Matt Bromiley

Matt Bromiley is a principal incident response consultant at a top digital forensics and incident response (DFIR) firm where he assists clients with incident response, digital forensics, and litigation support. He also serves as a SANS GIAC Advisory Board member, a subject-matter expert for the SANS Securing The Human Program, and a technical writer for the SANS Analyst Program.  Matt brings his passion for digital forensics to the classroom as a SANS instructor for FOR508: Digital Forensics, Incident Response, and Threat Hunting, and FOR572: Advanced Network Forensics, where he focuses on providing students with implementable tools and concepts. 

"SANS is the only organization where I have seen students bursting to get out of class to apply their newly acquired skills to current casework," he says.  

Matt fell into this career somewhat by accident, taking on a junior analyst role because the team was great and the work sounded exciting. "My first day, I was working a keylogger case that required me to examine various hardware, test information, extract USB information, and decode logged keys," he recalls. "I was hooked!" 

Since then, Matt has built a wide-ranging career that gives him a broad perspective on digital forensics. He has helped organizations of all types and sizes, from multinational conglomerates to small, regional companies. His skills run the gamut from disk, database and network forensics to malware analysis and classification, incident response/triage and threat intelligence, memory analysis, log analytics, and network security monitoring.  

Along with traditional database forensics, Matt has experience deploying such tools as Elasticsearch, Splunk, and Hadoop to assist in large-scale forensic investigations, network security monitoring, and rapid forensic analysis on over 100 systems and over 10TB of logs. He has a particular interest in database and Linux forensics, as well as in building scalable analysis tools using free and open-source software.  

Matt understands the importance of making the information he's teaching relatable to students. "It's easy to picture every scenario as an advanced persistent threat attack, but some students don't perform those investigations," he explains. So Matt looks for the common ground among all of the specific artifacts and the bigger picture that each artifact helps develop, thus enabling students to enhance their investigations and succeed in their day-to-day careers. 

His extensive experience in digital forensics shines through in his teaching. An energetic, enthusiastic instructor, Matt sees digital forensics as a puzzle that is begging to be solved. He loves piecing together artifacts to tell a vivid story about what has happened, and he strives to inspire his students to have the same passion for "completing the puzzle".

Outside of work, Matt loves spending time with his family, cooking Texas BBQ, and making his house as automated as possible in hopes that it will one day do work for him.

Summary of Qualifications:

  • More than six years in digital forensics and incident response
  • GIAC Advisory Board Member
  • Subject-matter expert for the SANS Securing The Human Program
  • SANS Analyst Program writer

Get to Know Matt Bromiley:

Here's what students are saying about SANS Instructor Matt Bromiley:

"I really valued your lectures, and most importantly, your enthusiasm and expertise on forensics." - Robert S., New York Metropolitan Transportation Authority

"Matt continues to demonstrate passion for the topics being taught. The real-world examples he provides are a great addition to supplement the content in the book." - Michael F., Macquarie Group

"FOR508 lead by Matt Bromiley has dramatically increased my DFIR skills in less than a week, anyone serious about incident response or windows forensics must take this course" - Joe V., Moran Towing Corporation