Hi there! 👋

I'm Matt. And I'd like to share with you a few highlights about myself that I believe might help to summarize the widely diverse skill set my background entails.

The first time I ever heard of the term "autodidact" was during when I sat across the table from a veteran software engineer who had sought me out in response to a recorded lecture I did on "Applied Principles in Software Engineering." I later learned what that fully meant during the next 4-hours of our conversation.

Growing up in times of uncertainty and volatility, the complex fields of Information Technology has taught me the great importance of aptitude and adaptability: both of which are nearest and dearest to me when faced with new responsibilities, obscure problems, and challenges of the unknown. However, in my perseverance, I sometimes struggle with letting things just merely be “good enough,” when I have reason to believe it can be made better.

I've also become more acutely aware of the indismissible need for unity in team work: by the rewarding experience of camaraderie and productivity when partners share the same vision, working toward a common goal; and by the suffocating anxiety bred by undefined (else, neglected) industry procedures, lack of leadership, and the incessant competing between members of the same team.

Some will say that there is more to life than work, but reality contends that work itself makes up a very large part of our lives. And so, above and beyond the basic purpose of fulfilling my financial obligations and debt to society, I seek a healthy work environment: where a culture of excellence and humility is actively cultivated and met with opportunity and camaraderie.

With best regards,

Matt Borja

Quick Look

Web Development & Security
★ ★ ★ ★ ★

Full-stack enterprise web application development.

Security-conscious applications built on the formiddable ASP.NET MVC (C#) framework; database-backed by both relational database management engines (i.e. Microsoft SQL Server and Oracle) and document-oriented database engines (i.e. Couchbase, Mongo) with UI/UX investments in HTML 5, Bootstrap, and jQuery.

I also really love Ruby on Rails and Node.js (and the idea of Go), but just haven't had the opportunity to deploy as much with those.

Operations & Infrastructure
★ ★ ★ ★ ☆

Manual and automated system configuration of highly available application environments.

Load balanced environments configured manually and by convention (using fully loaded Puppet Enterprise) largely include operating systems built on (else derived from) enterprise operating systems including, but not limtied to: Red Hat, CentOS, Windows Server, and Server Core.

☆ I'm docking myself 1 star because I recognize DevOps is a full-time job I've not had the leisure to occupy in its entirety.

Project & Release Management
★ ★ ★ ☆ ☆

Balancing security standards with business requirements: an advocate for well-defined processes and relevant industry standards to achieve scale with consistency.

Experiential investments largely focused on holistically integrating and applying the features of Azure DevOps including but not limited to Repos, Boards, and Pipelines.

☆☆ This is also a full-time job I've had even less leisure to give my full attention to.

★ ★ ★ ★ ★

Balancing impetus with stakeholder expectations (and a little bit of stress-relieving humor): an advocate for excellence and the pursuit thereof.

A little shy of writing too much at times, but beyond the point of concealing blatant crap when I see it.

Industry Training


Some things I'm proud of

Assisted local city IT director in successfully deploying their first SAML 2.0 Identity Provider
Recouped service fees (FFP) in excess of $40,000 from vendor breach of website build project contract and executed full project requirements in-house using Cascade CMS
Launched new, mobile-friendly College Portal rebuilt in-house using ASP.NET MVC (C#), yielding 95% improvement to login times and application performance
Replaced CAS Service Management WebApp with custom Change Management solution using Azure Repos and Azure Pipelines
Successfully configured and deployed delegated Single Sign-On authentication for Office 365 applications orchestrating onload.js with first successful in-house ADFS Claims Provider supporting SAML 2.0
Succesfully configured and deployed first SAML 2.0 Identity Provider
First adoption of a Software Development Life Cycle process governed by Release Management using A successful Git branching model by Vincent Driessen, and Developing and Deploying with Branches and Deplyoments Best Practices by Beanstalk Guides
First adoption of Project Management using Azure DevOps for Project Managers by Cals Tutorials
Self-taught implementation of FIPS-197 in Arduino C
Challenge Coin received from Department of Defense for submitting valid findings during Federal Govt.'s first ever bug bounty program, Hack the Pentagon hosted by HackerOne
Contributed software patch accepted by Single Sign-On software provider, Jasig/Apereo CAS, resolving lack of cluster support in cryptographic operations via CAS-1386
Orchestration of computer lab imaging, inventory management, and post-installation tasks using Altiris, DeepFreeze, Windows PE, and AutoIt
Automated arrangement of desktop icons on Mac OS 9 during annual imaging using AppleScript
Automated import of 1k+ student accounts from Student Information System into Active Directory using Visual Basic script


  • Linux
  • .NET
  • C & C++
  • JavaScript
  • Network Security
  • Web Development
  • Computer Forensics
  • jQuery
  • Bootstrap
  • Digital Forensics
  • Continuous Integration
  • Electrical Engineering
  • Platform as a Service (PaaS)
  • Project Management
  • Arduino
  • Configuration Management
  • Web Security
  • MVC
  • HTML5
  • Cryptography
  • DevOps
  • Cloud Security
  • Infrastructure as Code
  • Penetration Testing
  • Test Driven Development
  • C#
  • Sass

⚠️ Hold up...

You'll eventually get to this, but out of common courtesy, I feel it would be best to let you know upfront that a new Legal section has been added to this website: outlining your legal obligations when accessing this website. Please take a moment to review that section before continuing, in the event there is something you do not agree with and need to excuse yourself.

The What and Why

Tradeskill For starters, this website was created on Friday, June 3, 2022 and built in GitHub Pages. Why?

  • The platform doubles as a form of "simultaenous cross-training" in minimally keeping me immersed in the various, familiar aspects of the software development life cycle and release management processes, even when all I'm doing is rambling on in a blog post about things no one else probably cares about.
  • Free static website hosting

Tradeskill Security The first thing I did when deciding what initial page to drop as my home page: I knew I wanted to use Bootstrap as a frontend framework for styling and handling responsive design, but opted to pair it with some starter HTML markup from HTML5 Boilerplate instead. And after making a few preferred adjustments to the markup and selectively offloading bandwidth optimization concerns to a CDN using Subresource Integrity, I had something I was satisfied with (both inside and out). Why?

  • I wanted to distance myself from the rather irritating and prolific "cookie-cut" experience that copy-and-paste produces.
  • HTML5 is a standard that didn't originate with Bootstrap.
  • I am more interested in things being done properly, consistently, and to the greatest degree of quality and semantic correctness possible (it's somewhat of an obsesssion of mine, you could say).
  • To the extent that Bootstrap, jQuery, and the endless list of other opinionated frameworks help me to achieve my personal goals, I'll use them on an as-needed basis. But at the point where they begin to obstruct me from reaching those goals, then may be the time to reconsider other options. As we say in software engineering, "...tools for the job."
  • Besides keeping large libraries out of my code repository (which I will likely never modify except to update them to the latest version), third-party Content Delivery Networks (or CDNs) bring infrastructure I simply don't have. I consider them "safe enough" to use when paired with "best effort" measures (i.e. SRI, except for when it's not supported) for mitigating asset compromises, etc.

Tradeskill Privacy I am not using Google Analytics on this website. Why?

  • I'm mostly interested in summary statistics showing unique page views for a given time period and after reconfiguring my DNS for this new website, I noticed I was already getting that information with Cloudflare Web Analytics; a product which the company (Cloudflare) provides the following assertion in their Privacy First policy there:

    We also don't "fingerprint" individuals via their IP address, User Agent string, or any other data for the purpose of displaying analytics. Our analytics are non-invasive and respect the privacy of your visitors.

Tradeskill I'm handcrafting most, if not all, of this website by hand. Why?

  • Besides being vicariously inspired by Robert Nystrom's website and book Crafting Interpreters through one of my employees at work, handcrafting enables me to design, architect, orchestrate, create, and ultimately materialize the ideas and goals I have about what I'd like to accomplish with this website, both in function and execution.
  • It also enables me to more naturally deploy things like custom attributes (i.e. nofollow link type to signify that the linked resource "is not endorsed by the author of this one, ... has no control over it, ... is a bad example or if there is commercial relationship between the two") as I'm writing them out, vs. having to remember to go back and fix them after I've already deployed the rest of the website.
  • Did I mention, this website was carefully crafted to not rely on any JavaScript? 0-script. How's that for "low code?"

Tradeskill Legal Speaking of handcrafted things, this might reasonably be a good time to disclose and apologize in advance to my friends and fellow professionals overseas who might be getting blocked trying to access other parts of this website. Why?

  • As a cryptography enthusiast (more on this later), parts of this website may be subject to U.S. Export Regulations and are therefore being restricted to U.S. and Canada residents only at this time.
  • Also, because it matters and you should care. So, please take a moment to review your legal obligations when using this website in the Legal section of this website.

Tradeskill I'm not writing very detailed commit messages at this time. Why?

  • There are times when I've almost written an entire press release for a single, admittedly large commit, as a personal accountability measure. However, going back to the introduction of this website; while I would love to impress you with an endless stream of well-written commit messages every time I change a line on this website, right now that's simply not my main focus.

Tradeskill Veracity At this time, I am only editing this website via GitHub's web interface. Why?

  • Besides the convenience of a portable IDE (device-agnostic, OS-agnostic, network-agnostic, etc.), I'm asserting authenticity of every change to this website via Vigilant Mode whereby you can go back into the change history of this repository and see that every commit is signed by me.
  • I have also added my other current PGP key to my account for future use, with the following fingerprint: F30FF4FC936584574EE3251833688C2EDC08CD38 (more on this later).

Tradeskill Security I use multifactor authentication for everything and unwieldy passwords that I commit to muscle memory. Why?

  • Being the amateur cybersecurity enthusiast I was some years back, I discovered a series of unrecognized login attempts as I went to review my Gmail sign-in history (as per "protocol," you know). Normally, I sit, point, and laugh at the feeble attempts that all get shoved to the curb, but on this particular day, I was the one getting shoved to the curb: "Successful login from Germany (blocked)." Somehow, Google knew enough to block successful logins based on geographical location (or something, I don't exactly know), but I knew enough to know that wouldn't last long and proceeded to turn on multifactor as a more deliberate countermeasure. I also knew at that point that someone else had successfully derived my 8-12 character password I was using around that time; and now that also needed to be rotated.

Tradeskill Veracity I'm currently writing a reference (now available) documenting the various processes I've had to use in independently verifying the authenticity of signing keys and the identity of their owners. Why?

  • Because high risk environments are within only a few clicks of highly skilled attackers; and can only be defended by high quality professionals who understand the non-negotiable duty of due diligence.
  • To streamline ID verification for those who trust me (see also Building your web of trust in Chapter 4 of The GNU Privacy Handbook).

Humor I crack the best jokes known to mankind in public forum, as often as the opportunity allows (which is not many). Why?

  • Because I often find them very relevant, clever, and funny; even when no one else does. I'm like the mischievous kid who knows how to make the teacher laugh at something they probably shouldn't be laughing at. It is always a race to see who can come up with the last pun...-ish...-ment.
  • Also, because my kids ask for them. And when your kids ask you for a dad joke, you know you got something going for you in life (even if all that is is dad jokes). You could say, it's what separates the dads from the men.

Work I sometimes start my day at 2:30 AM, even when work doesn't start until 7 AM. Why?

  • Because it is biologically impossible for engineers to get a good night's rest when the unicorn still hasn't revealed itself after the 4 hours spent looking at the same 5 lines of code (and when you try to help the situation, it only results in more things breaking). It's like a rain dance or ritual gone horribly wrong.
  • It also seems to be the only time I can get some quiet around here (except for when you have a refridgerator on its way out, filling the air with high engine idling noises)

Work I am the proud owner of a GTRACING Racing gaming chair (the one with the footrest). Why?

  • Besides enraging my middle with jealousy (what? he's got the rocker with bluetooth speakers so I don't see what the issue is...), the hard dining room chairs were killing my back after 2 hours of work.
  • Also, it's a convertible bed comfortable enough to sleep in (see 2:30 AM reference).

Work You may find, on occasion, commits made during the workday. Why?

  • It's called a company policy that provides for flex time during a 40-hour workweek
  • Another common/recurring example is me starting early (see also 2:30 AM reference)
  • Another common/recurring example is me staying late
  • Another common/recurring example is me working at night
  • Another common/recurring example is me working on my Fridays off during the Summer
  • Another common/recurring example is me working part of my weekends when I should be resting (like all day on a given Saturday)
  • Another reason is stress management
  • Another reason is knowing when to recognize stopping points and taking breaks before starting on another unit of work that's going to imprison me for the next 4 hours
  • Another reason is because I have a working relationship with my boss that provides for seasonal changes to my work schedule as needed
  • Another reason is personal accountability
  • Another reason is trust

Privacy I'm not big into social media. Why?

  • Besides normally being a monumental waste of time and capital source of noise, I find a lot of the overcrowded, overstated, mind-numbing, and explicitly disparaging competition to be rather quite nauseating.
  • I also deleted a Facebook account I wasn't really using for anything; once upon a long, long time ago (like, permanently and irrevocably deleted it). A few months later, I get a "We've missed you!" email from Facebook. "Click on this link to login!" I thought, "Login to what? My account I already deleted?" No, it was I who was the misinformed party. You figure out the rest. These were the days before GDPR (but it's probably still this way).

Life I'm not too big into overnight camping or hiking. Why?

  • Unplanned 🔥 wildfires (esp. while you're sleeping)
  • Unplanned widowmakers falling on you (also while you're sleeping)
  • Unplanned bear attacks; oh, not to mention: cougars, javelinas, mountain lions, tigers, cheetahs, wooly mammoths, Smallfoots, Bigfoots, Some-as-big-as-your-head-foots, Some-as-small-as-your-big-foot, pranksters, and muggers; all attacking you at the very same time, while you're sleeping, walking, or sleepwalking.
  • And while I'm okay with getting a little lost in the woods, I'm not okay with seeing beer cans left on the ground: particularly the ones you find off the beaten path, out in the middle of nowhere (i.e. there is someone else out here besides me...*snap*...wait, what was that sound?!?!

Life (I think I'm going to keep filling out this section with more entries over time. Why?)

  • Because it's been strangely therapeutic writing all these out and felt very natural and effortless pumping out a lot of content this way.
  • Also, because I hope it gives you a better idea as to who I am, what things I care about (conversely, what things I care about measurably less...wow, that sounded a little too diplomatic), and what to expect in the weeks and months to come.

Contact Information

Scan the QR code below to download my latest vCard:

vCard for Matt Borja

PGP Information

My current PGP key used for signing is as described below:

⭐ Interested in how I verify PGP key owners? See my Book of Verifications.