// security · operations · program leadership

Matthew L.
Smith

Building Security & Risk Programs That Scale —
at the infrastructure level most organizations never encounter.

25+ years at Google Microsoft + more
Get in touch See the work

// about

The story behind
the work

I've spent my career at the intersection of physical security, data operations, and program management — building things that didn't exist before and solving problems that didn't have obvious solutions yet.

At Google, Microsoft, and before, I stood up programs from scratch that secured data and systems at a scale most organizations never encounter. That meant working across engineering, operations, and executive leadership simultaneously — translating complex technical risk into strategies that made sense for the business, and then driving them to completion.

What I've realized is that the skills I've developed — designing instrumented programs for chain of custody and asset traceability, building cross-functional consensus, and establishing trust at the executive level — matter far beyond the hyperscaler world. Industries like clean energy, AI infrastructure, and healthcare technology are grappling with exactly these problems, often without people who've solved them before.

0
Years in tech infrastructure & security
0
Years at Google & Microsoft combined
Programs built from scratch with VP approval
🌐
Global scope across multiple continents

Open to full-time leadership & fractional / advisory engagements

// career

Where I've been
and what I built

Microsoft Corporation 2019 – present
Director, Supply Chain Security & Risk Management Jan 2025 – Present

Atlanta, GA

  • Expanded charter to drive security impact across the broader operational supply chain, beyond data bearing devices.
  • Defined requirements for a new traceability program covering non-DBD devices that present IP or operational risk.
  • Continued oversight of Physical Security operations and DBD security screening continuous improvement.
supply chain · traceability · physical security
Director, Data Bearing Device Security May 2019 – Dec 2024

Atlanta, GA

  • Hired to build a new team and program from scratch — responsible for security and chain of custody of all data bearing devices across Microsoft's global data center footprint.
  • Led VP-approved initiative to fundamentally re-imagine DBD security strategy globally.
  • Drove cross-functional programs: over-the-wire wiping, circular economy / part re-use, labeling standardization, Kaizen workshops.
founded from scratch · VP-level · global program
Google, Inc 2007 – 2019
Program Manager, Global Manufacturing Engineering Dec 2018 – May 2019

Atlanta, GA

  • Joined newly formed team formalizing and scaling Google's production hardware manufacturing operations globally.
  • Built DataStudio dashboards for partner teams; established documentation standards across manufacturing, platforms, and 3PL teams.
Program Manager, Hardware Operations Data Security Jan 2014 – Dec 2018

Lithia Springs, GA

  • Initiated and led projects to drastically reduce offline processing requirements for production media across Google data centers globally — presented to and gained VP approval for high-level policy changes.
  • Expanded scope to include tape backup operations; grew the team by two PMs.
  • Implemented first program-wide metrics and security alerting; authored SLA with service owner.
VP-level policy · metrics & alerting · team growth
Data Security Functional Lead Apr 2012 – Jan 2014

Lithia Springs, GA

  • Led Hardware Operations Data Security program; reported KPIs monthly to HW Ops leadership, quarterly to VP/SVP.
  • Served as incident commander for a global media stop-shipment event — drove erase workflow changes that improved security posture while maintaining supply chain throughput.
  • Conceived and managed development of a new software verification tool that served as exit criteria for the incident.
incident command · software development · global scope
Hardware Operations Manager (I & II) Aug 2007 – Apr 2012

Atlanta Area, GA

  • Hired into Google's rapidly growing Atlanta operations; managed Suwanee — Google's largest colocation at the time — leading 7–20 FTEs and contractors.
  • Co-developed tools, software, and processes for Google's original Disk Erase program — the foundation for what became a global data security operation.
  • Managed a major vendor power incident: coordinated remediation, return-to-service sequencing, and stakeholder communications.
led disk erase program · incident management
Aon eSolutions 1998 – 2007
Chief Security Officer 2004 – Aug 2007

Marietta, GA

  • Appointed CSO following CISSP certification; security representative in sales, contract negotiations, and pre-sales audits.
  • Led SAS-70 certification process; designed and implemented security policy and controls.
  • Developed Disaster Recovery plan and designed / procured replication and failover infrastructure.
CISSP · SAS-70 · CSO
Data Center Operations Manager 1998 – 2004

Marietta, GA

  • Employee #11 at Risk Labs (later Aon eSolutions); managed all infrastructure as the company grew from seed stage through AIG and Aon investment.
  • Designed and managed construction of an n+1 redundant data center to host RiskConsole, the company's first online RMIS offering.
employee #11 · built the data center

// public record

Work that's
publicly visible

Most of my work lives behind NDAs and security classifications — that's the nature of the field. But some of it has surfaced publicly. Below are examples of the programs, policies, and initiatives I've contributed to that you can read about directly.

How Google Protects Your Data — showing the disk erase cage
1:15
Google Workspace · Official Video · Published
How Google Protects Your Data

Google's official video showing the disk erase cage, equipment, and physical destruction process — the workspaces, workflows, and hardware I designed. The segment starting at 1:15 shows the secure cage and processing equipment I selected and helped spec.

Watch on YouTube
♻️
Google · Circular Economy · Published
Google's Circular Economy: 2.1M Units Resold

Google's account of how drives that pass the disk erase process are resold and reused globally — over 2.1 million parts resold in a single year. The hard drive portion of the resale program was made possible by the disk erase and verification program I ran: only drives that passed our process could be certified for resale. This page also describes the physical destruction process — the crusher, the shredder — for drives that couldn't be cleared.

Read on Google Sustainability
🗑️
Google · Data Security · Published
How Google Tracks & Destroys Every Hard Drive

Google's published account of "Layer 6: Disk Erase" — barcodes and asset tags tracking every drive from acquisition to destruction, the multi-step erase formatter, and physical destruction for drives that can't be wiped. I built this program: designed the workflows, selected the equipment (including the secure lockers and hydraulic punchers and shredders pictured), and worked with vendors to design and test destruction equipment at scale.

Read on Google Blog
🔐
Google Cloud Blog · Published Oct 2025
The Future of Media Sanitization at Google

The final chapter of the program I built. Google can now cryptographically erase drives so reliably — NIST 800-88 compliant, with multiple independent verification layers — that physical shredding is no longer required. The article describes the "trust-but-verify model" at the core of the system: a phrase and an approach I championed in the program years earlier. The environmental payoff: drives that would have been shredded are now recovered, reused, and fed back into the circular economy.

Read on Google Cloud Blog
♻️
Microsoft · Circular Centers · Published 2025
Microsoft Circular Centers: 90.9% Reuse Rate

Microsoft's Circular Centers reclaimed 3.2M+ components and achieved a 90.9% reuse/recycling rate in 2024 — fulfilling 85% of spare parts demand from harvested inventory. I helped design the first Circular Center in Boydton, VA: the physical layout, physical security requirements (never done before at this scale), and operations requirements for material movement. I also drove the on-wire wiping program that lets full racks move with drives still installed — unlocking the economics that make the whole model work.

Read Microsoft Circular Centers

// beyond the resume

The things I build
because I want to

📡
Atlanta Freenet
Founder & President · 2001–2006

Built community-owned free wireless internet infrastructure across Atlanta years before municipal Wi-Fi was mainstream. Designed and deployed centrally managed captive portal nodes at homes and businesses — testing wireless distribution at the limits of what was commercially available.

🏠
Home Lab
Ongoing

Running a self-hosted Kubernetes cluster with Ceph distributed storage managing over 300TB of data across multiple nodes. Everything from monitoring (Prometheus/Grafana) to media to home automation runs here — because understanding infrastructure means running infrastructure.

📻
Amateur Radio
Licensed since 1991

Licensed amateur radio operator for over three decades. Ham radio was my first real introduction to the idea that infrastructure you build and operate yourself teaches you things you can't learn any other way.

// contact

Let's talk

If your organization is scaling fast and needs someone who's built these programs before — without having to learn the hard lessons from scratch — I'd welcome a conversation.

[email protected] LinkedIn

Open to

Full-time leadership roles Fractional engagements Advisory roles Clean energy AI infrastructure Healthcare technology