What Clients Say
"I've known Matthew for years, and can say with certainty, whether a scrappy early stager looking for deep tech wisdom, or a late stager looking for scale support, Matt will add a great deal of value. A gem in all categories: experience, knowledge, execution, leadership and being a great colleague, I highly recommend him and suggest reaching out to support your business building."Lucas Moody
Principal, Lockstep Venture Capital
Thought Leadership
Talks & Training
Trusted By
What Clients Say
"One of the best and influential security professionals out there whom I’m fortunate to work with."Luna Wu
Sr. Director, Information Security Strategy and Operations, Alteryx Incorporated
What Clients Say
"He's one of the best I know."Jim Manico
Founder and Secure Coding Educator, Manicode Security"Can confirm. He’s fantastic!"Matt Goodrich
Director of Information Security, Alteryx Incorporated
Modern C++ Training
Assessment
Evaluate your team's C++ security knowledge and identify specific vulnerability patterns in your code base.
Customized Curriculum
Tailor training to your systems, incorporating real-world case studies relevant to your industry.
Hands-On Implementation
Practice vulnerability identification, threat modeling, and secure coding techniques with your actual code base.
Ongoing Support
Receive follow-up consultations to ensure security principles are successfully integrated into your development life cycle.
Exploiting Modern C++ is thinking engineer's security training. Practical from start to finish, it goes beyond the conventional wisdom of letting technology test the technology and gives C++ engineers the tools they need to design, build and test secure software that can withstand whatever today's hackers can bring. In this training, through practical code samples as well as extensive case studies of vulnerabilities that have been exploited in the real world, engineers will learn:
- How subtle C++ coding mistakes create exploitable vulnerabilities through poor memory handling, Undefined Behavior, privilege escalation, broken threading models, ineffective data protection and accidental information disclosure.
- How hackers exploit vulnerabilities and what they look for when penetrating a system.
- How to tell the difference between a garden variety C++ bug and a security vulnerability that can be exploited.
- How good design and Modern C++ code choices make the difference between a system that can be compromised and one that can't.
- How effective code reviews, static & dynamic testing, Threat Modeling and penetration testing are used to expose hard to find vulnerabilities.
- How low tech, high concept testing approaches often trump expensive frameworks and tooling.
- How changes to Modern C++, including C++23 & C++26, have given C++ engineers tools to write highly efficient, secure code.
- How to use AI to deal with your largest pool of hidden vulnerabilities - your legacy code.
- How to use safety critical software guidelines like MISRA & AUTOSAR and AI to write safer, more secure code.
Drawing on decades of experience, this training gives you Goals for Secure Code - simple, straight forward techniques for building and deploying secure systems. Exploiting Modern C++ demystifies the world of hackers and gives C++ engineers proven, practical advice to build systems that have had to operate securely in the most hostile of environments.
What Clients Say
"He’s got that rare mix of engineering system architecture and real-world application know-how."Jason Elkins
Digital Media Specialist, 100 Cups Consulting
Software Development
Specialized software development services for mission-critical systems where reliability, security, and performance are paramount.
Embedded Systems
Development of resource-constrained software for specialized hardware with optimized memory footprint and power consumption.
- Real-time operating systems (RTOS) implementation
- Firmware and device driver development
- Hardware abstraction layers (HAL)
Safety-Critical Applications
Software engineering with formal verification for domains where failure is not an option.
- DO-178C compliant aviation software
- IEC 61508 industrial systems
- ISO 26262 automotive applications
Security-Focused Solutions
Building applications with security integrated throughout the development lifecycle.
- Secure designs and implementations
- Secure data management
- Secure communication protocols
Enterprise Applications
Scalable, maintainable software architectures for complex business requirements.
- Distributed systems and microservices
- Database optimization and data processing pipelines
- High-availability and fault-tolerant designs
Each development engagement follows rigorous engineering practices including comprehensive testing strategies, continuous integration, version control, and thorough documentation to ensure maintainable, reliable systems.