Matthew Toussain

  • Certified Instructor
  • Twitter: @0sm0s1z

When he gets the chance, Matthew Toussain loves to take on an offbeat challenge. He's turned a closet into a server room, a table into a computer and a '76 Mustang into an electric car. He's also built an Alexa-enabled home entertainment system out of a car amp, a Raspberry Pi, a computer power supply unit, sheet metal, and plexiglass. It's that ingenuity that underscores his work as a certified SANS instructor.

Matthew has been a SANS instructor since 2016, and the inspiration that brought him here actually came from another instructor. "A SANS instructor changed my destiny," says Matthew. "The opportunity to have that kind of elemental impact on a newcomer's information security journey is singular, rare, and profound. I'm just glad for the chance to take part."

Since graduating from the U.S. Air Force Academy in 2012 with a B.S. in computer science, he has served as the senior cyber tactics development lead for the U.S. Air Force (USAF) and worked as a security analyst for Black Hills Information Security. In 2014, he started Open Security, which performs full-spectrum vulnerability risk assessments. 

His experience outside the classroom has given him opportunities to work on initiatives designed to protect people from terrorism. "I had a small part in national cyber defense. Specifically, after the Paris bombings on Nov. 13, 2015, I worked on programs designed to provide some additional early warning in the event of similar orchestrated attacks in the future."

For SANS, Matthew teaches SEC460: Enterprise Threat and Vulnerability Assessment and SEC560: Network Penetration Testing and Ethical Hacking. He worked with other SANS instructors to develop SEC460, Enterprise Threat and Vulnerability Assessment. Of the new course, Matthew writes, "Because SEC460 is a foundational course in the SANS penetration testing curriculum, it is itself a herald and a promise. For some newcomers, the first adventure with SANS is the spark of awakening for their inner hacker. It acts as a catalyst facilitating personal evolution and even genesis of a lifelong passion. The course authors, Adrien de Beaupre, Tim Medin, and myself, have meticulously crafted the SEC460 challenge to be a formative experience, attainable by all yet elementary to none."

An avid runner who also plays piano, guitar and violin, Matthew lives in Texas with a multitude of Cisco switches. In addition to teaching at SANS, he is an avid supporter of cyber competitions and participates as a red team member or mentor for the Collegiate Cyber Defense Competition (CCDC), the annual NSA-led event Cybersecurity Defense Exercise (CDX), and SANS Institute"s NetWars.

Summary of Credentials:

Qualifications Summary

  • Information security expert since 2008
  • Certified GIAC Security Expert (GSE)
  • Open source developer - Subterfuge Project, Acheron, Prismatica
  • SANS SEC460 course author
  • Red teamer and/or mentor for the CCDC, the CDX and NetWars 
  • Guest instructor at the University of Texas San Antonio
  • Guest speaker at various infosec conferences, including at the 20th anniversary of DEFCON

Get to Know Matthew Toussain


  • GSE (GIAC Security Expert)
  • CEH (Certified Ethical Hacker)
  • GSEC (GIAC Security Essentials)
  • GCIA (GIAC Certified Incident Analyst)
  • GMOB (GIAC Mobile Device Security Analyst)
  • GPEN (GIAC Certified Penetration Tester)
  • GCIH (GIAC Certified Incident Handler)
  • GCCC (GIAC Critical Controls Certification)
  • GCPM (GIAC Certified Project Manager)
  • Palo Alto EDU-201
  • Security+