Matt Thomas

Distinguished Engineer.

Matt Thomas is a distinguished engineer in Verisign's chief security officer (CSO) applied research division. His research focuses on numerous aspects of internet security, stability and resiliency including but not limited to DDoS attacks, domain name abuse, miscreant behavior within the Domain Name System (DNS), and large-scale measurements and evolving trends in internet architectures.

Thomas is responsible for supporting an array of activities across the company including data driven analytical functions for Verisign’s value-added services, supporting internal research initiatives, external engagement, and supporting critical data analysis efforts. Thomas has more than 15 years of experience working with large distributed data collection and analysis systems.

Prior to joining Verisign in 2008, Thomas worked as a software engineer at AT&T. He was responsible for designing and implementing a distributed data collection system that measured and analyzed the operational performance of systems and services hosted by AT&T throughout the world.

Thomas earned a Bachelor of Science in computer science and Master of Science in information systems and technology from The Johns Hopkins University. He has authored more than 10 peer-reviewed publications and he has been awarded 11 patents from the USPTO. He is in good standing as a Certified Information Systems Security Professional (CISSP) and Certified Hadoop Developer (CDH).

Recent posts by Matt Thomas:

Verisign Outreach Program Remediates Billions of Name Collision Queries

A name collision occurs when a user attempts to resolve a domain in one namespace, but it unexpectedly resolves in a different namespace. Name collision issues in the public global Domain Name System (DNS) cause billions of unnecessary and potentially unsafe DNS queries every day. A targeted outreach program that Verisign started in March 2020 has remediated one billion queries per day to the A and J root name servers, via 46 collision strings. After contacting several national internet service providers (ISPs), the outreach effort grew to include large search engines, social media companies, networking equipment manufacturers, national CERTs, security trust groups, commercial DNS providers, and financial institutions.

Qname minimzation blog header image

Maximizing Qname Minimization: A New Chapter in DNS Protocol Evolution

Data privacy and security experts tell us that applying the “need to know” principle enhances privacy and security, because it reduces the amount of information potentially disclosed to a service provider — or to other parties — to the minimum the service provider requires to perform a service.  This principle is at the heart of qname minimization, a technique described in RFC 7816 that has now achieved significant adoption in the DNS.


Revisiting How Registrants Can Reduce the Threat of Domain Hijacking

Recent events1,2 have shown the threat of domain hijacking is very real; however, it is also largely preventable. As Verisign previously noted3, there are many security controls that registrants can utilize to help strengthen their security posture. Verisign would like to reiterate this advice within the context of the recent domain hijacking reports.