Tech That MattRs

About

I’m Matthew Romero, a technical storyteller and operator-minded product marketing leader. I write TechThatMattRs as field notes for people who have to operate the mess: identity sprawl, hybrid environments, SaaS entropy, audit pressure, incident response, and now AI agents just made everything both exponentially harder and easier at the same time.

My work lives at the intersection of identity security and execution. I focus on the problems that show up in production, not the ones that sound good on a slide. Things like:

  • Inventory before policy. You cannot govern what you cannot see.
  • Ownership as a control. “No owner” is a security finding, not an inconvenience.
  • Least privilege based on effective permissions, not assumptions.
  • Boundaries that match how systems actually work, especially across SaaS, cloud, and data.
  • Receipts that stand up in audits and incident response.

I’ve spent more than 20 years around enterprise technology, with deep roots in the Microsoft ecosystem. I came into this world from the IT side, not the marketing side, which is why I write the way I do: practical, direct, and engineered for reality. Over time, I moved into technical product marketing because I kept seeing the same failure pattern: smart products and smart teams losing credibility when the story didn’t match how the system actually behaved.

That’s also why I write about the corporate side of this work. Security and identity programs don’t ship themselves. They’re carried by real people in real roles: SDRs trying to communicate value without overselling, sales engineers trying to demo under pressure, product managers balancing tradeoffs, and PMMs translating technical truth into messaging that the market can actually use. My goal is to connect those dots with honest, reusable guidance.

What you’ll find here

  • Vendor-neutral frameworks for identity security, access governance, and non-human identity management
  • Practical notes on agentic AI and what it changes about access, authorization, and blast radius
  • Security program mechanics: how to operationalize governance without turning it into paperwork theater
  • Technical PMM craft: how to build credible content, demos, and narratives that survive scrutiny

Why I write this

Because the hard problems keep repeating, and too much “thought leadership” avoids the parts that hurt. I want this to be the opposite: a library of patterns and playbooks you can apply regardless of which tools you use.

If you’re working in identity, SecOps, platform engineering, or security go-to-market and you care about what holds up in the real world, you’re in the right place.

Matt in Office
Is this your new site? Log in to activate admin features and dismiss this message
Log In