24 years of hands-on cybersecurity leadership for high-growth startups. From Series B through Series E — I've built and defended the security postures that let companies scale with confidence. I'm business first — every engagement is grounded in your goals, not security for its own sake. The cybersecurity services I deliver are directly tied to the outcomes that matter most to your business.
What I Do
Practical, board-ready cybersecurity guidance — from building your first security program to passing your toughest audit.
Prepare your organization to qualify for — and maximize — cyber insurance coverage. Gap analysis, policy alignment, and documentation that satisfies underwriter requirements.
End-to-end SOC 2 preparation — from scoping and control design through evidence collection, auditor liaison, and remediation. Type I and Type II coverage.
Build a security program that fits where your company is now and scales to where it's going. Risk-based frameworks, policy architecture, and roadmaps executives can act on.
Help your team answer client security questionnaires, participate in vendor assessments, and present a mature security posture that closes deals and builds trust.
A clear-eyed view of your current risk posture — mapped against industry frameworks (NIST, ISO 27001, CIS) — with prioritized, practical remediation guidance.
Specialized expertise for Series B–E companies navigating rapid growth, M&A, new product lines, and expanding regulatory obligations — without slowing down the business.
About
"I've spent 24 years in the trenches of startup security — from scrappy Series B builds to complex Series E enterprises. I started SecureSail to give growing companies access to that experience without the cost of a full-time CISO."
Matt brings deep, practical expertise across the full spectrum of cybersecurity challenges that fast-growing startups face. His career spans security leadership roles where he built programs from scratch, passed rigorous audits, and defended against real-world threats — all while enabling business velocity.
Credentials
Industry-recognized certifications that underscore the depth and rigor behind every engagement.
* Update these cards to reflect your actual certifications.
How I Work
Every engagement follows a structured process — pragmatic, transparent, and built around your business goals.
Understand your environment, goals, risk appetite, and current security posture through interviews, documentation review, and technical discovery.
Map findings against the relevant framework (SOC 2, NIST, insurance requirements) and prioritize remediation by business impact and effort.
Build or strengthen the controls, policies, and processes needed — with your team's capacity and timeline in mind.
Stand beside you through auditor interviews, evidence requests, and findings remediation — from kickoff to final report.
Security isn't a one-time project. Retain ongoing access to strategic guidance as your company evolves, scales, and faces new challenges.
Let's Talk
Whether you're starting your first security program or preparing for a major audit, I'd love to have a conversation about where you are and where you're headed.