Matias Madou

Matias Madou

About

Detail

Co-Founder and CTO

Timeline

work
Job
school
Education
folder
Project

Résumé

Jobs verified_user 0% verified
  • Secure Code Warrior
    Co-Founder and CTO
    Secure Code Warrior
    Nov 2015 - Current (10 years 8 months)
  • Sensei Security
    Founder
    Sensei Security
    Nov 2015 - Jun 2017 (1 year 8 months)
    Matias was the founder of Sensei Security, a software security startup building solutions to effectively help the developers in writing secure code . Our solutions helped developers to fix existing security problems as well as helped them to prevent introducing software security problems in the first place.
  • NVISO Security
    Lead Software Security Practice and Head of Product Development
    NVISO Security
    Sep 2014 - Oct 2015 (1 year 2 months)
    I led the Software Security Practice for NVISO, a boutique information security consulting firm out of Brussels, Belgium. NVISO conducts consulting for mainly the financial institutions in Belgium. At NVISO, together with my team I worked out a solid secure development training course for new joiners to a company, for developers and architects as well as for members of the SSG. The training consisted of in-person training classes, CBT component as well as certification. Next to training, we performed threat modelling on a regular basis as well as recommendations on secure development solutions out there.
  • Hewlett Packard Enterprise
    Research Architect
    Hewlett Packard Enterprise
    Nov 2010 - Aug 2014 (3 years 10 months)
    Jan 2014 - Aug 2014 Research Architect (MAS) Apr 2012 - Dec 2013 Research Lead (MAS) Nov 2010 - Mar 2012 Principal Security Researcher (EXP) Matias led the product research for the Agent based solutions (called HP Fortify Runtime products). In his role, he created proof-of-concepts to fill specific holes in the marketplace after which he helped to generalize and productize the solution. His research led not only to successful stand-alone Fortify products, but also cross pillar Fortify-ArcSight products. When he was away from his desk, Matias served as an instructor of advanced training courses, works with the field, and presented at anchor industry conferences, including RSA Conference, Black Hat and DefCon. 2014: HP Application Defender
  • HP Enterprise Security former Fortify
    Principal Security Researcher
    HP Enterprise Security former Fortify
    Sep 2007 - Oct 2010 (3 years 2 months)
    May 2010 - Oct 2010 (5m) Principal Security Researcher Dec 2007 - May 2010 (2y 5m) Security Researcher Sep 2007 - Dec 2007 (3m) Intern My R&D at Fortify Software focuses on exploring static and dynamic analysis techniques to find application security vulnerabilities (so called hybrid 2.0). Out of these findings, novel ways to protect applications are derived and implemented in our runtime tool. One of the most successful technique - which was used to protect against SQL Injection and XSS - was filed as a patent in 2008 (US20090282480). I'm the owner of our Insider Threat rulepack, which we presented at several conferences (DefCon, BruCon, ...) and was covered by the media several times. I was also a member of the BSIMM Europe (http://ww
  • Irdeto
    (Intern) Security Assurance Researcher
    Irdeto
    Oct 2006 - Dec 2006 (3 months)
    To verify my research, I applied my attack methodology on the state-of-the-art protection mechanisms created by Cloakware, the world leader in protecting the inner workings of an application running on untrusted hosts and hostile environments.
  • University of Arizona
    Visiting Scholar
    University of Arizona
    Feb 2005 - Apr 2005 (3 months)
    During my collaboration with Saumya Debray, we first developed an attack against a well know obfuscating transformation called control flow flattening (published on WCRE2005). Second, we proposed a new obfuscating transformation based on self-modifying code (published WISA2005).
  • Ghent University
    Security Researcher
    Ghent University
    Sep 2003 - Sep 2007 (4 years 1 month)
    My research focused on application security, in particular on hiding the inner workings of a program called program obfuscation. I developed a framework where security transformations (e.g. program obfuscating transformations) and attacks could easily be implemented and evaluated. I presented six full papers at international security conferences such as the DRM conference and the conference on reverse engineering (WCRE). I gave two demo presentations about my security tool at the program comprehension (ICPC) and the program manipulation conferences (PEPM). Dissertation title: Application Security through Program Obfuscation (Sept 2007)
Education verified_user 0% verified
  • Ghent University
    PhD, Application Secuity
    Ghent University
    Jan 2003 - Dec 2007 (5 years)
  • Ghent University
    MS, Computer Science
    Ghent University
    Jan 2001 - Dec 2003 (3 years)
  • Ghent University
    BS, Computer Science
    Ghent University
    Jan 1999 - Dec 2001 (3 years)
Projects (professional or personal) verified_user 0% verified
    This is a community-created genome.