About

About

Whoami

Currently an Offensive Security Consultant engaged in a wide range of activities. I’m also a casual security researcher and bug bounty hunter, but there is minimal time for that these days.

In my current roles, I do almost everything offsec and consultant related:

  • External, internal, mobile, web, IoT, wireless, and API penetration testing
  • Red Teaming & Purple Teaming
  • OSINT, phishing, policy review, and configuration review
  • Tool development
  • Business development, marketing, proposal responses, etc.

But my wheelhouse is web/mobile/API penetration testing and development.

Certifications

  • OSEP
  • OSWE
  • OSCP
  • CCNA (expiring soon)
  • Sec+ (will expire eventually)

Skills

Non-exhaustive list of stuff I use with varying success:

  • Programming & Scripting: Python, Golang, JS/HTML/CSS
  • Operating Systems: Linux, Windows, macOS
  • Tools & Platforms: Burp, Docker, Terraform, Ansible, VSCode, JetBrains IDEs, Wireshark, Postman, Cobalt Strike, Nessus, ChatGPT
  • Cloud Providers: AWS, Azure, Linode

Education

  • Degree: BS in Chemistry

Previous and Current Employers

  • Exelon/Constellation
  • Deloitte
  • AWS
  • Co-founded Brackish Security

Other

  • 2023 Department of Defense Researcher of the Year
  • Personal site: pizzapower.org

Contact

📧 Email: matt@pizzapower.me

CVEs

I no longer request CVEs.

** Fun Projects **

Built a full stack attack surface management/bug bounty automation tool utilizing Golang and React that has been used by multiple companies and has discovered ~30 P1 vulnerabilities in BB programs in a one year time frame. This included database design and integration with AWS and Azure services.

I’m an avid guitar player and will hopefully quit cybersecurity in a few years to play music full time (lol).

Cofounded a boutique cybersecurity consulting firm that specializes in offensive security services and drove reveune into the seven figures in the first two years of operation.