Whoami

Currently an offensive security practitioner engaged in a wide range of activities. I’m also a casual security researcher and bug bounty hunter, but there is minimal time for that these days.

I have done and do pretty much everything in the offsec world with varying levels of success:

• External, internal, mobile, web, IoT, wireless, and API penetration testing
• Source code analysis/white box testing
• OSINT
• Social Engineering (phishing, vishing)
• Red Teaming & Purple Teaming
• Policy review
• Configuration review
• Application and tool development
• Business development, marketing, proposal responses, etc.
• Management of teams up to 15 people

Certifications

• OSEP
• OSWE
• OSCP
• CCNA (probably expired)
• Sec+ (probably expired)

Skills

Non-exhaustive list of stuff I can sort of do:

• Programming & Scripting: Python, Golang, JS (React)/HTML/CSS
• Operating Systems: Linux, Windows, macOS
• Tools & Platforms: Burp, Docker, Terraform, Ansible, VSCode, JetBrains IDEs, Wireshark, Postman, Nessus, ChatGPT
• Cloud Providers: AWS, Azure, Linode

Education

• Degree: BS in Chemistry

Alphabetical List of Current and Past Employers

• AWS
• Brackish Security (cofounder)
• Deloitte
• Exelon/Constellation
• University of Chicago Medicine

Other

• 2023 Department of Defense Researcher of the Year
• 2024 State of California Top 25 Researcher
• Creator of templatesearch.io
• GitHub
• Bugcrowd
• HackerOne

Job Offers/1099 Work/Contact

📧 Email: matt@pizzapower.me

CVEs

• CVE-2021-35959
• CVE-2021-35196
• CVE-2021-44255
• CVE-2022-25568
• CVE-2022-35122
• CVE-2022-43263
• CVE-2022-43264
• CVE-2023-24080
• CVE-2023-24081
• CVE-2023-27109 – SQLi in a popular product. CVE assigned then just disappeared.
• CVE-2023-28627
• CVE-2025-46346 - GitHub
• CVE-2025-46347 - GitHub
• CVE-2025-46348 - GitHub

I usually don’t request CVEs.