Matthew Webster has more than 25 years of experience in information technology and information security including the Chief Information Security Officer position within multiple companies – including being a Global Chief Information Security Officer. Towards that end, he has built many security programs from the ground up including the key performance indicators to help measure and manage the security programs. He has worked with cybersecurity frameworks including FISMA (NIST 800-53), HITRUST, HIPAA, SOC 2, ISO 27,001, MARS-E, and so on. He is also the author of Do No Harm Protecting Connected Medical Devices, Healthcare, and Data from Hacker and Adversarial Nation States. Presently he leads the Cybersecurity firm Cyvergence where he helps companies build the appropriate programs for their organizations.


Having started his professional career in 1997, Matthew Webster’s has a long and distinguished career in IT and Cybersecurity. Matthew’s journey started out in an IT capacity at a higher education institution where he quickly rose to run every IT aspect of the computer center. Even before his first Chief Information Security Officer (CISO) position, Matthew started building mature cybersecurity programs for the United States Federal Government – The Center for Medicare and Medicaid Services. Towards that end, Matthew worked on NIST SP 800-53 (FISMA), IRS 1075, and SAS 70. The program was extremely intense as we would sometimes have up to 8 audits in a given year. Eventually this catapulted Matthew to his first CISO position at Healthix. Healthix is a Regional Health Information Organization that ingested more than a million healthcare records daily. Here he worked with such cybersecurity frameworks as SOC 2, HITRUST, and MARS-E – again building the cybersecurity program from the ground up. Eventually Matthew moved into a Global Chief Information Security Officer (by role) at Galway Holdings. Here is balanced NIST CSF, SOC 2, and HITRUST and carefully walked the fine line between compliance and non-compliant systems under tough regulatory scrutiny. He also managed assessments across 5 other organizations and started to centralize the security processes almost as a MSSP. He also focused intensely on security related to mergers and acquisitions – building and standardizing that practice and serving as a lead for cybersecurity processes and integration across the organizations.

Matthew’s background does not stop there, however. He has focused heavily on education (Master or Arts), but also has received more than 20 IT and cybersecurity certifications including some major certifications such as the CISSP, CISA, CRISC, CEH GIAC: Law of Data Security and Investigation, SANS: Auditing Networks, Perimeters, and System, ITIL, and so on. He also regularly attends industry training such as RSA, HIMMS, Cloud Security Alliance, and so on. Matthew brings a wealth of knowledge and experience combined to truly provide a strong assessment and governance background for any organization.

Matthew has also spent several years in cybersecurity sales positions. He has looked at hundreds of products across a large range of technologies – many of which he has used personally. In many cases worked with customers and learned about the pros and cons of many of the solutions. He has helped customers compare and select products to best meet their unique environments and needs.

The full list of what Matthew has focused on has not been covered here, but it is sufficient to say that he brings a truly balanced position when it comes to security across a range of different industries including Federal, State, and commercial enterprises. He has a truly in depth understanding of regulatory compliance frameworks and a unique perspective on the balance between the innovation of the commercial security world and the more stagnant world of compliance. Currently, Matthew leads the cybersecurity firm Cyvergence as the CEO and CISO helping companies with many aspects of their cybersecurity, compliance, and risk needs.

Leadership Development for CISOs
Emotional Intelligence
Artificial Intelligence
CISO Training

I bridge business and cybersecurity. This means training cybersecurity leaders, executives, and so on. It also means risk management, AI, and so on.