Matthew Sobota

• Member of Meta's Counter Espionage Team responsible for identifying, investigating, and disrupting Nation State and Private Sector Offensive Actors abuse of platform services.
• Analyzed large complex dataset using SQL, Python, Pandas, Claude/GPT/Muse, Tableau, and other technologies to aid in discovery, analysis, and effectiveness of mitigation efforts.
• Productionized AI-native agentic workflows for ingesting and triaging threat intelligence to build detection signals.
• Developed threat actor behavior pattern detections to improve speed and accuracy while identifying strategies for addressing detection gaps in product vulnerabilities or abuse.
• Led organization's crisis investigative response team responsible for analyzing and executing high priority escalations. Provided strategic and tactical direction to the 16 analysts supporting the overall program.
• Conducted additional support to Youth Safety, Human Exploitation, Dangerous Organizations, and Information Operations investigations across platforms to reduce risks to users and improve Trust & Safety.
• Strengthened the broader security community's understanding of various cyber threats by contributing to Meta's public reporting on adversarial actors and other information sharing initiatives.

Federal Bureau of Investigations - Cyber Division/National Cyber Investigative Joint Task Force (2013-2018)

• Operational lead for team of network threat analysts responsible for generating Intelligence Community reporting derived from analysis of network data, forensically acquired host images, malware analysis, and additional surveillance capabilities.
• Analyzed netflow and PCAP to identify anomalous and/or malicious content.
• Reverse engineered network/malware communications protocols allowing for identification of infrastructure, functionality, transport methods, and decoding of control processes.
• Develop network (SNORT) and malware (YARA) signatures for identification of malicious activity.
• Author and co-contributor on Intelligence Community Assessments and Presidential Daily Briefs.

National Security Agency (2010-2013)

• Investigated and contributed to the understanding of Nation State Espionage capabilities through exploitation of Signals Intelligence.
• Aid investigating global computer networks intrusions in order to determine scope, identify adversarial capabilities, and threat attribution.
• Identify and analyze adversarial threats to US interests by projecting the future cyber environment and adversary capabilities, intentions, Tactics, Techniques, and Procedures (TTPs).
• Actively worked with Law Enforcement and Intelligence Community peers to share intelligence, conduct operations, and organize additional activities that provide a greater understanding of the threat to US interests.

United States Army Cyber Command / 1st IO

• Analyzed threat intelligence data to identify potential risks and vulnerabilities related to Army DoDIN platforms, providing tactical and strategic solutions to reduce risks.
• Conducted long term, all-source analysis of state and non-state actor use of technologies for command and control by analyzing both classified and open source resources.
• Produced Intelligence Information Reports (IIRs) related to ongoing intelligence investigations, broadening the Intelligence Community's understanding of threats to computer systems.