Ransomware isn't a technology problem anymore - it's a board-level business continuity crisis masquerading as an IT incident. Most mid-market executives don't fully understand the stakes until they're looking at a ransom note and their ERP is offline.
Cybersecurity Operator Defending Mid-Market America
Founder & CEO · SOClogix Cyber Group
Matt Johnson built SOClogix Cyber Group from the ground up - a Baltimore–Washington cybersecurity operations firm specializing in MDR, incident response, identity threat detection, and cyber resilience for mid-market organizations. An operator first: hands-on across ransomware response, penetration testing, detection engineering, and AI governance. Available to provide credible, real-world media commentary on the threats making headlines.
Typically responds within 30 minutes · Same-day bookings accepted

Matt Johnson
Founder & CEO · SOClogix Cyber Group
Topics & Expertise Areas
Real-world operational experience across every major threat category - context a journalist or producer can actually use on air.
Ransomware & Extortion
Ransom decision frameworks, negotiation context, recovery economics, and business continuity impact when mid-market organizations go dark.
MDR & SOC Operations
How modern detection and response actually works inside a 24/7 SOC - tooling, analyst workflows, MTTD vs. MTTR, and what real coverage looks like.
Incident Response
First-hour containment, forensic preservation, attack-timeline reconstruction, and recovery across ransomware, BEC, and Active Directory compromise.
Identity Threat Detection
Account takeover mechanics, Entra ID attack paths, MFA bypass, and why identity is the new perimeter for Microsoft-first organizations.
AI in Cybersecurity
The adversarial AI threat curve, AI-assisted phishing automation, and building AI governance inside security operations - including PromptForge.
SMB & Mid-Market Risk
The economics of enterprise-grade security for sub-$500M organizations - what they actually need, and what they cannot afford to skip.
Compliance & Breach Disclosure
Navigating HIPAA, SEC cyber rules, PCI-DSS, and state notification timelines - with the clock running and regulators already watching.
Microsoft 365 Security
How attackers weaponize M365 misconfigurations, the most common identity attack paths, and what hardened M365 monitoring looks like.
Active Directory & Entra
Golden Ticket attacks, Entra ID privilege escalation, and why most organizations have zero identity-layer visibility until it's too late.
Security Operations Centers
What a real 24/7 SOC looks like, how to evaluate vendors, and what separates genuine detection engineering from compliance theater.
Builder, Not Just a Commentator
Matt Johnson doesn't comment on cybersecurity from a think tank or a law firm. He runs an active Security Operations Center, leads real incident response engagements, and ships detection engineering code. His commentary is grounded in what's happening in the threat landscape today - not theoretical frameworks.
That operational credibility makes his media commentary distinctive: specific, verifiable, and grounded in the mid-market organizations that are most frequently targeted and least prepared.
Founder & CEO · SOClogix Cyber Group
Built one of the Baltimore–Washington corridor's leading MSSPs from the ground up - now protecting organizations across healthcare, finance, manufacturing, and government.
Architect · Shield MDR Platform
Designed and operates SOClogix's proprietary managed detection and response platform, built on LimaCharlie's cloud-native security infrastructure.
24/7 SOC Operations Leader
Oversees continuous threat monitoring, detection engineering, and analyst-driven response - not alerts-in-a-portal, but active human-led investigation.
Incident Response · Active Engagements
Hands-on IR leadership across ransomware, business email compromise, Active Directory compromise, and cloud environment breaches.
Penetration Testing Program
Leads a penetration testing practice covering network, application, and social engineering engagements for clients in regulated industries.
Builder · PromptForge AI Governance SaaS
Developed PromptForge, an AI governance platform helping organizations implement policy, audit, and control frameworks around generative AI usage.
Detection Engineering & Rule Pipeline
Version-controlled, peer-reviewed detection rule development - CI/CD-tested and shipped continuously to stay ahead of evolving threat actor TTPs.
Identity Threat Monitoring (ITDR)
Real-time monitoring of Entra ID, Active Directory, and hybrid identity environments for credential abuse, lateral movement, and privilege escalation.
Multi-Framework Compliance Operator
Practical compliance implementation across HIPAA, PCI-DSS, SOC 2, CMMC, and NIST CSF - with breach notification and regulatory response experience.
LimaCharlie Cloud-Native Infrastructure
Strategic LimaCharlie partner - security infrastructure that scales from SMB to enterprise without the legacy SIEM tax.
The perimeter died a decade ago and organizations still haven't rebuilt their security model around that reality. Identity is the new perimeter - and Active Directory is the master key that attackers are already using while most defenders are still watching the firewall.
AI hasn't changed the attack surface - it's changed the speed at which attackers can weaponize it. Defenders need to stop thinking in annual review cycles and start thinking in days. The adversary's iteration speed just got an order of magnitude faster.
Book Matt for Your Story
Media Contact
- Media Direct Line
- (443) 847-1428
24/7 for breaking cyber incidents
- Media Email
- [email protected]
- Headquarters
Baltimore–Washington Corridor
Catonsville, MD · On-site available in metro area
Available For
Producer Notes
- Speaks in plain language - no jargon without explanation
- Comfortable with live, unscripted breaking news formats
- Will give specific, on-record assessments - not hedged generalities
- Technical depth available for trade and specialist audiences
- Can translate complex attacks for general audiences in real time
- Background briefings available off the record for pre-interview context
Producer Quick Facts
- Name
- Matt Johnson
- Title
- Founder & CEO, SOClogix Cyber Group
- Location
- Baltimore–Washington Corridor (Catonsville, MD)
- Organization
- SOClogix Cyber Group - MDR & Incident Response
- Experience
- 15+ years cybersecurity operations
- Availability
- Same-day · Breaking news 24/7
- Response time
- Typically within 30 minutes
- On-camera
- Studio-quality remote - camera, lighting, professional audio
- On-site
- Baltimore–Washington metro area
- Audience fit
- National business / tech news · Trade press · Regional TV & radio
- Languages
- English
- Media contact
- [email protected] · (443) 847-1428
Media Assets
Approved copy, headshot, and additional press materials - ready to use.
Approved Short Bio - Copy Ready
Matt Johnson is the Founder & CEO of SOClogix Cyber Group, a Baltimore–Washington based cybersecurity operations firm specializing in managed detection and response (MDR), incident response, identity threat detection, and cyber resilience for mid-market organizations. He operates the company's 24/7 Security Operations Center, leads active breach response engagements, and built the Shield MDR platform. Matt is available for media commentary on ransomware, AI in cybersecurity, identity-based attacks, breach response, and the real-world threats facing America's mid-market businesses.
Executive Biography
Full professional biography, one-paragraph short bio, and approved boilerplate copy for publication.
Request PDFProfessional Headshots
High-resolution photography suitable for print, broadcast chyron, and digital publication.
Request PhotosCompany Fact Sheet
SOClogix Cyber Group overview - services, client profile, office locations, and key differentiators.
Request SheetReady to Talk to a Real Practitioner?
Matt Johnson provides credible, on-record cybersecurity commentary for journalists, producers, and editors covering breaking news, threat landscape shifts, and mid-market cyber risk.
SOClogix Cyber Group · Catonsville, MD · Baltimore–Washington Corridor · Leadership Team