Profiles search
Matt C.
I do compliance stuff, with a dash of farm grown organic security sometimes.
Lenexa, KS, United States
Details
Education:
Master of Science - MS
Computer and Information Systems Security/Information Assurance
Western Governors University
2021 : 2021
Bachelor of Science - BS
Cybersecurity and Information Assurance
Western Governors University
2018 : 2019
Information Technology
Johnson County Community College
2012 : 2014
Computer and Information Systems Security/Information Assurance
Western Governors University
2021 : 2021
Bachelor of Science - BS
Cybersecurity and Information Assurance
Western Governors University
2018 : 2019
Information Technology
Johnson County Community College
2012 : 2014
Experience:
As a Principal Consultant at FITS, I'm responsible for driving our engagements, supporting directors, and solving challenging problems with our multitude of customers.
I've been a part of FedRAMP audits, cover both FedRAMP High, FedRAMP Moderate, both Rev4 and Rev5.
My day to day include solving customer problems, reading and analysing customer vulnerability reports, and helping their senior compliance and security management define success for their compliance and security programs.
I work my hardest to be a trusted advisor, helping bridge engineering, compliance, and security concerns to help customers create grade A compliance and security programs to help serve both commercial and government customers.
I've been involved with vulnerability management, continuous monitoring, incident response, and overall program management for multiple customers.
2023 : Present
First Information Technology Services, Inc
Principal Information Security Consultant
I currently teach an entry level cybersecurity prep course, and I love it. Being able to help guide students in their journey towards Cybersecurity and Information Technology is a blast, and I even get paid for it!
2022 :
Johnson County Community College
Adjunct Assistant Professor
As part of the Yugabyte security and compliance team, I work with stakeholders across the enterprise to enable our flagship managed product, Yugabyte Managed, and our core Yugabyte Database product to be compliant with frameworks such as NIST 800-53, ISO 27001, SOC 2 Type 2, and any future certifications and attestations needed by customers to deliver best in class Database services.
I work closely with product management, security operations, customer success, and legal as a SME on all things Information Security and Compliance related, to secure not only customer infrastructure, but our corporate and managed environments. I have worn many hats such as Security Engineer, Compliance SME, and internal audit.
2022 : 2023
Yugabyte
Sr Compliance Analyst
I currently work within the compliance team as one of the Senior Technical Program Managers for Red Hat Product Security. I help enable our vision through relationships with product security, the business units, third party assessors, and customers. I lead the effort from the compliance side as an SME for FedRAMP Compliance (ISSO) on our OpenShift Dedicated / Red Hat OpenShift on AWS compliance efforts to deliver the world's best managed Kubernetes service to both our commercial and federal customers. I have helped attain PCI-DSS, ISO 27001, SOC 2 Type 2, HIPAA, and FedRAMP In-Process for OpenShift Dedicated/ROSA. I'm skilled at managing workflows, bridging the gap on compliance efforts, and bringing teams together to solve complex compliance issues.
In addition to the above, I helped OpenShift Dedicated, our flagship Managed OpenShift service redefine how we handle vulnerability management, by helping refine policy and procedure, enabling us to fix issues faster by working across teams.
2020 : 2022
Red Hat
Senior Technical Program Manager (Compliance)
At RSA Security, I helped bring the SecurID service to federal customers via the FedRAMP Marketplace. Leveraging my previous experience with NIST standards and Cybersecurity best practices, I helped envision and architect the supporting tools to keep customers safe while using the SecurID SaaS product, while also working with our third party assessors and FedRAMP partners to develop policy, procedure, and processes to follow FedRAMP Moderate guidelines. I was responsible for budgeting, purchasing, and guiding the installation and configuration of such tools as McAfee ePO, Thycotic Secret Server, NetWitness SIEM, Tenable.sc and many other security and compliance tools to allow RSA to continuously monitor the environment. I helped develop the program further, functioning as a PM on some aspects, creating the stories needed to drive our narrative for a secure, easy to use MFA solution for the federal government.
For these efforts, the RSA President's award was given out to our group.
2019 : 2020
RSA Security
Security and Compliance Engineer
I've been a part of FedRAMP audits, cover both FedRAMP High, FedRAMP Moderate, both Rev4 and Rev5.
My day to day include solving customer problems, reading and analysing customer vulnerability reports, and helping their senior compliance and security management define success for their compliance and security programs.
I work my hardest to be a trusted advisor, helping bridge engineering, compliance, and security concerns to help customers create grade A compliance and security programs to help serve both commercial and government customers.
I've been involved with vulnerability management, continuous monitoring, incident response, and overall program management for multiple customers.
2023 : Present
First Information Technology Services, Inc
Principal Information Security Consultant
I currently teach an entry level cybersecurity prep course, and I love it. Being able to help guide students in their journey towards Cybersecurity and Information Technology is a blast, and I even get paid for it!
2022 :
Johnson County Community College
Adjunct Assistant Professor
As part of the Yugabyte security and compliance team, I work with stakeholders across the enterprise to enable our flagship managed product, Yugabyte Managed, and our core Yugabyte Database product to be compliant with frameworks such as NIST 800-53, ISO 27001, SOC 2 Type 2, and any future certifications and attestations needed by customers to deliver best in class Database services.
I work closely with product management, security operations, customer success, and legal as a SME on all things Information Security and Compliance related, to secure not only customer infrastructure, but our corporate and managed environments. I have worn many hats such as Security Engineer, Compliance SME, and internal audit.
2022 : 2023
Yugabyte
Sr Compliance Analyst
I currently work within the compliance team as one of the Senior Technical Program Managers for Red Hat Product Security. I help enable our vision through relationships with product security, the business units, third party assessors, and customers. I lead the effort from the compliance side as an SME for FedRAMP Compliance (ISSO) on our OpenShift Dedicated / Red Hat OpenShift on AWS compliance efforts to deliver the world's best managed Kubernetes service to both our commercial and federal customers. I have helped attain PCI-DSS, ISO 27001, SOC 2 Type 2, HIPAA, and FedRAMP In-Process for OpenShift Dedicated/ROSA. I'm skilled at managing workflows, bridging the gap on compliance efforts, and bringing teams together to solve complex compliance issues.
In addition to the above, I helped OpenShift Dedicated, our flagship Managed OpenShift service redefine how we handle vulnerability management, by helping refine policy and procedure, enabling us to fix issues faster by working across teams.
2020 : 2022
Red Hat
Senior Technical Program Manager (Compliance)
At RSA Security, I helped bring the SecurID service to federal customers via the FedRAMP Marketplace. Leveraging my previous experience with NIST standards and Cybersecurity best practices, I helped envision and architect the supporting tools to keep customers safe while using the SecurID SaaS product, while also working with our third party assessors and FedRAMP partners to develop policy, procedure, and processes to follow FedRAMP Moderate guidelines. I was responsible for budgeting, purchasing, and guiding the installation and configuration of such tools as McAfee ePO, Thycotic Secret Server, NetWitness SIEM, Tenable.sc and many other security and compliance tools to allow RSA to continuously monitor the environment. I helped develop the program further, functioning as a PM on some aspects, creating the stories needed to drive our narrative for a secure, easy to use MFA solution for the federal government.
For these efforts, the RSA President's award was given out to our group.
2019 : 2020
RSA Security
Security and Compliance Engineer
Company:
First Information Technology Services, Inc
Years of Experience:
19
Spoken Language:
English
Skills
Analysis, Asset Security, Cloud audit, Cloud Security, Compliance, Computer Networking, Cybersecurity, Data Governance, Defense, DoD, Emergency Management, FedRAMP, Force Protection, Governance, Risk Management, and Compliance (GRC), Government Contracting, Information Assurance, Intelligence, Intelligence Analysis, Investigation, ISO 27001, ISSO, IT Risk Management, Law Enforcement, Leadership, Management, Military, Military Experience, Military Operations, National Security, Networking, Network Security, NIST, Operational Planning, Payment Card Industry Data Security Standard (PCI DSS), Program Management, Project Management, Security, Security+, SIGINT, Signals Intelligence, Special Operations, Training, Vulnerability Assessment, Vulnerability Management, Vulnerability Scanning, Weapons
About
Experienced InfoSec / compliance individual with both hands on experience developing and deploying InfoSec solutions, and bridging the gap with compliance efforts and standards. Experience with FedRAMP, SOC2, ISO, and PCI-DSS compliance.
Profile Photo
