User:Mchalmers

Matthew specializes in assurance, audit, compliance, control, governance, oversight, risk assessment/management, and security of information, information technology, and technology process.

Matthew has been involved with OWASP since about 2002. He can be reached at matthew . chalmers @ owasp . org.

OWASP Involvement

OWASP Wiki

• My wiki contributions

OWASP Projects

• Local Chapter Resources
• Certification Project (content owner/reviewer)
• Application Security Requirements Project (interim project manager)
• OWASP EU Summit 2008
  • OWASP PR Project
• Global Chapter Committee
• OWASP Global Summit 2011 - see my attendee bio
  • Audit Working Session Chair
  • PCI Working Session Co-Chair
  • Fundraising Appeal
• OWASP Governance Task Force
• OWASP Codes of Conduct
  • Certifying Bodies

OWASP Chapters

• Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the Washington DC chapter)
  • Active member 2004-2005
  • Recorded meeting minutes and maintained chapter web pages (pre-wiki)
• Founder and former chapter leader of the original Milwaukee chapter
• "Member-at-Large"
  • Chicago chapter (2005-2012)
  • Milwaukee chapter (2005-2016)
  • Madison chapter (2012-2016)
  • Minneapolis-St. Paul chapter (2016-Present)

Non-OWASP Involvement

• ACM (Association for Computing Machinery)
  • SIGACT (Special Interest Group on Algorithms and Computation Theory)
  • SIGCAS (Special Interest Group on Computers and Society)
  • SIGCHI (Special Interest Group on Computer-Human Interaction)
  • SIGSAC (Special Interest Group on Security, Audit, and Control)
• CSA (Cloud Security Alliance)
• EFF (Electronic Frontier Foundation)
• IACR (International Association for Cryptologic Research)
• IATFF (Information Assurance Technical Framework Forum)
• IEEE (Institute of Electrical & Electronics Engineers)
  • Communications Society
    • Communications and Information Security Technical Committee
  • Computer Society
    • Cybersecurity Community
    • Technical Committee on Security & Privacy
  • Information Theory Society
  • Signal Processing Society Information Forensics and Security Technical Committee
• IIA (Institute of Internal Auditors)
  • Milwaukee Chapter Member, 2006-2012; Secretary of the Board, 2009-2011
  • Madison Chapter
• IMI (Identity Management Institute)
• ISACA (Information Systems Audit and Control Association)
  • Kettle Moraine Chapter
• ISoc (Internet Society)
  • IETF (Internet Engineering Task Force)
    • SAAG (Security Area Advisory Group)
  • IRTF (Internet Research Task Force)
    • CFRG (Crypto Forum Research Group)
• NIST (National Institute of Standards and Technology) ITL (Information Technology Laboratory) CSD (Computer Security Division) CTG (Cryptographic Technology Group)
  • Cryptographic Key Management Project
• SANS Institute (System administration, Audit, Networking and Security Institute)
  • Mentor Program
• WASC (Web Application Security Consortium)
  • Articles Peer Review Team

"Credentials"

Certifications

• CDP - Certified in Data Protection
• CIAM - Certified Identity and Access Manager
• CIRM - Certified Identity Risk Manager
• ACE - AccessData Certified Examiner
• CCISO - Certified Chief Information Security Officer
• CISM - Certified Information Security Manager
• CCSK - Certified in Cloud Security Knowledge
• CRMA - Certified in Risk Management Assurance
• GCFA - GIAC Certified Forensic Analyst
• ITIL Foundation Certified
• CISA - Certified Information Systems Auditor
• CHS - Certified in Homeland Security
• CEH - Certified Ethical Hacker
• GSNA - GIAC-certified Systems and Network Auditor
• MCP - Microsoft Certified Professional

Education

• Master of Science, Information Assurance, Capitol Technology University
• Bachelor of Arts, Psychology & Philosophy, Missouri University of Science & Technology

Training

• CITI - Human Subjects Research (10/2014)
• IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
• IIA - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
• ISACA - Auditing & Securing Cloud-Based Services (1/2011)
• ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
• PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
• SANS - Computer Forensics, Investigation, and Response (4/2008)
• Entellus Technology Group - SAP ERP Basis Auditing & Security Risks (12/2007)
• SAP America - Virsa Compliance Calibrator Training (10/2006)
• IIA - SAP ERP Technical Audit (8/2006)
• SPI Dynamics - Web Application Security Assessment with WebInspect (11/2005)
• SANS - Hacker Techniques, Exploits and Incident Handling (10/2005)
• Infosec Institute - Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
• Mile2 - Certified Ethical Hacker Training (7/2004)
• Foundstone - Ultimate Web Hacking (9/2003)
• Siegeworks - Advanced AppAuditor Training (12/2002)
• SANS - Auditing Networks, Perimeters, and Systems (4/2002)
• Sanctum - AppScan AppAuditor Training (5/2001)
• National Cryptologic School - Information Systems Security Engineering (2/2000)
• National Cryptologic School - Operational Information Systems Security (11/1998)