Matt Franz

Current

Principal Security Consultant at SAIC

Past

Manager, Product Training at Tenable Network Security
Adjunct Instructor, Computer Business Technology at Frederick Community College
Senior Network Security Analyst, Global Security Engineering at Hewitt Associates

Senior Security Researcher at Digital Bond, Inc.
Network Consulting Engineer, Security Technologies Assessment Team at Cisco Systems
Security Research Engineer, Critical Infrastructure Assurance Group at Cisco Systems
Lead Developer at Trinux: A Linux Security Toolkit
Product Security Engineer, Security Consulting at Cisco
Network Security Analyst at SW Information Operations Center/USAR
Data Systems Engineer at SBC Datacomm
Manager, Information Security Training Center at Trident Data Systems
Network Security Instructor/Course Developer at Trident Data Systems
EW/SIGINT Analyst Instructor at 6th BN (MI), 3rd BDE, 95th DIV
Classroom Teacher at Northside ISD
EW/SIGINT Analyst at 549th MI BN (CEWI)

see less...

12 more...

Education

Texas A&M University

Recommended

4 people have recommended Matt

Connections

196 connections

Industry

Computer & Network Security

Websites

Matt Franz’s Summary

Senior information and critical infrastructure security professional with over a decade of network and application security experience in engineering, R&D, consulting, operations, and training. Consistent track record of impact and innovation inside diverse organizations ranging from security & infrastructure vendors to business and technology service providers, boutique consulting firms, and the military. Solid technical background in security architecture, administration, and device/protocol/application/network vulnerability assessment. Committed Open Source advocate, conflicted coder, and and master of knowledge management tools. Expert technical trainer and down-to-earth conference speaker. Technical advisor to senior management, mentor to junior engineers, and project manager.

Matt Franz’s Specialties:

Open Source and commercial UNIX (especially Linux and *BSD) and a variety of Open Source application tools and frameworks. IDS signature and vulnerability check development. Protocol analysis, threat modeling, and protocol fuzzing. Test automation and vulnerability assessment methodology. SCADA and Control System Security. Embedded Linux. SDLC. Vulnerability disclosure policy and best practices. Course design and development. Defining, developing, and bringing new services to market.

Matt Franz’s Experience

Principal Security Consultant

SAIC

(Public Company; SAI; Information Technology and Services industry)

September 2009 — Present (3 months)

Actively pursuing/engaged in security projects (up and down the stack) including (but not limited to) control systems, SCADA, AMI, and other critical infrastructure applications & networks.
Manager, Product Training

Tenable Network Security

(Privately Held; Computer & Network Security industry)

March 2008 — August 2009 (1 year 6 months)

Led Tenable training program. Created, taught, and updated course materials on vulnerability scanning, security monitoring, log analysis, and compliance/configuration auditing Nessus, Passive Vulnerability Scanner, Security Center, and Log Correlation Engine. Principal architect of Tenable's eLearning solution. Completed redeveloped Tenable courseware in 2008, implementing modular curriculum. Developed Enterprise and Nessus certification exams in 2009. Delivered custom onsite training for large commercial and government customers.
Adjunct Instructor, Computer Business Technology

Frederick Community College

(Educational Institution; Higher Education industry)

March 2009 — May 2009 (3 months)

Taught CIS170 Security Fundamentals during Spring 2009 semester.
Senior Network Security Analyst, Global Security Engineering

Hewitt Associates

(Public Company; HEW; Human Resources industry)

November 2006 — March 2008 (1 year 5 months)

Developed, maintained, and supported Hewitt firewall platform across multiple UNIX flavors on a variety of server platforms. Led the effort to replace proprietary UNIX firewall platforms with low cost Intel hardware. Developed systems management, network monitoring, and firewall capacity management tools in Ruby. Conducted firewall performance testing to evaluate hardware/OS selection. Provided on-call support to network security operations team and other internal customers. Evaluated, defined, tested and worked with vendor to deploy next generation firewall management application. Provided consulting to internal Hewitt and external client teams on security architecture and implementation and deployment of new firewalls
Senior Security Researcher

Digital Bond, Inc.

(Privately Held; Computer & Network Security industry)

September 2005 — November 2006 (1 year 3 months)

Perform network and application security assessments for Digital Bond clients, focusing primarily on SCADA and other control system technology used by Electricity and Gas sectors. Developed a comprehensive set of SCADA vulnerability checks for Nessus in NASL3. Wrote Snort ICCP signatures. Discovered multiple implementation flaws in ICCP servers that resulted in the first US-CERT advisory for a SCADA vulnerability. Served on Electricity Cell and contributed significant scenario elements relating to SCADA vulnerabilities for DHS CyberStorm 2005 exercise. Project lead for OPC/DCOM Security Best Practices projected jointly conducted with British Columbia Institute of Technology (BCIT). Designed, implemented, and monitored SCADA Field device honeynet using VMware/Roo Honeywall. Wrote a variety of custom vulnerability assessment tools in Python and Java.
Network Consulting Engineer, Security Technologies Assessment Team

Cisco Systems

(Public Company; CSCO; Computer Networking industry)

August 2004 — September 2005 (1 year 2 months)

Conducted and led security evaluations and vulnerability testing of Cisco products, protocols, and solutions. Provided consulting support to product teams and business units and contributed to cross-functional security initiatives. Developed generic protocol fuzzing tools in C#/.NET. Provided security consulting to Cisco Network Management Technology group on web application security for next generation architectures. Defined Threat Modeling methodology for use by product teams to decompose and assess the security of complex solutions and architectures. Developed and maintained Linux LiveCD security testing platform based on Ubuntu Linux to allow easy distribution and deployment of open source and proprietary vulnerability testing tools. Led the development and documentation of a standard set of vulnerability assessment baselines to be applied to devices, applications, and protocols
Security Research Engineer, Critical Infrastructure Assurance Group

Cisco Systems

(Public Company; CSCO; Computer Networking industry)

May 2002 — August 2004 (2 years 4 months)

Led Cisco control system security effort. Primary Cisco delegate to U.S. national labs and large industrial automation vendors for security. Chair of ISA SP-99 WG3. Contributing author to AGA 12-1, PCSRF, cybersecurity standards and SP-99 Technical Reports. Designed and tested Linux Modbus/TCP Firewall Module and Virtual SCADA HoneyNet. Presented at NISCC SCADA & Electronic Control System Conference 2004, SA Industrial Network Security and KEMA Security Conferences in 2004. Conducted BGP threat analysis and security testing of multiple commercial and Open Source BGP implementations. Presented at NANOG 28 (Salt Lake City) and Black Hat 2003. Wrote BGP test tools in Python and discovered multiple implementation flaws in commercial and Open Source BGP implementations. Designed and implemented generic protocol testing tool (in Python) to discover implementation flaws in arbitrary network protocols.
Lead Developer

Trinux: A Linux Security Toolkit

(Computer & Network Security industry)

1998 — 2003 (5 years )

Founding developer/maintainer of a lightweight Linux distribution with that focused on rapid deployment of a network security toolset to monitor and scan networks. Project was highlighted in multiple print and online periodicals and downloaded hundreds of thousands of times.
Product Security Engineer, Security Consulting

Cisco

(Public Company; CSCO; Computer Networking industry)

May 2000 — April 2002 (2 years )

Conducted security testing of Cisco Security products (including network management) as well as non-security products in Content Networking and Storage Router BU's. Key technical advisor in initiative to improve security throughout product-lifecycle. Developed comprehensive methodology for performing threat-oriented security evaluations. Presented on this topic at CanSecWest/core01 conference in March 2001. Wrote and reviewed test plans, designed/performed lab evaluations to discover and document security vulnerabilities in Cisco products. Wrote Perl/Python/C tools to analyze test data and identify network vulnerabilities. Conducted security product testing on competitor's router and VPN products. Conducted evaluations of VPN products and configuration for external Cisco customer's as part of Cisco Security Posture Assessments.
Network Security Analyst

SW Information Operations Center/USAR

(Government Agency; 10,001 or more employees; Defense & Space industry)

February 1999 — January 2002 (3 years )

Network Administrator of Cisco Routers & Switches and UNIX (Solaris & Linux) Servers. Developed network security courseware (forensics and scripting) for Reserve and Active Duty IO personnel.
Data Systems Engineer

SBC Datacomm

(Public Company; 10,001 or more employees; SBC; Telecommunications industry)

August 1999 — April 2000 (9 months)

Primary security engineer for UNIX security, vulnerabilities, and intrusion detection. Defined products, pricing, procedures, and deliverables for SBC vulnerability assessment serviced. Developed custom vulnerability scanning and network analysis tool Perl, PHP/MySQL, and Python. Conducted vulnerability assessment for SBC internal customers included. Participated in the design of large customer networks that included firewalls, host & network intrusion detection, URL filtering, web caching, and virtual private networks.
Manager, Information Security Training Center

Trident Data Systems

(Privately Held; 501-1000 employees; Computer & Network Security industry)

March 1999 — August 1999 (6 months)

Managed training center staff (3 instructors, business developer, and office manager). Supervised day to day operations of training center including class scheduling, instruction, course development, course marketing & pricing, classroom configuration. Advised senior management regarding strategic decisions involving training and use of training center resources. Conducted nationwide seminars to support sales and marketing of technical security curriculum and commercial information protection services. Lead Trident course developer/subject matter expert in negotiation and design sessions with Colorado Computer Training Institute. Advised TDS and CCTI marketing staff and wrote marketing materials for network security curriculum.
Network Security Instructor/Course Developer

Trident Data Systems

(Privately Held; 1001-5000 employees; Defense & Space industry)

December 1997 — March 1999 (1 year 4 months)

Developed and taught hands on network security courseware using Linux and Open Source Tools to Trident commercial, military, and intelligence community customers. Administered classroom lab network and UNIX (Solaris and Linux) servers.
EW/SIGINT Analyst Instructor

6th BN (MI), 3rd BDE, 95th DIV

(Government Agency; 51-200 employees; Defense & Space industry)

November 1994 — January 1999 (4 years 3 months)

Served as primary instructor for 98C10 SIGINT Analyst Phase II/IV Courses during summer teaching missions 1996-1997. Taught 98C30 BNCOC Phase II summer 1998. Received Army Achievement Medal (1st Oak Leaf cluster) for teaching performance during Annual Training 1996.
Classroom Teacher

Northside ISD

(Government Agency; Primary/Secondary Education industry)

August 1994 — December 1997 (3 years 5 months)

Taught Texas History and Reading (focusing on critical thinking skills). Implemented age-appropriate Socratic seminars in the Middle School environment. District telecommunications trainer. Maintained unofficial web site. Led the development of campus Internet use policy. Conducting informal PC/Mac tech support.
EW/SIGINT Analyst

549th MI BN (CEWI)

(Defense & Space industry)

March 1988 — October 1994 (6 years 8 months)

Responsible for the processing, analysis & reporting of time-sensitive intelligence derived from ground-based collection assets. Received Army Achievement Medal for cryptanalysis support in training operations against the 49th AD (TXNG) during Annual Training 1991 Served as senior mission NCO responsible for the supervision of 6-10 analysts and the management of technical reporting and databases within TCAE analytical teams. Received Army Commendation Medal for role in command/staff exercises between 1992-1994