Matthew Venne

Architected and built from the ground up — a hardened, FIPS-compliant, near-zero-vulnerability Rust-based agentic platform (variant of the OpenClaw framework) running on Google Cloud Run in a FedRAMP production SaaS environment. Leverages Vertex AI Gemini to autonomously execute SRE and compliance workflows without human intervention: incident response, tenant provisioning, Ansible playbook generation, FedRAMP 20x vulnerability analysis, and Significant Change Notification drafting.

A purpose-built Go CLI serving as the secure, zero-trust interface between Peregrine and the enterprise security stack — VCS, Change Management, EDR, Vulnerability Management, and CSPM. Designed as an MCP-callable tool and Claude Code subprocess, enabling "LLM proposes, CLI executes, log proves" compliance automation patterns. Uses GCP Service Account Impersonation and Identity-Aware Proxy for auditable, credential-less automation. Reduced agent token usage by 25% and response time by 40%.

Authored the multi-year architecture roadmap establishing GCP as the organization's default execution layer. Terraform- and Ansible-managed infrastructure supporting six government agencies, 17 SaaS cells, 100+ VMs and databases, and 20+ TB of managed data — sustained at 99.99% uptime. Led modernization of two production SaaS platforms, reducing operational costs 70%+ ($1M annual savings) while improving reliability, deployment velocity, and security posture.

Established enterprise AI governance framework: usage policies, risk guardrails, model access controls, audit logging, and boundary-aware orchestration — enabling organization-wide AI adoption within FedRAMP authorization boundaries. Led AI enablement across 40+ engineers: prompting standards, review workflows, approved model and tool combinations, IP protection policies, and data handling guardrails. Certified IEEE CertifAIEd Assessor for Responsible AI.

Led deployment of TCloud — a FedRAMP High Landing Zone in GCP that achieved authorization in 10 weeks start-to-finish with a prime contractor engineering team. Designed a multi-cloud hub-and-spoke VPC architecture with AWS, Azure, OCI, and on-premise interconnects, utilizing Palo Alto NGFWs for full east-west and north-south inspection. Led VPC design, Terragrunt implementation, and Workforce Identity Federation implementation as the solo engineer from stackArmor.

Solo engineer from stackArmor leading the 12-week migration from Cloud Endure to AWS Disaster Recovery Service. Led AWS VPC Design and coordinated with on-prem networking teams to ensure Direct Connect dynamic BGP routing was properly configured. Managed the installation of DRS agents and policy migrations with zero loss of coverage. Authored custom AWS Step Functions to automate Route Table updates based on Entra ID Public IP changes, limiting outbound internet access.

Deployed an IaC CI/CD pipeline for a FedRAMP High and IRS 1075 compliant Landing Zone in AWS GovCloud (pre-dating CDK and Control Tower availability). Architected a 20+ account, 20+ VPC environment interconnected via Transit Gateway for full-mesh on-premises connectivity. Automated configurations for GuardDuty, CloudTrail, and fleet-wide security agent installation on EC2 instances using AWS Systems Manager (SSM).

Served as the dedicated AWS Architect SME, delivering critical infrastructure optimizations and security enhancements. Implemented a centralized, multi-account AWS Backup configuration. Integrated Palo Alto Next-Generation Firewalls (NGFW) with AWS Gateway Load Balancer for scalable traffic inspection. Performed comprehensive optimization of existing Amazon EKS (Elastic Kubernetes Service) clusters for performance and reliability.