Matthew Green

DFIR, threat intel and research

Greater Sydney Area

About

Security professional with 18 years in the industry and a decade specialising in Digital Forensics & Incident Response (DFIR), Threat Intelligence and AI. Experienced in threat hunting, research and incident response at scale. Proven track record building DFIR capability, uplifting teams, and contributing to open-source projects.

Experience

  • Principal DFIR at InfoGuard AG
    Aug 2025 - Present · 1 yr

    Currently working on implementing AI workflows for CTI and DFIR.

  • Principal Threat Analyst at Rapid7
    Jun 2021 - Jul 2025 · 4 yrs 2 mos

    My focus areas are DFIR, threat intel and research. In my time at Rapid7 I have worked across incident response, malware research and threat intelligence. Major contributor to the open source Velociraptor project. Highlights: • Led DFIR / analysis during IR engagements, threat hunting and research tasks. • Developed threat intelligence workflows including adversary tracking, binary parsers, AI enrichment and incident data collection. • Developed internal DFIR content management process in use for engagements (VQL, yara). • Provided training and IR team enablement during engagements to improve DFIR skills (in house and customers). • Velociraptor community engagement - releasing public artifacts for community use. • Spoke at several conferences / published blog posts / DFIR workshops. • Attributed several points for my content work in Rapid7's MITRE EDR testing results. • Developed several Artificial Intelligence (AI) capabilities for use in DFIR and research tasks.

  • Principal Investigator - DFIR at CyberCX
    Jul 2020 - Jun 2021 · 1 yr

    In my time at CyberCX I focused on DFIR investigation and research. Some highlights included: • Automate DFIR site and agent setup (Velociraptor) for consulting engagements. This included cloud infrastructure, server, agent, content and relevant code signing to reduce a manual process that took hours to minutes; optimising delivery significantly. • Executed successful hunt resulted in the largest IR engagement revenues for the company at the time (~$1.4m). • Championed best practice tools for malware analysis, dynamic DNS and threat intelligence to influence team purchase and use.

  • IR Practice Lead at Cybereason
    Jul 2018 - Jul 2020 · 2 yrs 1 mo

    As part of the Nocturnus team, my role at Cybereason focused on Incident Response, Threat Hunting and research. Highlights: • Major contributor to the Velociraptor project - I was responsible for bringing Velociraptor in house as our DFIR agent. • Technical leadership in this space resulted in significant product sales, exponential IR capability investment and team expansion. • Added significant value to Cybereason MITRE EDR testing score with the use of DFIR.

  • Manager, Cyber Engineering - Detection at Commonwealth Bank
    Jul 2017 - Jun 2018 · 1 yr

    • Ad lib Detection activities across the bank focusing on systems by criticality. • Content Creation and Management with mapping focusing on MITRE ATT&CK framework. • Log onboarding and field extraction (Splunk and elastic). • Logging guidelines for Windows and Linux auditd policy. • Splunk detections