Matthew Bretan has a proven ability to deliver planetary scale security outcomes so companies can operate at the speed of the business.
Matthew currently leads Global Services Security Engineering within Amazon Web Services (AWS) where his team focus on three main areas: (1) building security services that enable AWS customers to focus on their business, (2) operating internal AWS security controls that ensure that employees are protecting AWS and customer information, and (3) partnering with AWS Service teams to enable them to deliver the right products and features to our customers and partners. An example of a externally available service that he took from an early concept into a thriving business that has trained hundreds of thousands of customers on how to utilize AWS and partner services securly is the AWS Jam. His team has also been granted US Patents related to the controls and services that they have built to better protect and secure AWS’s infrastructure and information. Previously, when he was part of Professional Services within AWS, he led security engagements with some of the world’s largest brands across many different industries including: finance, technology, hotels, ticketing, manufacturing, apparel, and life sciences. Matthew was also responsible for starting and leading Global Specialty Practices around Management & Governance, Container, and Serverless.
Prior to his work with AWS, Matthew was a Vice President at Goldman Sachs. In this role, he advised the firm on the identification and remediation of technology risk within their infrastructure globally. He was also responsible for policy and technology uplifts within their information security space. Before joining Goldman Sachs, he led the Strategic Consulting team at Eze Castle Integration, a global boutique consulting firm specializing in the financial services space.
Matthew lives in Southern California with his amazing wife and 3 children. He loves being outside playing sports with his family, spending time at the beaches, skiing, and cooking and eating amazing food from around the world.
experience
Work
Amazon Web Services
Global Services Security Engineering Lead — April 2022 to PresentPrincipal Manager - Security & Infrastructure — Nov 2017 to April 2022
Principal Security Consultant — Feb 2014 to Nov 2017
Responsible for leading engineering teams that deliver planetary scale security outcomes so customers can operate at the speed of business. His team builds security solutions that can mitigate a customer’s security concern before it impacts them; and ideally without them needing to take any action at all.
Goldman Sachs
Vice President - Technology Risk Advisor — Sept 2010 to Feb 2014
Advised Goldman Sachs on the identification and remediation of technology risk globally within their network, voice, video, virtualization plant, storage and building management infrastructure. Drove policy and technology uplifts within the information security space around malware prevention, data loss prevention and perimeter security.
Eze Castle Integration
Director — Jan 2009 to Sept 2010
Product Manager — Sept 2007 to Jan 2009
Responsible for the Strategic Consulting team who provided direction to organizations looking to maximize their profitability and returns through design and implementation of holistic technology solutions. Provided advanced vendor/product comparisons revolving around technology risk, VoIP, data connectivity, privacy compliance, high frequency trading architecture, and SaaS platforms in order to maximize a client’s capital expenditure. Drove executive decision-making with respect to new product development and rollout.
Merrill Lynch
Senior Voice Architect — Jul 2005 to Sept 2007
Responsible for creating detailed design documents, certification of new technology, developing budgets and scopes for projects, performed solution reviews with clients, provided implementation support, and solution validation testing. Trained and mentored new hires on the company’s global voice standards and technical policies.
Education
New York University - Polytechnic School of Engineering
Master’s, CyberSecurity
The Pennsylvania State University
Bachelor’s, Information Science & Technology
publications
Patents
Secure Programming Interface Hierarchies
A distributed system hosts a plurality of programming interfaces managed according to a hierarchy of security policies. In response to receiving a request from a client to invoke one of the programming interfaces, the system determines whether the client is authorized to call the programming interface by mapping from an attribute of the client to a location in the hierarchy. The system calls the interface in response to determining that the client is authorized to call programming interfaces associated with the location. The programming interface implements the security policy that corresponds to the location.
Issued Mar 16, 2021 - Link to Patent
Identity mapping for federated user authentication
An identity mapping service receives, from an administrator of an account via a federated identity generated through an identity broker of a datacenter, a request to add a new user to the account. The identity mapping service validates the federated identity and generates a link that can be used by the user authorized to utilize the new user to access the new user. The identity mapping service uses the electronic address of the user to transmit the link to the user of authorized to utilize the new user to enable the user authorized to utilize the new user to access the new user. The identity mapping service associates the new user with the account and enables the new user to access one or more computing resources associated with the account via a second federated identity generated through the identity broker of the datacenter.
Issued Aug 6, 2019 - Link to Patent
Public Speaking Engagement
AWS re:Invent 2017
AWS re:invent 2017: Best Practices for Implementing AWS Key Management Service (SID330)
Dec 1, 2017
AWS re:Invent 2016
Deep Dive: Security and Governance Across a Multi-Account Strategy (SAC320)
Dec 1, 2016
AWS re:Invent 2015
Enterprise Cloud Security via DevSecOps 2.0 (SEC402)
Oct 8, 2015
