By day, Matt performs technical duties for the U.S. government and has extensive experience with open-source intelligence (OSINT) and digital forensics including conducting numerous examinations and testifying as an expert witness on multiple occasions. By night, he is a Principal at Argelius Labs, where he performs security assessments and consulting work. A recognized expert in his field with a knack for communicating complicated technical issues to non-technical personnel, Matt routinely provides cybersecurity instruction to individuals from multiple departments.
What made you choose to work in security?
I had been doing some general technical work (basic programming, GIS, etc.) and developed a strong interest in digital forensics. I asked my employer if I could focus on digital forensics and eventually they said yes, but that they had no budget for training, equipment or anything else. I was still excited for the opportunity and started trying to learn everything I could to do the best job possible.
What was your first SANS course and GIAC certification (if applicable)?
The first SANS course I ever took was the FOR508 back in 2008 and got the GCFA cert after that.
What courses do you teach?
I’ve mostly taught the SEC504 class but have recently transitioned to the SEC487 OSINT course.
Why do you teach, research, and practice information security?
SO many reasons!!!! Sometimes I’m curious and just want to figure something out. I work with some amazing individuals on a daily basis that come to me with technical problems. Sometimes these problems require me to write code or build something. These are always fun since I get to use my skills and experience to help others. One thing I always loved about forensics is how impartial you can be. You don’t try to prove any agenda, you just analyze the artifacts and give your thoughts on what they show.
What tips can you provide newcomers to cybersecurity and defense?
Imposter syndrome is real, so don’t let that discourage you. We ALL have those feelings. A lot.
Many times after a course, students will ask me “what should I do next?”. I’ll ask them a few questions but one of them is always, “what are you interested in?”. Understanding how things work helps a lot. Years ago, I took the SEC503 course where we looked at network packets down to the hex level. I have never had a job where I’ve looked at packets for a living, but that knowledge helps me out all the time since it taught me how things work down to a very low level.
Who has influenced your information security career?
SO many people. Not even sure where to start. Judy Novak was the first person who ever told me I should consider teaching for SANS since she thought I would be good at it. There were a few people who believed in me before I believed in myself and one of them is definitely SANS instructor Bryan Simon who has always been available when I’ve needed to talk to someone.
What do you want people to know about you?
It’s nice to be teaching OSNT again since I’ve previously written and taught OSINT all over the world and stood up two different units doing OSINT work. I think the one thing I want people to know is that I genuinely care about my student’s success. I always say that the classroom is the beginning of our relationship, not the end. I hear from former students every week and I always love it!
Favorite quotes, songs, or books?
I have “It’s not how many you win, it’s how many you show up for" on my Twitter profile because “keep going” is a big part of my personality. I never went to school for these subjects and have learned them as an adult in the workforce. I’ve failed before and I’ll fail again, I just keep trying to improve and grow.
Tell us about things you enjoy that people may not expect.
I enjoy playing classic video games when I have a chance but nothing relaxes me like getting to attend a minor league baseball game. Especially at night.
Read Matt's full bio here.