About

Industry pioneers, mature methodologies, and experience personnel set Piscis apart.

Matt Fisher

Matthew Fisher

Principal Application Security Engineer
and CEO

Background

Matthew Fisher was the first Security Engineer hired by SPI Dynamics - arguably one of the most successful web application security companies in the industry. During his 7 year tenure in the web application security field, Mr. Fisher performed application assessments and consulted to hundreds of customers in the Federal Government, Department of Defense, E-Commerce, and Financial industries.

He left Hewlett-Packard in 2008 (less than a year following the acquisition of SPI Dynamics) to start Piscis. An expert in application security assessments, Mr. Fisher is credited with several original vulnerabilities, exploit and testing techniques to his name, and is an accomplished writer and speaker.

Representative Accomplishments

  • A well regarded industry expert whom has been published several times in print and online media, and presented at hundreds of events including:
    • Multi-annual appearances at the National Security Agency’s Red/Blue Conference
    • Multi-annual appearances at the DoD Cybercrime Conference
    • Multi-annual appearances at the Defense Information Warfare Conference
    • Multi-annual appearances at the Air Force Information Technology Conference
    • Multi-annual appearances at ShmooCon, the only Washington D.C. area “hacker” conference
    • ToorCon, Gartner, CSI, ISC2, SANS, DallasCon, ShakaCon, InfoSecurity and many others.
  • An expert web application penetration tester with an extremely high success rate of surpassing expectations during assessments and finding important vulnerabilities
  • Security researcher with multiple credits in the web application vulnerability and testing space including unique discoveries in SQL Injection and Script Injection techniques..
  • Wrote multiple checks and reporting information for a popular commercial web application scanner
  • Innovated developed and refined web application security testing methodologies that encompass full range of risks far beyond capabilities of automated scanners.
  • Created and conducted multi-day application security training courses, attended by some of the top penetration testers in the country.
  • Contributed to the creation and development of several extremely well known web application security training and certification courses
  • Published in multiple print and online venues.
  • Contributing author for Google Hacking for Penetration Testers (Syngress), editor of Web Security Testing Cookbook (O’Reilly)
  • Has held the CNS, MCP, CCSA, CCSE, CISSP and SCA certifications, from Novel, Microsoft, Checkpoint, and SPI Dynamics.