About

Matt Konda

I’m a security leader and technical founder with 27+ years of experience building software, breaking it, and leading teams that do both.

Most recently, I served as Head of Security at IonQ (2021–2026), a publicly traded quantum computing company, where I built the entire security program from the ground up. That meant everything — hiring a team of 12, achieving SOC 2, ISO 27001, CMMC, and PCI certification, managing security through six acquisitions, building a quantitative risk framework, and partnering with federal agencies on information sharing. Zero material breaches.

Before IonQ, I founded Jemurai, a security consulting firm I ran for 12+ years. We built a world-class penetration testing practice, delivered hundreds of engagements across quantum, finance, healthcare, and insurance industries, and created two SaaS platforms: SecurityProgram.io for security program management and JASP for cloud security assurance.

I served as OWASP Global Board Chair (2016–2017), leading the 40,000+ member application security community through its maximum board terms. I’ve spoken at DefCon, OWASP AppSecUSA, LASCON, RailsConf, GotoCon, and many other conferences.

I wrote Building a Security Program, a practitioner’s guide covering NIST standards, risk management, application security, incident response, and security automation.

What I bring

Technical depth + leadership. I write code daily — currently building AI-powered security tools with Claude and Codex for vulnerability discovery, code analysis, and automated remediation. I’m not evaluating vendor slide decks; I’m building the tools myself.

Builder’s mindset. Whether it’s a security program, a SaaS product, or a consulting practice, I’ve built things from zero and watched them mature. I know what it takes to go from “we have nothing” to “we passed the audit.”

Security breadth. Application security, cloud security, network security, supply chain security, insider threat, physical security, GRC, incident response, penetration testing — I’ve done the work across all of these domains, not just managed teams doing them.

Background

• M.S. Computer Science — Rensselaer Polytechnic Institute
• B.A. Biology & History — Brown University
• 27+ years in software engineering and security
• Languages: Python, Go, Ruby, Java, JavaScript
• Cloud: AWS, GCP
• Frameworks: NIST 800-53, SOC 2, ISO 27001, CMMC, PCI DSS, FAIR

Connect

• Email: matt@kondasecurity.com
• LinkedIn: linkedin.com/in/mattkonda
• GitHub: github.com/mkonda
• Speaking: speakerdeck.com/mkonda