GeekMasher's Blog
Hi — I’m Mathew Payne (you may know me online as @GeekMasher).
I focus on practical application security: helping engineering teams shift left using static analysis, developer-friendly tooling, and automation.
Background
I’m focused on application security, developer workflows and secure automation.
| Current / past roles | Time period |
|---|---|
| Field Specialist, XBOW | September 202 - Present |
| Founder, 42ByteLabs | January 2024 - Present |
| Field Security Architect, GitHub | August 2020 - September 2025 |
| Professional Service Engineer, Checkmarx | April 2019 - July 2020 |
| Senior Security Consultant, Synopsys | December 2016 - April 2019 |
| Security Consultant, Cigital | May 2016 - December 2016 |
What I do
- Static code analysis, SAST integrations and CodeQL work
- Penetration testing and application security assessments
- Training, workshops, and Webinars
- Container security and DevSecOps enablement
- Secure code review and automated security testing
- Building open-source security tools and small developer utilities
My goal is simple: help teams find and fix security issues earlier in the development lifecycle so security becomes an enabler rather than a blocker.
Career highlights
I studied Ethical Hacking and Countermeatures at Abertay University, which shaped how I think about systems and attacker behaviour. I began in consultancy focussed on penetration testing, threat modelling, and training, before moving into application security and tooling.
Today I work with engineering teams to integrate security into their CI/CD pipelines, adopt SCA/SBOM practices, and make static analysis actionable for developers.
Speaking, projects and writing
I speak and run workshops on container security, SCA/SBOMs, static analysis, and practical DevSecOps. Slides, demos and code live in the presentations repository — perfect if you want the full slide deck or demo artefacts.
If you’re organising an event or want a hands-on workshop, open an issue on a repository or drop a note on GitHub.
What I write about
You’ll find recurring themes across the site:
- Security deep-dives: practical, long-form tutorials on CodeQL, SAST, SCA and vulnerability hunting.
- Tooling & how-tos: configuration guides and productivity notes (ZSH, dotfiles, developer workflows).
- Dev-focused engineering: CI/CD, DevSecOps patterns and integrating security into development workflows.
- Language & platform experiments: hands-on notes and tutorials (Rust is a recurring topic).
- Talks and presentations: summaries, slide decks and demo rundowns.
- Projects and launches: open-source project announcements and quick-start guides (e.g., Konarr).
I prefer practical, example-driven posts so you can reproduce ideas quickly and apply them to real projects.
Outside of work
- Reading (tech and business)
- Running and keeping fit
- Photography and gaming
Get in touch
Find my work on GitHub: @GeekMasher. For talks, collaborations, or questions, open an issue on one of my repositories or reach out via GitHub.