Matthew R.
Details
Computer Information Systems
Thomas College
2006
• Created ERP-specific security policies and technical controls, reference technical architectures and guidelines tailored to the vulnerabilities and threats associated with ERP systems such as SAP, Oracle EBS, JD Edwards and their associated supporting software components. Resulting in a 95% year over year reduction in impact to both Syntax and its customers related to security incidents.
• Risk Assessment and Mitigation : Led a team of regional security officers to develop and implement an effective mitigation strategy to prevent security breaches, based on a continuous evaluation of potential risks and vulnerabilities in the ERP environments. This included regular ticketed and tracked vendor notice review processes for Microsoft, SAP, Oracle, and others. The team developed a DevSecOps methodology, implemented CICD pipelines, and automated the security risk assessment and mitigation process.
• Customer-Centric Security Measures : Recognizing the diverse needs and security requirements of Syntax's ERP customers, implemented robust, customer-specific security measures to protect their data and operations.
• Ensured that all security measures and protocols adhered to regulatory compliance standards and requirements, including SOC 2 Type 2, NIST, CISA and other standards by establishing and enforcing policies and procedures, by mapping and applying technical controls, by working with the relevant business units, and by creating and sharing documentation.
• Award winning leader with an MSP of the year Award for 2021 from CyberArk, and an award for 2022 from Cloudflare for technical excellence for Zero Trust ERP Security.
2020 : Present
Syntax
Global Chief Information Security Officer
• Led a startup from VC funding, growing from 8 to ~250 employees, by hiring and training security architects, engineers, and auditors. • Transformed global cybersecurity and compliance program into a world-class, reliable, and security service that the entire organization trusted and relied on.
• Performed Incident Response, and guided other Incident Response teams, for Multibillion Dollar Companies. • Designed, staffed, and implemented Security Operations Centers(SOC) which provided MSSP services and generated $100k in revenue in the first three months.
• Configured Azure Security for Office365 in Compliance with NIST 800-171R2 by using Microsoft's Compliance Manager tool to monitor the status of security controls.
2019 : 2020
ExactlyIT Inc.
Chief Security Officer
• Designed, implemented, and lead the security program for SAP ERP systems hosted by the company, protecting over 150 SAP ERP environments.
• Implemented a Security Operations Center (SOC) by leading the hiring of staff, the technical design, purchase of infrastructure, and the implementation of software.
• Developed security solutions compliant with customer requirements to close 80 million dollars of revenue for the sales division.
• Led a team of five security engineers to develop and implement a cyber security program in accordance with ISAE 3403 and SOC 2 Type 2.
2017 : 2019
Freudenberg IT LP
Director Of Security
• Spearheaded the development and deployment of a 10 person SOC in India and oversaw the development of a 5 person Security Engineering team in the USA.
• Spearheaded the implementation and development of the Splunk SIEM system and Vulnerability Management Program to improve the organization's security posture by 70% in the first year.
• Prioritized workflow and budgeting of security resources for a budget of over 10 million dollars, by creating a plan that allocated resources to the most critical projects.
• Managed a SOC2 Type 2 Certification and Associated Audits, and deployed HIPAA Compliance initiatives.
• Oversaw digital forensics and investigations for over 1000 incidents per year.
2015 : 2017
Allscripts
Senior Security Manager
• Implemented a Workday production support process, ensuring 100% success rate for monthly upgrades and system changes. Achieved this by scheduling system upgrades around a scheduled monthly maintenance window.
• Lead project with vendor and business stakeholders to resolve application scaling problems related to Java memory management resulting in 100% uptime for support staff.
• Created detailed MOP or Method of Procedure documentation, resulting in a smooth transition of responsibilities to the team, for 35,000+ user application, by working with teams across different locations.
2014 : 2015
Duke Energy Corporation
Senior Application IT Analyst
Skills
AMP, Azure Sentinel, Cisco Advanced Malware Protection (AMP), Cisco Firepower, Cloud Computing, Cloud Security, Crowdstrike Falcon, Cybersecurity, Data Privacy, Docker, Facial Recognition, General Data Protection Regulation (GDPR), Global Security, Go (Programming Language), Identity & Access Management (IAM), Incident Management, Incident Response, Information Security, Information Security Management, Integration, Intrusion Detection, ISO 27001, IT Security Assessments, Kubernetes, Leadership, Linux, Microsoft Azure, Node.js, Nuclear, Nuclear Energy, Penetration Testing, Product Development, Program Management, Python (Programming Language), Qualys, Risk Management, Security, Security Architecture Design, Security Audits, Security Incident Response, Security Operations, Splunk, Stealthwatch, U.S. Health Insurance Portability and Accountability Act (HIPAA), Vendor Management, VMware ESX, Vulnerability Assessment, Vulnerability Management
About
As the Global Chief Information Security Officer at Syntax, I lead the development and execution of a comprehensive global information security strategy, specifically aimed at safeguarding Syntax and its ERP customer base. With over 20 years of experience in leadership and systems analysis, I have a proven ability to manage cyber security operations and data protection across multiple platforms and countries.
My mission is to create ERP-specific security policies and technical controls, reference technical architectures and guidelines tailored to the vulnerabilities and threats associated with ERP systems such as SAP, Oracle EBS, JD Edwards and their associated supporting software components. Thanks to my expertise in Azure Sentinel, Crowdstrike Falcon, Cisco Advanced Malware Protection, and Elastic, I have successfully reduced the impact of security incidents by 95% year over year. I also hold the CISSP certification, demonstrating my commitment to continuous learning and excellence in the field of information security.
Profile Photo
