Matt Edmondson

Alongside his current role as Principal at Argelius Labs, Matt Edmondson is a SANS Principal Instructor and author of SEC497: Practical Open-Source Intelligence (OSINT). He has been doing OSINT professionally for the past decade. According to Matt, having learned his OSINT skills as an adult already in the workforce rather than through formal education, makes him a better teacher. “I remember the fear and pain points that I hit learning this stuff,” he says, noting that he can help others get past that.

“I never went to school for subjects like digital forensics and OSINT and have learned them as an adult in the workforce. I’ve failed before and I’ll fail again, but I just keep trying to improve and grow.” That underpins his key message to students: It is not how many you win, it’s how many you show up for.

More About Matt


Matt Edmondson started his cybersecurity career in a non-technical role over twenty years ago. “I would notice things that needed to be done and figure out ways to do them,” he says. “Next thing you know, you’re considered the ‘technical’ person.”

As a curious person who always wants to figure things out, he developed a strong interest in digital forensics. Matt’s employer at the time allowed him to make forensics his focus, the company had no budget for any training, equipment, etc. That is when he started researching quality forensics training and ended up seeing SANS over and over again. “One thing I’ve always loved about forensics is how impartial you can be. You don’t try to prove any agenda, you just analyze the artifacts and give your thoughts on what they show.”

Matt never set out the be a SANS instructor. “I did some contracting work for SANS, doing things like beta testing new labs. Then I was asked to be a teaching assistant for the mobile device hacking class, which – after initially feeling extremely nervous about – ended up being an amazing week. I figured it would be a one-time deal, but a few months later I got asked to help with another class. I remember Chad Tilbury asking me if I was becoming an instructor and I said ‘no.’ Chris Crowley laughed and said: ’Yeah he is, he just doesn’t know it yet!’ As usual, he was right.”

Matt has been doing OSINT professionally for the past decade. He stood up two OSINT units that are both still going strong and have led or assisted in hundreds of investigations. He has also developed an OSINT course which he’s taught to law enforcement and government personnel across the world. Additionally, he’s consulted with and assisted numerous private sector companies, including several in the Fortune 100.

“Einstein said that if he couldn’t explain something simply, he didn’t understand it well enough,” Matt says. “That has always been one of my favorite quotes and I always keep this in mind when teaching and writing course materials. Learning how things work at a very low level has really helped me explain things in understandable terms.”

When it comes to OSINT, Matt has a great deal of real-world experience in both the ”traditional” investigation fields such as law enforcement and intelligence as well as in helping Cyber Threat Intelligence groups at several large organizations. “This experience not only helps me understand what really matters, but it helps give me a wide array of experiences I can use to help students tie concepts and techniques to real-world examples.”

Matt holds 11 GIAC certifications, including the GREM, GCFA, GPEN, GCIH, GWAPT, GMOB, and GCIA. In addition, he holds the Offensive Security Certified Professional (OSCP) certification. “I have also received several awards at work, but honestly, getting promoted to SANS Certified Instructor is the highlight of my career. Not only for the hard work that it took to achieve but also for the amazing people that form the group that I am now part of.”

To unwind Matt really loves to play video games - the classic ones preferably. “Oh, and I am also a lifelong baseball fan,” he says. He’s been a fan “ever since my mom used to take me to beer league softball games at night, and I would chase down fly balls and return them to the snack bar in exchange for free snacks.”

Hear Matt talk about Basic Persistent Threat (Modeling)


This Anti-Tracking Tool Checks If You're Being Followed - Wired


Weaponizing the Deep Web - SANS OSINT Summit 2020

Best Practices and Lessons Learned from Starting Up OSINT Teams