About PlatformSecurity

Elite Offensive Security. Measured by Outcomes.

We are operators, researchers, and engineers who validate real risk, prove exploitability, and deliver fix paths teams can ship. US-based, senior-only, and proven in the wild.

Recognition

Our research, in the press.

See all press & publications

When we publish, the industry pays attention. Our proof-of-concept work on critical vulnerabilities has been covered by leading security outlets.

By the numbers

Credibility you can count.

Industry certifications held across the team
17
Industry certifications held across the team
Published CVEs
34
Published CVEs
Vulnerabilities surfaced
1,840+
Vulnerabilities surfaced
Engagements delivered
55+
Engagements delivered
Critical-finding rate on qualifying engagements
97%
Critical-finding rate on qualifying engagements

Zero junior operators.

17 certifications · the full wall

The team collectively holds 17 industry certifications across offensive security, cloud architecture, and emerging technologies, a depth most boutiques can't match.

  • OSCP
  • OSWE
  • OSCE
  • OSED
  • CRTO
  • GPEN
  • CISSP
  • CCSP
  • CEH
  • AWS
  • SEC+
  • NVIDIA AI
The team

Meet Our Experts

Operators, researchers, and tool-builders. The names below carry the CVEs, the frameworks, and the conference talks.

// Founder & Principal

Matthew Keeley

Founder

Zero-day researcher and RSA Conference speaker behind the CVSS 10 Erlang/OTP SSH exploit that made global headlines. He leads red teams deep inside Fortune 500 networks.

Red TeamingExploit DevLeadership

Diego Ramirez

Head of Zero Day Research

Runs our vulnerability discovery program. 30+ published CVEs across embedded systems and enterprise software.

Vulnerability ResearchExploit DevFuzzing

Connor Laidlaw

Senior Security Engineer

Leads our AI research initiatives and bridges secure application development with emerging AI security techniques.

Ruby on RailsAI ResearchApplication Security

Nathan Smith

Principal Security Researcher

Leads our capstone research program with Arizona State University and mentors emerging researchers. Reverse engineering, malware analysis, and threat intel.

Reverse EngineeringMalware AnalysisThreat Intel
View capstone

Alexander Aviles

Cybersecurity Researcher

Builds offensive tooling and post-exploitation frameworks, including the Eshu and Ender frameworks. First place in TryHackMe's Sapphire League.

C2 FrameworksExploit DevPython

Michelle Carter

Principal Security Researcher

Deep-dive research on emerging technologies and attack techniques, from adversary simulation to OSINT.

Adversary SimulationOSINTThreat Research

Joe Donovan

Principal Security Consultant

Mobile and IoT security assessments. Prolific bug bounty hunter.

Mobile SecurityIoTAPI Security

Jay Patel

Account Executive

Bridges technical depth with client needs and keeps engagements running clean from scope to delivery.

Client RelationsSalesProject Management
Our story

From a two-person ASU club to a boutique that ships real exploits.

  1. 2018

    Matthew Keeley and Allen Foust founded DevilSec at Arizona State University. It grew from two people to 1,400 members and the #1 university team in the world on Hack The Box.

  2. 2021

    DevilSec won Boeing's Drone Defense Competition, placed top-three at WRCCDC, and became a recruiting powerhouse for top-tier pentesters.

  3. 2022

    Matthew founded ProDefense (now Platform Security) after years of Fortune 100 security consulting. In its early years the team published 20+ CVEs and delivered zero-days to Fortune 500 companies and government entities.

  4. 2025

    Research on the critical Erlang/OTP SSH RCE (CVE-2025-32433) was covered across The Hacker News, BleepingComputer, and Tenable. The team continues to run on the WRCCDC red team and ship original research.

How we work

Our approach, not our adjectives.

  1. 01

    A senior operator on every engagement

    No junior bench, no checklist farm. The person testing your environment could exploit it for real, and writes your report.

  2. 02

    Full exploit chains over checklists

    Scanners find issues; attackers chain them. We pursue the path from foothold to impact.

  3. 03

    Reproducible proof

    Every critical comes with exact, re-runnable steps. No severity inflation.

  4. 04

    Engineer-ready fixes

    A prioritized, sequenced remediation path written for the people who ship it, then we re-test.

Research & community

A real research program, not a marketing one.

We partner with Arizona State University's Ira A. Fulton Schools of Engineering to mentor the next generation of offensive researchers. Students ship production-quality open-source tools back to the community.

Partner
Arizona State University
Ira A. Fulton Schools of Engineering
Program
Senior capstone projects
15-week research programs
Output
Open-source tools + advisories
Eshu · Ender · published CVEs
Explore capstone projects
Who we work with

Engagements across regulated, high-stakes environments.

  • Fintech
  • Healthcare
  • Federal
  • SaaS

US-based team only. Your sensitive data never leaves the country or touches offshore hands.

Our last three vendors all signed off on us as secure. Platform Security walked in and chained a path straight to our crown jewels that every one of them missed.
CISO · Series C fintech (under NDA)
Next step

Work With a Team That Delivers Proof.

If you need a high-conviction assessment with evidence-backed reporting and a practical remediation path, we should talk.