Matt Bretan Headshot

Matthew Bretan is a technology strategy professional focused on emerging technologies and the development of secure holistic solutions. He has a proven ability to lead large scale technology transformation projects and to integrate technologies into existing infrastructures to enhance corporate efficiencies while mitigating risk.

Matthew is a Principal Manager within AWS, where he helps drive Professional Service’s global Security & Infrastructure practice. He has led security engagements with some of the world’s largest brands across many different industries including: finance, technology, hotels, ticketing, manufacturing, apparel, and life sciences. His specialty is around helping organizations maximize their profitability and returns through the design and implementation of secure holistic technology solutions. Currently, his teams are focused on helping Professional Services scale globally through 3 key iniatives: (1) building globally scaled services that solve AWS & customer challenges (Example: AWS Jam), (2) developing new AWS managed resources that are deployed via AWS Services globally (Example: AWS Config Conformance Packs), and (3) building Professional Services offerings that drive AWS platform adoption within the Management & Governance, Container, and Serverless spaces.

Prior to his work with AWS, Matthew was a Vice President at Goldman Sachs. In this role, he advised the firm on the identification and remediation of technology risk within their infrastructure globally. He was also responsible for policy and technology uplifts within their information security space. Before joining Goldman Sachs, he led the Strategic Consulting team at Eze Castle Integration, a global boutique consulting firm specializing in the financial services space.

Matthew lives in Southern California with his amazing wife and 3 children.



Amazon Web Services

Principal Manager - Security & Infrastructure — Nov 2017 to Present
Principal Security Consultant — Feb 2014 to Nov 2017
Responsible for enabling AWS’s largest customers to move their sensitive workloads onto the cloud. Leads 3 Global Professional Services Practices to scale globally while driving measurable customer business outcomes: (1) Automation & Custom Engineering, (2) Building with Service Teams, and (3) Management & Governance, Containers, and Serverless.

Goldman Sachs

Vice President - Technology Risk Advisor — Sept 2010 to Feb 2014
Advised Goldman Sachs on the identification and remediation of technology risk globally within their network, voice, video, virtualization plant, storage and building management infrastructure. Drove policy and technology uplifts within the information security space around malware prevention, data loss prevention and perimeter security.

Eze Castle Integration

Director — Jan 2009 to Sept 2010
Product Manager — Sept 2007 to Jan 2009
Responsible for the Strategic Consulting team who provided direction to organizations looking to maximize their profitability and returns through design and implementation of holistic technology solutions. Provided advanced vendor/product comparisons revolving around technology risk, VoIP, data connectivity, privacy compliance, high frequency trading architecture, and SaaS platforms in order to maximize a client’s capital expenditure. Drove executive decision-making with respect to new product development and rollout.

Merrill Lynch

Senior Voice Architect — Jul 2005 to Sept 2007
Responsible for creating detailed design documents, certification of new technology, developing budgets and scopes for projects, performed solution reviews with clients, provided implementation support, and solution validation testing. Trained and mentored new hires on the company’s global voice standards and technical policies.


New York University - Polytechnic School of Engineering
Master’s, CyberSecurity

The Pennsylvania State University
Bachelor’s, Information Science & Technology



Secure Programming Interface Hierarchies

A distributed system hosts a plurality of programming interfaces managed according to a hierarchy of security policies. In response to receiving a request from a client to invoke one of the programming interfaces, the system determines whether the client is authorized to call the programming interface by mapping from an attribute of the client to a location in the hierarchy. The system calls the interface in response to determining that the client is authorized to call programming interfaces associated with the location. The programming interface implements the security policy that corresponds to the location.
Issued Mar 16, 2021 - Link to Patent

Identity mapping for federated user authentication

An identity mapping service receives, from an administrator of an account via a federated identity generated through an identity broker of a datacenter, a request to add a new user to the account. The identity mapping service validates the federated identity and generates a link that can be used by the user authorized to utilize the new user to access the new user. The identity mapping service uses the electronic address of the user to transmit the link to the user of authorized to utilize the new user to enable the user authorized to utilize the new user to access the new user. The identity mapping service associates the new user with the account and enables the new user to access one or more computing resources associated with the account via a second federated identity generated through the identity broker of the datacenter.
Issued Aug 6, 2019 - Link to Patent

Public Speaking Engagement

AWS re:Invent 2017

AWS re:invent 2017: Best Practices for Implementing AWS Key Management Service (SID330)
Dec 1, 2017

AWS re:Invent 2016

Deep Dive: Security and Governance Across a Multi-Account Strategy (SAC320)
Dec 1, 2016

AWS re:Invent 2015

Enterprise Cloud Security via DevSecOps 2.0 (SEC402)
Oct 8, 2015

Written Publications

AWS KMS Best Pratices Whitepaper
April 20, 2017
AWS Security Blog

How to Help Protect Sensitive Data with AWS KMS
Jan 25, 2016
AWS Security Blog

How to Create a Policy That Whitelists Access to Sensitive Amazon S3 Buckets
Sept 14, 2015
AWS Security Blog

Open Platform: What’s True, What’s False and What’s Next for High-Frequency Trading
Oct 11, 2010

Hosted Business Applications: What Hedge Funds Must Consider
July 27, 2010
ECI Blog


Thank you for your interest in connecting with me further. The easiest way to do so is via the social media accounts below: