Matthew J.

Parsons, CISSP, MSM

6075 Monte Vista Lane #1628
Fort Worth, TX, 76132
Blackberry: (315)-559-3588
Email:
Web: www.parsonsisconsulting.com
LinkedIn: http://www.linkedin.com/in/parsonsconsulting
Blog: http://parsonsisconsulting.blogspot.com/
Parsons on Passwords news Spot http://www.vimeo.com/8939668
Matthew J. Parsons,
MSM, CISSP, Application Security Engineer
Software Security/Application Code Review/ Senior Security Engineer/C.E.O/Owner

SUMMARY
Certified Information Systems Security Professional. (CISSP) 326814
Seven years of professional experience in Security.
Five years experience in Software and Database Security.
Ten Years experience in Information Technology and Programming.
Held a secret clearance.
Honorable Discharge United States Air Force Reserves. www.af.mil
CORP to CORP contracts only. Fully insured for four million dollars errors a
nd omissions.
Self employed, Parsons Software Security Consulting, LLC.
Member of OWASP member number 73N4Q4M27PH. www.owasp.org
Working toward Certified Physical and Information Security Consultant http:/
/www.securityrecruiter.com/converged_security_certifications.htm
References below and available on request.
EDUCATION
Masters of Science in Management, Colorado Technical University www.coloradotech
.edu/ctu-online
Focus in Information Security May 2006- August 2007 GPA: 3.94
Bachelor of Arts in Information Science, State University of New York at Oswego
www.oswego.edu
Focus in Psychology and Human Computer Interaction August 2004 GPA: 3.25
Information Studies minor Entrepreneurship, Syracuse University www.syr.edu
Focus in military studies, Information Science August 1998-May 2001 GPA: 3.93
PROFESSIONAL EXPERIENCE
Parson Software Security Consulting, LLC, TX www.parsonsisconsulting.com June 20
07-Present
Senior Information Security Consultant, Owner, CEO, CIO, CTO
Errors and Omissions Insurance and General Liability Insurance for two milli
on dollars.
Subject Matter Expert in Payment Card Industry, Data Security Standard compl
iance, Software and Database security, Enterprise Risk Management.
Created awareness in the Java and .NET developed community by creating a biw
eekly newsletter for LinkedIn.
Specialized in Java, J2EE and ASP.NET, PHP, Perl, Mainframe and C security.
Member of Open Web Application Security Project(OWASP) www.owasp.org
Found Software security vulnerabilities for clients including: SQL injection
, XSS, Cross Site Request Forgery and multiple other vulnerabilities.
Submitted bugs for Google Chrome Project. http://code.google.com/p/chromium/
issues bug number 37040 buffer overflow, 37042 No Validation, 37043 buffer over
flow, 37044 Buffer Over flow.
Scanned open source software to report software security vulnerabilities wit
h Ounce Labs and full disclosure.
Clients include: Verizon Telecommunications, Bank of America, Merrill Lynch
Bank Suisse companies, Financial Institutions and South West Airlines.
Training of offshore developers in India, Singapore, Peru, England, Switzerl
and and Hong Kong at a Large Fortune 100 Financial Institution implementing and
teaching Fortify Static Code Analysis tool enterprise wide at World Wide Bank.
Scanning of source code for a large financial Institution using Fortify.
Doing source code review with Fortify and Ounce Labs to find software securi
ty vulnerabilities.
Found Software security vulnerabilities in open source software including Se
cond Life. www.secondlife.com/
Website Administration and Development with Various clients.
Worked with Martindale and Lexus Nexus helping lawyers get a web presence. w
ww.martindale.com/
Worked with Info Vision Consultants www.infovision.net.
Worked with Genesis10 www.genesis10.com/
Partnered with Fortify Static Code Analysis Company. www.fortify.com.
Partnered with Ounce Labs static analysis tool, Ounce Certified Partner, www
.ouncelabs.com.
Partnered with IBM. www.ibm.com
Created and developed basic static code analysis class for Ounce Labs. Ask f
or presentation.
User, Developer, Consultant and Administrator of Open Ounce http://www.o2-ou
nceopen.com/
Actively writing a blog about software security. http://www.o2-ounceopen.com
/o2-power-users/
Partnered with Application Security Database Security Tool. http://www.appse
cinc.com/
PGP and software security consulting with various clients in the Dallas Fort
Worth Area including Venray Technology.
Training at Bank of America for bug of the month club.
Programmer in C#,NET, VB.NET and Java for various freelance projects
City of South Lake Network Security and physical security risk assessment au
dit. http://www.ci.southlake.tx.us/
Worked on testing Armorize Code Secure Software Security Computing Cloud Tec
hnology
o http://www.armorize.com/
Web Penetration testing to prove Software Security Vulnerabilities with Web
Inspect, Burp Professional, Paros and Manual Fuzzing and Penetration Testing wit
h AppScan and Firefox plug-ins.
Partnered with IDEA consulting www.idea.com and Emerson www.emerson.com for
manual and automated Web penetration testing using HP Web Inspect and manual met
hods testing for SQL injection, Cross Site Scripting and Cross Site Request Forg
ery.
Created reports from web penetration testing and offered remediation assista
nce to developers.
www.avocent.com, http://www.dixell.com/
Manager of PHP security Sub group for Linkedin.
Subject Matter expert in Software Security for Password Strength, New York T
imes Story
o http://www.the33tv.com/news/kdaf-password-security-jim,0,3650695.story
o http://www.vimeo.com/8939668
Subject Matter expert in Software Security for Dallas station The 33 News fo
r Conficker Worm outbreak.
http://www.the33tv.com/pages/content_landing_page/?Conficker-Worm-Set-to-Strike=
1&blockID=254636&feedID=460
Bank of America, www.bankofamerica.com Fort Worth, TX July 2009-January 2010
Genesis 10, Contractor
Specialist Information Security Engineer for Enterprise Information Management E
nterprise Security Assessment
Provided security code reviews using the Fortify Source Code Analysis Produc
t and evaluated results for security vulnerabilities for eCommerce applications.
Trained, documented and advised application developers for security risks, secu
re coding best practices, with practical remediation guidance to developers.
Created Custom Rules matrix.
Started Malicious Code review program for offshore developers.
Helped complete the Cyber Security Mandate of a 706 target applications. Wit
h team identified 1274 Critical/important issues. Closed 700 at year 's end pri
or to exploitation.
Deployed early life cycle service source code scanning to 232 internet facin
g web applications. Completed 100 percent Bank developed internet apps for 2009.
Reviewed Source code in .NET, PHP, Internet-Web, J2EE, Java, Java Script.
Created documentation for bank on software security via private and public W
ikipedia.
Was scribe for Enterprise Security Management meetings.
Reviewed peers ethical hacking assessments and offered feedback.
Migrated from finding security problems to finding elegant and effective bus
iness security solutions for bank.
Completed software security assessments of banking applications to meet bank
ing regulatory compliance and to start software security program early in the so
ftware security life cycle by on boarding different software development line of
business groups from around the country and around the world in the Fortify Sel
f Service scanning. To train developers to write secure code using the OWASP sof
tware security testing guide.
Successfully onboarded and helped implement new software security program at
Bank of America. Updated internal wiki and onboarded and trained developers how
to write secure code and use the Fortify Static Code Analysis tool and Fortify
Manager. Trained Developers in India, England, Switerzland, Singapore and Hong K
ong and on the West Coast, Central and East Coast of the United States from my r
emote office in Fort Worth, Texas.
The bank ended up with thousands of developers trained in software security
and the Fortify Static code analysis tool including Fortify Manager. New process
es and ideas were documented for the next generation of software security expert
s. Helped reduce the attack surface at the bank and limited the number of vulner
abilities, by finding software security bugs early in the development life cycle
well before the application was in the public space.
Verizon Business/ Verizon Corporate, www.verizon.com Richardson, TX Oct 2007-Jun
e 2009
Info Vision Consultants, Contractor
Senior Internet Software Security Systems Engineer for Information Technology Ap
plication Security
Security Source Code Java/.NET
Hired for strategic role in the development and maintenance of extremely com
plex network security/protection systems and architectures. Provided security so
lutions that required resolution of complex operational and integration issues a
ssociated with networks, data systems, and applications to successfully deploy s
ecure technologies and to enhance existing technologies. Lead computer security
incident response activities, conducting technical investigation of security-rel
ated incidents and conduct post-incident digital forensics to identify causes an
d recommend future mitigation strategies.
Served as the highest level of information security consultant to all intern
al clients and technical management in all areas of Verizon to ensure conformity
with corporate information security standards.
Comprehended large Enterprise Applications and Source code.
 Responsible for performing security code reviews and application risk assess
ments for customer facing applications at Verizon. Audited applications written
in multiple languages, including Java/JSP, VB.NET, ASP.NET, C#, C/C++, COBOL, PH
P, and Classic ASP. Utilized OWASP and Ounce Labs formal methodology to conduct
code reviews and risk assessments.
Used internal documents at Verizon Business, ultra-edit, and static analysis
tools like Ounce Labs and Open Ounce to supplement manual code reviews.
Worked closely with business units, vendors, and developers onshore and offs
hore to understand applications, analyze business processes, and identify areas
of risk.
Worked with management to access risk and certify all applications for PCI c
ompliance.
Responsible for the code review infrastructure at Verizon Business and admin
istered all Windows and Linux servers regarding code review.
Created custom scripts to take out certain security vulnerabilities.
Used regular expressions to search for sensitive data, like credit card numb
ers and social security numbers.
Developed and documented a software security program.
Found software security vulnerabilities in 200 million dollar annual revenue
Verizon Core application.
Applications scanned for PCI compliance, Minute Pass, IPM, E-payment, Voice
Portal, IP manager, Single Sign On, Speech Services, Epoem.
Completed Malicious Code Review for offshore developers.
Developed and implemented malicious code review program for Verizon Business
. Created Training for Malicious Code Review, created one hundred question test,
for malicious code review training. Developed Power Point Slides that trained t
housands of Security analysts to complete Malicious Code Review for Offshore Dev
elopers.
Served as a key member of the Information Technology Application Security Re
view team and founding member of the code review team of three for all of Verizo
n Business and Verizon Telecommunications.
Successfully audited, remediated and approved five Payment Card Industry app
lications for 2008 PCI compliance. https://www.pcisecuritystandards.org
Audited and reviewed 500K LOC of Perl and PHP for configuration management s
ystem and Verizon.
Worked with a team to discuss vulnerabilities, trends and risks and protect
Verizon software and information assets.
Contributed to weekly team meetings by researching new vulnerabilities, secu
rity threats and attacks.
Personally Audited and reviewed eight million lines of source code in Java,
.NET, ASP, C#, Visual Basic, PHP, Perl, COBOL, C and C++.
Found and helped remediate Software Security Vulnerabilities including credi
t card numbers and social security numbers, SQL injection, Cross Site scripting,
Stored Cross Site Scripting, Buffer Overflows, Improper use of Cryptography, Ma
licious code and various other vulnerabilities.
Found Software Security vulnerabilities in twenty billion dollar Networx pro
ject (www.gsa.gov/networx) and potentially saved Verizon Business from millions
of dollars in fines for failed compliance and lose of contract.
Networx is a 40 million LOC java application and consists of 170 projects. D
irectly responsible for the security and remediation of 85 projects. Had to buil
d application without help from development staff. Found social security numbers
, credit card information and other personal customer information using advanced
searches in ultra-edit.
Created, Deployed, Taught and Developed Software Security Program and Ounce
Labs Training Program which consisted of live webinars, teleconferences, Power P
oint Presentations and multipage internal training documents.
Worked as a liaison between Ounce Labs and Verizon Business addressing the n
eeds of both parties.
Lead Remediation efforts of several applications as subject matter expert an
d reduced the number of software security vulnerabilities in multiple applicatio
ns. Provided ongoing security advice to developers taking all questions and eith
er answering the question or researching the question to provide the best answer
for the developer and the company.
Web Penetration testing of various vulnerabilities for confirmation. Manual
and automated methods for testing XSS, SQL injection and various other Web Secur
ity Vulnerabilities listed by OWASP.
Verizon ended up passing PCI compliance saving the company millions of dolla
rs of fines and brand name damage in 2007, 2008 and 2009.
Lockheed Martin Software Design and Integration/ Aeronautics Fort Worth, TX Feb
2006-June 2007
Lockheed Martin is a large multinational aerospace manufacturer and advanced tec
hnology company formed in 1995 by the merger of Lockheed with Martin Marietta. I
t is headquartered in Bethesda, Maryland, in the Washington Metropolitan Area. L
ockheed Martin employs 140,000 people worldwide.
Systems Integration Analyst, Enterprise Information Systems
Secure Coding and Database Auditing Point of Contact (POC) for Fort Worth, A
eronautics Business Unit and Enterprise Information Systems SD&I Fort Worth
Member of Elite Lockheed Martin Aeronautics, Network Operations Security Cen
ter (NOS) Active Secret Security Clearance
Kept senior management informed of Information Security Risks, Vulnerabiliti
es and Trends.
Developed, Started and implemented Software Security Program.
Web Penetration testing to prove Software Security Vulnerabilities with Web
Inspect, Burp and manual fuzzing and penetration testing.
Security reviewed three million LOC in Java, C#, VB.NET, and ASP.
Security Reviewed F-22 application Global Task Management System and certifi
ed application to meet customer requirements. http://en.wikipedia.org/wiki/F-22
Certified and Reviewed mission critical code for the infrastructure of Lockh
eed Martin.
Developed and trained developers in software security best practices.
Selected static code analysis tool for Lockheed Martin www.ouncelabs.com and
www.fortify.com with 1.5 million dollar purchase.
Mentor to Lockheed Martin Network Support Employee in Liverpool, NY.
Certification and Accreditation of Various internal documents to Department
of Defense Policies including: DoD 8550.2.
Security Engineer, Technical lead and Subject Matter Expert (SME) on multipl
e projects.
CISSP Site coordinator to corporate wide CISSP class.
Reviewed and found suspicious and malicious code internally and externally.
Programmed in Java and .NET development environments.
Worked on International Espionage case working on code forensics.
Lockheed Martin Superior Technical Resources, Syracuse, NY Dec 2004-Feb 2006
Desktop Support Analyst
Worked as a System Support Analyst supporting 2300 end users on a team of th
ree as Windows Administrator.
Completed 20-40 tickets a week through Incident Response and problem resolut
ion and customer support to clients with computer problems.
Removed viruses and spyware on clients systems.
Physically destroyed and degaussed hard drives with sensitive company inform
ation on them.
Researched latest security threats, installed latest patches, installed soft
ware on clients ' computers.
Built and deployed computers for clients working at Lockheed Martin.
Network Administrator, Installing Catalysts and Network Troubleshooting.
Helped plan and install Voice Over Internet Protocol System. (VOIP)
Programmed in VB.NET and C#.NET to create scripts to automate tasks.
Lead an asset reduction program that saved the company thousands of dollars
in duplicate PCs.
Verizon Wireless, Dewitt, NY Aug 2004-Dec 2004
Customer Service Technician-Contract Solectron
Increased sales revenue in accessories and enhanced features.
Incident response and problem resolution.
Investigated internal fraud of fellow employee.
Decreased work time on cell phones from four hours to 45 minutes
Checked account status and activated User Account Management.
Career Services, NY Oswego, NY Sept 2003-Aug 2004
Information Technology Administrator
Assisted staff with Information technology including Mac 's and PC 's site
administrator.
Created and administered accounts for local users.
Administrated and installed Virus Management software.
Network Administrator.
Researched Viruses and Security Patches.
Installed latest security patches on PC 's.
Programming.
Instructed employees on the proper use of computing assets.
Managed Career Services Database as Database Administrator.
Protected Database and monitored e-mail list-server.
The Raven Pub, Oswego, NY June 2002-Aug 2004
Head of Physical Security
Supervised Security Personnel to ensure that proper security procedures were
in place.
Identified patrons were of the age of 21.
Physically removed any patrons that were in violation of the Establishments
' code of conduct.
Established a relationship with local police department and called upon them
in emergencies.
United States Air Force Reserves, Syracuse, NY Aug 2000-Oct 2001
Active Secret Clearance May, 2001, E-3 Airman 1st class, Honorable Discharg
e
DD-256.
Studied in military science, leadership d
evelopment training and professional training activities.
Acted as General Military Science Advisor.
Studied the field of Information Science for Detachment at Syracuse Univers
ity.
Eddies Big M Grocery Store Mexico, NY Oct 1996 â June 2002
Computer Receiving Clerk
Checked in all store goods into grocery store through computer DOS system
Started this career while in high school. Worked as a cashier, stock clerk a
nd meat department and during summers and weekends while in college. Worked 20-4
0 hours a week.
CERTIFICATIONS/TRAINING
Certified Information Systems Security Professional ID number: CISSP 326814 www.
isc2.org
Member of Open Web Application Security Project, member number 73N4Q4M27PH, www.
owasp.org
Project Management Certificate, 2007
Information Systems Security Certificate, 2006,
Information Systems Security Management Certificate, 2006,
Information Systems Certification and Accreditation Certificate, November, 2006
Active Secret Clearance since May, 2001 good through January, 2017,
Cigital Software Security Series, http://www.cigital.com/services/training/cours
es, August 2009
Foundations of Software Security Principles, TECH210039, August 2009
Advanced Fortify Analysis Scanning, TECH230700, August 2009
Architecture Risk Analysis, TECH210041, September 2009
Defensive Java Programming, TECH210040, August 2009
Aspect Security Secure coding .NET course, March, 2007,
Aspect Security Secure coding J2EE/Java course, May, 2007,
http://www.aspectsecurity.com/training.htm
Ounce Labs Advanced Static Analysis Training, San Francisco, CA July 2009
Software Security Summit, Baltimore, MD, June, 2006
Attended Qualified Systems Engineering Training Class, July, 2006,
Foreign Object Debris Training, September, 2006
International Traffic and Arms, (ITAR) briefing, August, 2006,
Attended Network World Security Conference, Dallas, TX Fall, 2006,
Attended IEEE, Metrocon, Arlington, TX Fall, 2006,
Guest Speaker for Information Science Department at Oswego State University, Nov
ember, 2005
Guest Speaker at Fort Worth Java User Group on Software Security, February, 2007
Guest Speaker at Fort Worth Web Design User Group on PCI compliance, August 2007
Site Coordinator for Lockheed Martin CISSP corporate class, December, 2006- Apri
l, 2007
Book Review for CISSP, Software Security, Building Security In, By Dr. Gary McGr
aw, November 2009
Security Awareness and Software Development Training for Oswego State University
, December, 2009
Anthony Robbins Personal Power Two, 2009-2010, http://www.tonyrobbins.com
Pre-paid Legal Associate, Small Business and Group Certified Licensed for the st
ate of Texas, 2008-2010
http://www.prepaidlegal.com/index.html
AWARDS/HONORS
Air Force ROTC Scholarship Aug 1999-May 2001
Winner, Cadet of the Semester Dec 2000, Syracuse University Detachment 535
Honorable Discharge United States Air Force Reserves, DD-256 Airman 1st class Oc
t. 2001
T-38 incentive ride and Air Force ROTC internship at Sheppard Air Force Base, Te
xas
Dean 's list multiple semesters at both Universities
Achieved a 4.0 GPA Fall Semester 2000, Syracuse University
Commanding Officer of a 110 cadets, Marine Corps JROTC Mexico High School, Mexic
o, NY, Sept 1998- June 1999
TECHNICAL SKILLS
Computer Operating Systems: UNIX, Linux, Ubuntu, Windows 95, 98, 2000, XP, Vista
, Server 2003, Mac OS 9, OS X, MS-DOS, Solaris 9
Software: Microsoft Office, Quick Books 2007, Microsoft Project, Microsoft Visio
, Outlook, MARS Remedy, Microsoft Share Point, Windows Administrator Tools, Acti
ve Directory, Microsoft Exchange Server 2000, Directory Resource Administrator,
Visual Studio .NET 2003, Visual Studio 2005, Visual Studio 2008, Fortify Static
Analysis Tool, Ultra-edit, Serena Change Man Dimensions, Perforce, IBM Rational
Developer, Eclipse, App Detective database scanning tool, Windows SQL Server 200
0, Internet Information Services, Ounce Labs Static analysis tool, SPI Dynamics
Dev-inspect, HP Web Inspect, IBM AppScan, NTO Objectives, VMware, Web Scarab, We
b Goat, Paros, 010 editor, X-way Forensics, Win-Hex, PGP, Microsoft Threat Model
ing tool, Mozilla Firefox plug-ins including: Firebug, Web Developer, Switch Pro
xy, Tamper Data, Live HTTP headers, User agent switcher, Js-view, Burp Suite, Et
hereal, Nessus, Microsoft Baseline Security Analyzer, GRC-Shields UP!, Zone Alar
m by Check Point, Ethereal, PGP Desktop Email, PGP Net share, PGP whole disk enc
ryption, SMAC, telnet, putty, SSH, Net stumbler, Cisco wired and wireless Linksy
s routers, VPN, md5deep hash, Metasploit, Regex Buddy, Confluence, Wiki Markup.
Fiddler Web Proxy, Snagit editor.
Languages: C, C#, Visual Basic.NET, Java, J2EE, SQL, CLIPS, Perl, PHP, Prolog, X
ML, HTML, Java Script, SQL, COBOL, Python
General Skills: PCI compliance remediation, security engineering, manual and sta
tic analysis tool code review, web penetration testing, fuzzing, network securit
y fundamentals, NIST Network Security Tool Kit, HTTPrint, NMAP, Security Risk As
sessments, Software Security Risk Assessments, knowledge of Orange Book (TCSEC)
and Rainbow series, Security Policies and Procedures, Security Management, Secur
ity Engineering Capability Maturity Model (SSE-CMM), Defense Information Systems
Agency (DISA) publications, National Institute Standards and Technology (NIST)
publications, DoD 8550.2, DITSCAP, Evaluation Assurance Levels (EAL) Common Crit
eria of Information Security Evaluations, Open Web Application Security Project.
(OWASP). advanced searching, system analysis design, project management, leader
ship, time management, public speaking, knowledge of networking, accounting, str
ong written and verbal communication skills, customer service, consulting, softw
are development life cycle (SDLC), knowledge of binary and hexadecimal number sy
stems, sales, problem solving, computer building hardware and software, computer
deployment, break fix, trouble shooting. Architecture risk analysis, threat mod
eling, Cigital White Box Secure Assist, Armorize Code Secure.
ACTIVITIES
Member, ISC2 Certified Information Systems Security Professional, CISSP, 326814
January 2009-Present
Member, IEEE Member #87051477 Aug -2006- 2007
Member, OWASP, 73N4Q4M27PH www.owasp.org Aug-2009-Present
Member, Phi Kappa Phi Honor Fraternity Member #11272553 April 2003 â 2007
Member, Information Systems Security Association Aug- 2006-2007
Member, Lockheed Martin Recreation Association Cycling Club Feb 2006-June 2006
President, Oswego State Cycling Club Jan. 2004 â Aug 2004
Member, Theta Chi Fraternity, Syracuse University Mar 2001-Jan 2006
Teaching Assistant, Systems Analysis and Design Syracuse University Aug 2000-De
c. 2000
Research Assistant, Institute for Sensory Research Syracuse University Aug 2000
-May 2001
Member, Onondaga Cycling Club May 2000-Jan 2006
Member, Lockheed Martin Auto Club Aug 2006- June 2006
Certified Level 1 Snowboard Instructor Feb 2003- June 2006
Certified Life Guard Sept 2001- Sept 2003
Certified CPR Sept 2001- Sept 2002
NASTAR Alpine Snowboard Racer Dec 2004- Jan 2006
Member, Fort Worth Java User Group March 2006-June 2006
Men 's Christian Bible Study, Fort Worth, TX March 2009-Present
Member, Fort Worth Cycling Club http://www.fwbaclub.org/ January 2010-Present
SAMPLE WORK
http://www.vimeo.com/8939668
http://www.vimeo.com/9069858
http://www.vimeo.com/8056446
http://www.vimeo.com/8054415
http://www.vimeo.com/8054415
http://www.vimeo.com/7998595
http://www.vimeo.com/7992560
http://www.vimeo.com/7987114
http://www.vimeo.com/7985052
http://www.vimeo.com/7968877
http://www.vimeo.com/8629442
http://www.vimeo.com/8812145
RECOMMENDATIONS
Internet Security Analyst
www.bankofamerica.com
I had the pleasure of working with Matthew Parsons while he was a consultant
for Genesis10 at our client, Bank of America. Matthew performed as a Source Code
Analyst on a six month assignment. He was an exceptional consultant. He always
completed his work on time, was flexible, was a team player, communicated well w
ith us and received great reviews from his reporting manager. Matthew represente
d us well and I would recommend him as a Security Consultant.
Regards ~
Katie Culpepper
Verizon Communications
Matt is a dedicated and highly skilled Security Analyst - his technical skill
s in the area of Source Code Reviews and deciphering insecure code, vulnerabilit
ies and malicious code are some of the best in the nation. Matt is a team player
and has proven himself in the area of teaching others in a highly technical are
a - and retaining participants attention and interest. Matt is a valuable and in
tegral member of my team. September 30, 2009
George Turrentine, CISSP, CISM, Mgr - IT Security, Verizon Communications
managed Matt at Verizon Communications
Senior Internet Security Engineer Contractor
Verizon Business
Over the past 2 years I have worked closely with Matt. Through out our relati
onship, he has been very professional, willing to learn as well as taking on pro
jects to learn. Our field is a very new field in the industry and the majority o
f experience comes from hands on work. I am very impressed with both his work et
hics and his quest for knowledge. September 18, 2009
Scot Cairns, CISSP, CSSLP, Application Security Analyst, Verizon
managed Matt indirectly at Verizon Business
Matt is the single most smart guy I have ever known in my entire life. He con
stantly strives to do what is right. While he often appears orthodox in his meth
ods, he is actually as cowboy and as unorthodox as people can get. July 26, 2
009
William Copley, Senior Internet Software Systems Engineer II, Verizon
worked directly with Matt at Verizon Business
Matt is very detail oriented, intelligent, hard working, and customer oriente
d, which makes him my first choice for source code analysis projects. He is alwa
ys looking to educate himself on the latest security technologies and trends to
stay on top of his field. A pleasure to know and work with him. March 30, 200
9
Markus Bohlander, CISSP, Director, Application Security, InfoVision
worked directly with Matt at Verizon Business
CEO, CIO, CTO, Security Consultant
Parsons Software Security Consulting LLC
I 've had the opportunity to work with Matt on several related projects. Mat
t knows his strengths and works hard to make his strengths stronger. He is wise
enough to seek out advice and guidance when he encounters a subject that isn 't
his strength. I recommend Matt for his professional integrity, his ability to d
eliver on his strengths and his willingness to seek out advice when he recognize
s the need to tap into someone else 's strengths. November 5, 2009
Jeff Snyder, President, SecurityRecruiter.com & J.A. Snyder & Associates, Inc.
was with another company when working with Matt at Parsons Software Security Con
sulting LLC
Matt is a consummate professional and a pleasure to work with. He seeks to fi
nd the appropriate solutions to his client's needs while still keeping your cost
in mind. Matt adapts his problem solving approach to each client's unique busin
ess concerns. He also focuses on the quality of the solution rather than the qua
ntity which assures your businesses the right product the first time. Above all
else, Matt is trustworthy and will give you practical appraisals and solutions b
ased on your business needs. July 20, 2007
Top qualities: Great Results, Personable, High Integrity
Nick Grimshaw
hired Matt as a IT Consultant in 2005, and hired Matt more than once
Security Engineer
Lockheed Martin
Matt gave our security product a fair an extremely thorough examination last
year. The level of expertise, maturity and rigor he brought to this action, upon
which the security standing of the greater Lockheed corporation depended, was v
ery impressive indeed, especially for someone so young. I recommend him for incr
easingly demanding positions of trust in the future, whether as an employee or a
service provider. December 26, 2007
Andy Bochman, Director, Federal Markets, Ounce Labs, Inc.
was a consultant or contractor to Matt at Lockheed Martin
Customer Support
Solectron Contractor for verizion Wireless
Matthew was a dedicated employee concerned with assuring customers received t
he best experience with Technical Services with Verizon Wireless. Matt consisten
tly went above and beyond to assist these customers with their needs on an ongoi
ng basis. March 22, 2009
Brendon Scarano, Area Team Leader, Solectron
managed Matt at Solectron Contractor for verizion Wireless