C. Mathew Sorensen

Biography Representative Matters Presentations Publications
C. MathewSorensen
Of Counsel
President, Formidify

Matt Sorensen brings 20 years of experience as an information security practitioner in many industries and for companies of all sizes. He is an attorney, licensed to practice in the state of Utah and holds seventeen professional certifications in data security and privacy, including the Certified Information Systems Security Professional (CISSP) and Certified Information Privacy Professional (CIPP) designations. 

Matt has provided virtual CISO services for clients in finance, banking, insurance, health care, manufacturing, e-commerce and software. Matt focuses on helping companies unable to hire a dedicated cybersecurity executive. Matt works with company leaders to expand their span of control over cybersecurity risk, arming them with ways to better steer the organization through the threats found in our connected business landscape.

He has prepared for and managed data breach events and provided oversight of incident response and investigation teams.  Matt has extensive experience in drafting and implementing information and privacy policies and procedures and advising clients on data breach prevention, cyber-attack readiness and response, information governance, and regulatory compliance.


Practice Areas



Mitchell Hamline College of Law, St. Paul, Minnesota (J.D., January 2010)

Utah Valley State College (B.S., Computer Science, magna cum laude, May 2001)


Professional Certifications

CISSP – Certified Information Systems Security Professional
HCISPP – Healthcare Information Security and Privacy Practitioner
PCIP – Payment Card Industry Professional
CISA – Certified Information Systems Auditor
CRISC – Certified in Risk and Information Systems Control
CIPP/US – Certified Information Privacy Professional, U.S.
CIPP/E – Certified Information Privacy Professional, Europe
CIPM – Certified Information Privacy Manager
CIPT – Certified Information Privacy Technologist
CHP – Certified HIPAA Professional
CSCS – Certified Security Compliance Specialist
CEDS – Certified E-discovery Specialist
GSEC – SANS GIAC Security Essentials
GCFA – SANS GIAC Forensic Analyst
GLEG – SANS Legal Professional
GCIH – SANS GIAC Certified Incident Handler



Utah State Bar Association, Cybersecurity & Privacy Law Section, Vice Chair/Chair, April 2013-April 2016

Member of Information Systems Audit & Control Association

Member of International Association of Privacy Professionals (IAPP)


President, Avanyu Acres Homeowners Association, Cedar Hills, UT, January 2011-April 2014.


U.S. Dist. Court, Dist. of Utah


Mitchell Hamline College of Law