Matt Bromiley

Matt Bromiley is a principal incident response consultant at a top digital forensics and incident response (DFIR) firm. In the DFIR firm Matt assists clients with incident response, digital forensics, and litigation support. He also serves as a GIAC Advisory Board member, a subject-matter expert for the SANS Security Awareness, and a technical writer for the SANS Analyst Program. Matt brings his passion for digital forensics to the classroom as a SANS Instructor for FOR508: Advanced Incident Response, Threat Hunting and Digital Forensics, and FOR572: Advanced Network Forensics, where he focuses on providing students with implementable tools and concepts.

More About Matt

Profile

"SANS is the only organization where I have seen students bursting to get out of class to apply their newly acquired skills to current casework," he says.

Matt fell into this career somewhat by accident, taking on a junior analyst role because the team was great and the work sounded exciting. "My first day, I was working a keylogger case that required me to examine various hardware, test information, extract USB information, and decode logged keys," he recalls. "I was hooked!"

Since then, Matt has built a wide-ranging career that gives him a broad perspective on digital forensics. He has helped organizations of all types and sizes, from multinational conglomerates to small, regional companies. His skills run the gamut from disk, database and network forensics to malware analysis and classification, incident response/triage and threat intelligence, memory analysis, log analytics, and network security monitoring. Along with traditional database forensics, Matt has experience deploying such tools as Elasticsearch, Splunk, and Hadoop to assist in large-scale forensic investigations, network security monitoring, and rapid forensic analysis on over 100 systems and over 10TB of logs. He has a particular interest in database and Linux forensics, as well as in building scalable analysis tools using free and open-source software.

Matt understands the importance of making the information he's teaching relatable to students. "It's easy to picture every scenario as an advanced persistent threat attack, but some students don't perform those investigations," he explains. So Matt looks for the common ground among all of the specific artifacts and the bigger picture that each artifact helps develop, thus enabling students to enhance their investigations and succeed in their day-to-day careers.

His extensive experience in digital forensics shines through in his teaching. An energetic, enthusiastic instructor, Matt sees digital forensics as a puzzle that is begging to be solved. He loves piecing together artifacts to tell a vivid story about what has happened, and he strives to inspire his students to have the same passion for "completing the puzzle".

Outside of work, Matt loves spending time with his family, cooking Texas BBQ, and making his house as automated as possible in hopes that it will one day do work for him.

ADDITIONAL CONTRIBUTIONS BY MATT BROMILEY:

WEBCASTS

5 Ways Bro Gives You Better Data for Incident Response and Threat Hunting, May 2018

Rethinking Security Detection in an XDR World, August 2020

Knock, Knock: Is This Security Thing Working?, March 2020

Intuitive Endpoint Security: A SANS Review of Morphisec, August 2020

Stop Letting Security Fail. Identify the True Problem., August 2019