Hi, my name is

Matt.

I hack things

I specialize in offensive security, testing applications and infrastructure the way attackers would. I focus on practical exploitability, clear reporting, and helping teams fix root causes instead of symptoms.

Resume
Matt Andreko profile image

About Me

Matt Andreko profile picture

I’m a security professional and researcher who’s curious about how systems really work, and how they break. My career has focused on application security, vulnerability research, and building safer software, but my interest in security goes well beyond the day job.

I currently work on the Application Security team at Bitwarden, where I help identify weaknesses early, improve secure development practices, and think critically about how to build software people can trust.

Outside of work, I spend a lot of time experimenting. I enjoy pulling apart hardware, building custom electronics, and exploring the edges of embedded systems and hardware security. I’m drawn to the hands-on side of security, understanding systems from the silicon up through the application layer.

Here are a few technologies I've been working with recently:
  • Rust
  • Python
  • JavaScript/Typescript
  • Burp Suite
  • Microcontrollers & Custom Electronics
  • Docker

Experience

Senior Security Consultant - TrustedSec
Dec 2018 - Jan 2025
I worked as a Senior Security Consultant at TrustedSec where I conduct red team attack simulations and simulate real attacker tactics, techniques and procedures against customer environments, helping organizations uncover weaknesses before they are found by malicious actors. I wrote custom tools to automate tasks, perform advanced adversary simulation and support clients with clear reporting and mitigation recommendations.
Senior Red Team Consultant - Accenture (FusionX)
Jun 2015 - Dec 2018
I served as a Senior Red Team Consultant at Accenture where I performed full scale red team attack simulations against external customer networks, maintained persistence in compromised environments to demonstrate realistic attack paths, and conducted in depth research to refine and improve methodologies in response to evolving threats.
Security Consultant - Optiv (Accuvant LABS)
Sep 2012 - Jun 2015
I provided onsite and remote security consulting at Optiv where I conducted penetration testing, vulnerability assessments, web application security assessments, internal and external network assessments, social engineering and wireless assessments. I developed custom tools and communicated findings to technical teams and executive stakeholders logically and clearly.
Senior Software Analyst - Leaf Software Solutions
Jul 2011 - Sep 2012
At Leaf Software Solutions I developed web based management software for automotive dealer services, refactored legacy .NET code to improve maintainability and cleanly incorporated modern patterns, did research tasks for future development, and identified security weaknesses in codebases.
Software Developer III - Dominion Dealer Solutions (Autobase)
Jun 2010 - Jul 2011
I worked on CRM software for the automotive industry, participated in an agile SCRUM product lifecycle, helped migrate source control to Git, and collaborated with vendors to integrate web based scanning services that improved user experience and performance.
Software Developer - Key Benefit Administrators
Apr 2007 - May 2010
I built in house applications based on specifications, helped maintain stable scalable services and custom reporting tools, and collaborated with team members to deliver quality commission and benefits related software.
Software Developer / System Administrator - On Ramp Indiana
Aug 1999 - Apr 2007
I served as a Software Developer and System Administrator where I provided technical support, developed custom software, and managed network engineering tasks. I helped deliver solutions to diverse technical problems and support needs across operations.

Recent Projects

Reddit Notifier
Rust Reddit TUI
Reddit Notifier
A Rust project providing notifications on subreddit activity.
Rustdesk Lan Discovery Nmap Script
LUA Nmap Rustdesk
Rustdesk Lan Discovery Nmap Script
An Nmap script to perform enumeration of Rustdesk services on the local network.
MtG Jumpstart Inventory Face Card Generator
NodeJS MtG AI Tooling
MtG Jumpstart Inventory Face Card Generator
A tool to create custom face cards for Jumpstart sets of MtG which have the original face card on one side, and an inventory of all the individual cards on the other, ready for printing.

Certifications

OSCE
The OSCE is an advanced certification focused on exploit development and complex attack techniques. It demonstrates deep technical proficiency in discovering, analyzing, and weaponizing vulnerabilities, reflecting a strong understanding of low level systems and offensive tradecraft.
OSCP
The OSCP is a hands on penetration testing certification that validates practical offensive security skills. It requires identifying, exploiting, and documenting real world vulnerabilities in a controlled lab environment under time constraints, proving the ability to think critically and pivot under pressure.

Get in Touch

My inbox is always open. Whether you have a question or just want to say hi, I’ll try my best to get back to you!
Mail me