
  • Technical Development: Specialized in C# ASP.NET web application development
  • Mentorship: Both received mentorship from university professionals and provided mentoring to others

Certifications & Professional Development

Cloud & Security Certifications

  • AWS: Security Specialty, DevOps Engineer Professional, Solution Architect Professional, SysOps Administrator Associate, Solutions Architect Associate, Developer Associate
  • Ping Identity: PingDirectory Instructor, PingAccess Instructor, PingFederate Instructor, PingFederate Administrator
  • Security: Certificate of Cloud Security Knowledge (CCSK)
  • Data & Analytics: Alteryx Core Certification, Trifacta Data Deputy, Trifacta Data Wrangler
  • Product Management: Pragmatic Institute PMC Level I

Leadership Development

  • Center for Creative Leadership - Maximize Your Leadership Potential
  • Alteryx Emerging Leaders Program (Mentor)
  • Information Security Department Shadowing Program

Notable Achievements & Recognition

Awards & Competitions

  • 1st Place - Front Range OWASP Conference Secure Coding Competition
  • 3rd Place - LocoMocoSec Conference Secure Coding Competition
  • Nominated - Alteryx Xcellence Award

Key Accomplishments

  • Team Leadership: Managed teams of 15+ across multiple continents with direct reports in Product Security, DevSecOps, and Security Architecture
  • Hiring & Development: Interviewed 60+ candidates, hired 7 direct reports, facilitated 3 promotions within organization
  • Process Innovation: Transitioned team to Kanban methodology improving work tracking and reducing dropped items
  • Industry Engagement: Delivered presentations at internal and external forums on security aspects of product suites
  • Customer Impact: Successfully addressed security requirements for Fortune 500 customers including major financial institutions and healthcare organizations
  • Compliance Achievement: Successfully led organizations through SOC 2 Type II, ISO 27001, and PCI compliance audits
  • Mentorship: Active mentor in multiple programs providing guidance to early-career employees

Professional Feedback Highlights

“You lead by prolific example and aren’t afraid to get your hands dirty.” - Ole Craig

“Matt works to advance all of our team missions. He builds high quality relationships with staff, peers and executives. Matt is highly trusted throughout the organization which is why he is very effective.” - Matt Wilson

“Thank you for maintaining an open door policy for all things product security… The outcome is faster, safer changes being made to the platform.” - Trevor Harris

Technical Expertise

Security Domains

  • Application Security (SAST, DAST, SCA)
  • Cloud Security Architecture
  • Container & Kubernetes Security
  • Vulnerability Management
  • Incident Response & PSIRT
  • Threat Modeling
  • Security Awareness Training

Development & Architecture

  • Languages: C#, Java, Python, JavaScript
  • Frameworks: .NET Framework, ASP.NET, Entity Framework, Spring
  • Architecture Patterns: Microservices, REST APIs, Service-Oriented Architecture
  • DevOps: CI/CD, Docker, Kubernetes, Helm, Infrastructure as Code

Compliance & Standards

  • Frameworks: OWASP ASVS, NIST 800-53, HITRUST CSF, ISO 27000 series
  • Regulations: SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR
  • Methodologies: Secure SDLC, Risk Assessment, Audit Management

Education & Continuous Learning

Formal Education

  • Colorado State University (2006-2011)

Professional Memberships & Associations

  • OWASP Foundation - Lifetime Member
  • Information Systems Security Association (ISSA)
  • OpenID Foundation - Professional Member
  • Aircraft Owners and Pilots Association (AOPA)
  • American Bonanza Society - Aviation Professional
  • Bremerton Pilots Association

Community Involvement & Volunteer Work

  • Junior Achievement - JA in a Day Teacher
  • Junior Achievement - STEM Career Mentor

Continuous Professional Development

  • Regular participation in security conferences and industry events
  • Active contributor to internal training programs and knowledge sharing
  • Ongoing professional certification maintenance and advancement
  • Mentorship and leadership development programs