Matthew Burns
Senior Security Engineer • Cloud security, AppSec, IaC, governance, offensive testing
- Email: pro.mattburns@gmail.com
- GitHub: github.com/binbashburns
- Certifications: See the Certifications page
About me
Hi, I’m Matt. I’m a senior security engineer working across cloud platforms (AWS/Azure/GCP), application security, infrastructure-as-code, governance and compliance (NIST 800-53, SOC 2, FedRAMP, DoD), and offensive testing. I work where engineering meets risk: turning policies into pipelines, mapping controls to tooling, and treating security as a product feature rather than a gate.
I’m passionate about penetration testing and offensive security. I recently earned my GIAC Certified Penetration Tester (GCPN) and enjoy exploring vulnerabilities and attack vectors in my home lab.
I’m also actively exploring how AI augments modern software delivery and where it strengthens security engineering practice. A current result is devsecops.binbashburns.com, a vendor-neutral security stack modeler that maps tool selections to NIST CSF 2.0 / SOC 2 / SSDF controls and exports both a Digital SSP and a runnable CI workflow.
Experience
Penchecks Trust - DevSecOps Engineer
Aug 2025 – Present • penchecks.com
- Managed and automated AWS infrastructure and services using IaC (Terraform/CloudFormation), improving provisioning consistency and repeatability.
- Administered Microsoft Entra ID: user/group/app lifecycle, role assignments, and access controls to support secure developer workflows.
- Built and maintained CI/CD pipelines to automate secure, auditable deployments and compliance checks.
- Collaborated closely with developers and security teams to integrate security controls early and streamline vulnerability remediation.
Army National Guard (KY) - Cyber Warfare Technician (170A), Warrant Officer
Jun 2020 – Present • nationalguard.com
- SME and advisor on the employment of offensive/defensive cyber capabilities.
- Direct, plan, and assess cyberspace technical operations and readiness.
- Provide guidance across Army/Joint and interagency cyberspace efforts.
Defense Unicorns - DevSecOps Engineer
Aug 2024 – Aug 2025 • defenseunicorns.com
- Delivered GitOps-managed, cloud-native infrastructure via UDS platform.
- Templated Helm charts for consistent K8s app deployments and policy.
- Built GitHub Actions CI/CD for automated, secure delivery.
- Engineered Kubernetes network policies; leveraged Istio service mesh.
- Collected/ analyzed telemetry with Prometheus to drive performance work.
- Published integrations for the Airgap App Store; supported multi-cluster ops (k3d, Docker).
- Partnered with stakeholders to turn complex requirements into declarative, secure solutions.
Coalfire - Cloud Engineer II
Jul 2023 – Aug 2024 • coalfire.com
- Transitioned FedRAMP/DoD environments to NIST 800-53 rev.5.
- Architected IaC-driven cloud environments (AWS, Azure, GCP) with automation.
- Authored reference architectures and executive-ready deliverables.
- Produced network diagrams and documentation aligned to best practices.
- Supported A&A phases and security program improvements.
DHS CISA - IT Cybersecurity Specialist
Oct 2022 – Jul 2023 • cisa.gov
- Contributed to solution definition, non-functional requirements, and architectural runway.
- Supported Continuous Exploration / Delivery pipeline activities.
- Participated in PI planning, demos, and Inspect & Adapt events.
- Provided oversight to foster built-in quality and technical agility.
Coalfire - Cloud Engineer I
Feb 2022 – Oct 2022 • coalfire.com
- Designed and deployed secure architectures in AWS/Azure/GCP with IaC.
- Implemented compliant servers, networks, and boundary protection.
- Drove testing and data reviews for effectiveness of security controls.
- Supported assessment & authorization processes and security documentation.
Bechtel Corporation - Cybersecurity System Administrator
Nov 2021 – Feb 2022 • bechtel.com
- Supported the BGCAPP Cybersecurity Program (ATO sustainment, continuous monitoring).
- Tracked processes, tested safeguards, and participated in incident response.
Senture, LLC - Security Analyst
Nov 2019 – Oct 2021 • senture.com
- Ran compliance & risk posture assessments (FISMA, NIST SP 800-53, SOC 2, PCI DSS).
- Built SIEM dashboards/automation; performed risk assessments and OA/ATO support.
- Managed vuln scans (Nessus); authored SOPs; coordinated across IT and vendors.
Education
CodeYou (Louisville) - Software Engineering with C# (Student)
Aug 2025 – Apr 2026
- Enrolled in the Software Development cohort focusing on C#, .NET, ASP.NET Core, and full-stack development.
- Building skills in object-oriented programming, web APIs, database design, and modern software architecture.
University of the Cumberlands - B.A.S. Information Technology (Cybersecurity)
Apr 2022 – May 2023
- GPA: 4.0 • Honors: Summa Cum Laude • President, UC Cyber Club
- Designation: NSA/DHS CAE-CD program
- Selected coursework: Application Software, Programming, Networking, Server Admin, Web Design, Business Intelligence, Policy & Compliance (SOX/GLBA/HIPAA), DR/BCP, Secure Configurations
Somerset Community College - A.A.S. Information Security
2017 – 2019
- GPA: 3.88 • Phi Theta Kappa
- Selected coursework: Hardware/Software, AD Services, Network Security & Perimeter Defense, Linux/UNIX Admin, Python/Programming, Database Design
Volunteer & Community
CodeYou (Louisville) - Cybersecurity Mentor (Volunteer)
Aug 2025 – Present
- Mentor students in the Intro to Cyber cohort, providing guidance on foundational security concepts and career pathways.
- Lead hands-on penetration testing demos covering tools like Nmap, Metasploit, Burp Suite, and wireless attacks with WiFi Pineapple.
- Moderate discussions on real-world security scenarios, threat landscapes, and defensive strategies.
- Provide one-on-one mentorship to help students build practical skills and confidence in cybersecurity.
Pet Cancer Foundation - Governance, Risk & Compliance (Volunteer)
Jun 2025 – Present
- Established a lightweight GRC framework mapped to NIST CSF / CIS Controls
- Authored foundational security policies (access control, data classification, vendor risk, incident response, acceptable use).
- Performed vendor due-diligence for enterprise platforms; implemented data-minimization and retention standards.
Projects
Security Stack Modeler
- Vendor-neutral, organization-agnostic decision tool for assembling a security program from scratch.
- Pick a tool per capability across the SDLC and runtime stack; live annual budget, control-coverage matrix against NIST CSF 2.0 / SOC 2 TSC / NIST SSDF, and DevSecOps pipeline maturity recompute on every change.
- Exports a Digital System Security Plan (PDF) and a runnable
.github/workflows/security.ymlbased on the selected scanners. - Self-maintaining via GitHub Actions: link checker, sanitize check, and a GitHub-Models-driven price freshness audit that opens issues when vendor pricing pages drift from cited numbers.
SoldierSave
- Blazor WebAssembly site hosted via GitHub Pages, backed by a structured
benefits.jsondataset. - Provides searchable, tag-filtered benefits, discounts, and resources for service members, veterans, and families.
- Community contributions flow through GitHub Issues and auto-generated pull requests, plus scheduled link checking via GitHub Actions.
BadgeBox
- Resume template that pulls live Credly certifications via a .NET 9 minimal API and CLI, then renders them into a Jekyll site.
- Ships with a GitHub Actions workflow that builds the API/CLI, generates normalized badge JSON, and publishes the site to GitHub Pages or a custom domain.
- Designed to be forked and customized so others can quickly stand up their own resume + badges site.
Interested in collaborating on cloud-native or DevSecOps work? I’m always happy to connect.