Felix Matenaar

Professional Summary

Engineering leader with 13 years of professional experience driving innovation with security for the most demanding applications, and mentoring high-performing teams. Passionate about advancing security and enabling trusted, scalable platforms.

Experience

Asana, San Francisco

Senior Engineering Manager (2022–2025)

• Managed across three functions: Product, Infrastructure, and Data Security
• Set priorities for a security organization of approximately 30, coaching managers to deliver results
• Identified top security risks highlighted to the company board, obtained funding
• Grew an AI security team for Asana's AI studio, ensuring it is a trusted platform
• Built security and performance guardrails for FedRAMP, enabling $37M ARR
• Ensured response to security incidents to preserve trust with customers

Block (formerly Square), San Francisco

Software Engineer, Engineering Manager (2019–2022)

• Built a team of 12 solving critical security engineering problems across all business units
• Enabled payments in international markets with tamper-proof mobile POS systems
• Led threat research and delivery of world-class tamper detection
• Reduced $10M in annual lost revenue to fraud through endpoint fingerprinting

Google, Mountain View

Software Engineer, Technical Lead (2016–2019)

• Created Cloud IAM Policy Intelligence, enabling least-privilege access for billions
• Partnered with ML teams to develop and launch IAM role recommendations
• Threat modeled Chrome's supply chain, preceding Google's SLSA efforts

Publications and Community Work

• Conference Program Review Committee (2025): BSidesSF – Reviewed conference program submissions across various areas including AI Security and Application Security.
• Podcast (2024): Building Resilient Security Practices – Guest appearance discussing scalable and resilient approaches to enterprise security at Asana.
• Conference Talk – OWASP (2024): Effective Security Design Review Program – Best practices for scalable security reviews in modern engineering organizations.
• Conference Talk – BSidesSF (2024): Effective Security on a Tight Budget – Strategies for maintaining strong security in resource-constrained environments.
• Patent (2015): Anti-Tamper Mechanism for Android Applications – Innovations in defending mobile apps from reverse engineering and tampering.
• Patent (2014): Android Hook Detection and Prevention – Techniques for detecting and mitigating runtime hooking on Android systems.
• Conference Talk – BlackHat USA (2013): Android Master Key Vulnerability – Presentation uncovering a critical flaw in Android's APK verification.
• Conference Talk – Source Dublin (2013): Android Reverse Engineering and Defenses – Exploration of reverse engineering tactics and corresponding defensive strategies.
• Research Paper (2012): CIS: The Crypto Intelligence System – Paper on automatic detection and localization of cryptographic functions in malware. Presented at IEEE MALWARE.

Education

RWTH Aachen University - Bachelor of Science, Computer Science (2008–2012)

• Thesis led to a conference paper accepted at the IEEE MALWARE Conference
• Distinguished participant in the Defcon CTF Las Vegas hacking competition, 2012
• Coursework: Mathematics, Security, Distributed Systems, Software Design and Testing

Hobbies

• Track days – You can occasionally find me at HPDEs (High-Performance Driving Events) in the Northern California area. My current best lap in a 2021 BMW M2 Competition is 1:51.14 at Sonoma Raceway.
• Scuba Diving – I've fallen in love with scuba diving since my initial certification in 2020. The various certifications I've pursued in recent years—including rescue, nitrox, drysuit, and intro to cave—have made me increasingly comfortable exploring the underwater world.
• Traveling – Explored 28 countries across all continents and counting :)