Difference between revisions of "User:Mchalmers"

Revision as of 05:03, 14 December 2011 (view source) Mchalmers (talk | contribs) ← Older edit		Latest revision as of 19:34, 25 October 2019 (view source) Mchalmers (talk | contribs) m (→‎OWASP Chapters)
(251 intermediate revisions by the same user not shown)
Line 1:		Line 1:
−	<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa">https://www.owasp.org/images/thumb/8/8e/Chalmers%2C_Matthew.jpg/150px-Chalmers%2C_Matthew.jpg</div><div style="text-align: justify;">I have been doing information security and related work my entire professional career, since earning my bachelor's degree from the [http://www.mst.edu/ Missouri University of Science & Technology] (formerly the University of Missouri-Rolla). I have worked for large public, private and government organizations in the defense, finance and manufacturing industries including the National Security Agency, JPMorgan Chase and Rockwell Automation; currently I am Chief Auditor - Information Technologies at [http://www.marshfieldclinic.org/patients/?page=about_legacy Marshfield Clinic]. I hold the [http://www.isaca.org/cisa CISA], [http://www.theiia.org/recent-iia-news/index.cfm?i=16487 CRMA], [http://www.giac.org/certifications/audit/gsna.php GSNA], [http://www.giac.org/certifications/forensics/gcfa.php GCFA], [http://www.eccouncil.org/certification/certified_ethical_hacker.aspx CEH] and [http://www.abchs.com/about/ CHS] certifications and I am [http://www.itil-officialsite.com/ ITIL] v3 Foundation certified. I currently specialize in information technology assessment, audit, compliance, control, governance, management and security.	+	<div align="left" style="float: left; margin: 0 4px 0 0; padding: 1px; border: 1px solid #aaa;">[[File:Chalmers,_Matthew.jpg|174px]]</div>Matthew Chalmers has been involved with OWASP since about 2002 and can be reached at matthew ''dot'' chalmers ''at'' owasp ''dot'' org.
−	I have been involved with [[Main_Page|OWASP]] since about 2002 and can be reached at '''matthew''' ''dot'' '''chalmers''' ''at'' '''owasp''' ''dot'' '''org'''.</div><br clear="all"><br>	+	<br style="clear: both;">
	==OWASP Involvement==		==OWASP Involvement==
	===OWASP Wiki===		===OWASP Wiki===
−	* [[:Special:Contributions/Mchalmers|My wiki contributions]]	+	* [https://www.owasp.org/index.php?limit=500&tagFilter=&title=Special%3AContributions&contribs=user&target=Mchalmers&namespace=0&year=&month=-1 My wiki contributions]
	===OWASP Projects===		===OWASP Projects===
Line 12:		Line 12:
	* [[:Category:OWASP Application Security Requirements Project|Application Security Requirements Project]] (interim project manager)		* [[:Category:OWASP Application Security Requirements Project|Application Security Requirements Project]] (interim project manager)
	* [[OWASP EU Summit 2008]]		* [[OWASP EU Summit 2008]]
−	** [https://lists.owasp.org/mailman/listinfo/owasp_pr_project OWASP PR Project]	+	** [http://lists.owasp.org/mailman/listinfo/owasp_pr_project OWASP PR Project]
	* [[Global Chapter Committee]]		* [[Global Chapter Committee]]
−	* [[Summit 2011]]	+	* [[Summit 2011|OWASP Global Summit 2011]]
	** [[Summit_2011_Working_Sessions/Session082|Audit Working Session Chair]]		** [[Summit_2011_Working_Sessions/Session082|Audit Working Session Chair]]
	** [[Summit_2011_Working_Sessions/Session080|PCI Working Session Co-Chair]]		** [[Summit_2011_Working_Sessions/Session080|PCI Working Session Co-Chair]]
	** [[Summit_2011/Funding/Matt_Chalmers|Fundraising Appeal]]		** [[Summit_2011/Funding/Matt_Chalmers|Fundraising Appeal]]
−	* [https://lists.owasp.org/mailman/listinfo/governance OWASP Governance Task Force]	+	** [[Summit_2011_Attendee_Bios#Chalmers.2C_Matthew|Attendee bio]]
		+	* [http://lists.owasp.org/mailman/listinfo/governance OWASP Governance Task Force]
		+	* [[OWASP Codes of Conduct]]
		+	** [https://www.owasp.org/index.php/OWASP_Codes_of_Conduct#tab=Certifying_Bodies Certifying Bodies]
		+
	===OWASP Chapters===		===OWASP Chapters===
−	* Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the [[Washington_DC|Washington DC]] chapter).	+	* Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the [[Washington_DC|Washington DC]] and [[Baltimore]] chapters)
−	** Active member 2004-2005.	+	* Founder and former chapter leader of the original [[Milwaukee]] chapter
−	** Recorded meeting minutes and maintained chapter web pages (pre-wiki).	+	* Member
−	* "Member-at-Large" of the [[Chicago]] and [[Madison]] Local Chapters.	+	** [[Chicago]] chapter (2005-2012)
−	* Presently organising a new chapter in [[Milwaukee]].	+	** [[Milwaukee]] chapter (2005-2016)
−		+	** [[Madison]] chapter (2012-2016)
		+	** [[Minneapolis_St_Paul|Minneapolis-St. Paul]] chapter (2016-Present)
		+	<!--
	==Non-OWASP Involvement==		==Non-OWASP Involvement==
−	* [http://www.acfei.com/ ACFEI] (American College of Forensic Examiners Institute)	+	* [http://www.acm.org/ ACM] (Association for Computing Machinery)
−	* [http://www.eccouncil.org/ EC-Council] (International Council of Electronic Commerce Consultants)	+	** [http://www.sigact.org/ SIGACT] (Special Interest Group on Algorithms and Computation Theory)
−	* [http://www.graftonarealivearts.us/ GALA] (Grafton Area Live Arts)	+	** [http://www.sigcas.org/ SIGCAS] (Special Interest Group on Computers and Society)
−	** Webmaster	+	** [http://www.sigchi.org/ SIGCHI] (Special Interest Group on Computer-Human Interaction)
		+	** [http://www.sigsac.org/ SIGSAC] (Special Interest Group on Security, Audit, and Control)
		+	* [http://www.word-detective.com/2013/03/scuttlebutt/ CANOE] (Committee to Ascribe a Nautical Origin to Everything)
		+	* [http://www.cloudsecurityalliance.org/ CSA] (Cloud Security Alliance)
		+	* [http://www.eff.org/ EFF] (Electronic Frontier Foundation)
		+	** [https://www.eff.org/about/opportunities/volunteer Cooperating Tech]
		+	* [https://www.fsisac.com/ FS-ISAC] (Financial Services Information Sharing and Analysis Center)
		+	** [https://www.fsisac.com/about/committees Research Survey Committee]
		+	* [http://www.iacr.org/ IACR] (International Association for Cryptologic Research)
	* [http://csrc.nist.gov/nissc/1999/program/isso/sld077.htm IATFF] (Information Assurance Technical Framework Forum)		* [http://csrc.nist.gov/nissc/1999/program/isso/sld077.htm IATFF] (Information Assurance Technical Framework Forum)
−	* [http://www.computer.org/ IEEE Computer Society]	+	* [http://www.ieee.org/ IEEE] (Institute of Electrical & Electronics Engineers)
−	** [http://www.ieee-security.org/ Technical Committee on Security & Privacy]	+	** [http://www.comsoc.org/ Communications Society]
−	* [http://www.isoc.org/ ISoc] (Internet Society)	+	*** [http://cms.comsoc.org/eprise/main/SiteGen/TC_CIS/Content/Home.html Communications and Information Security Technical Committee]
−	** [http://tools.ietf.org/area/sec/trac/wiki IETF SAAG] (Internet Engineering Task Force Security Area Advisory Group)	+	** [http://www.computer.org/ Computer Society]
		+	*** [http://cybersecurity.ieee.org/ Cybersecurity Community]
		+	*** [http://www.ieee-security.org/ Technical Committee on Security & Privacy]
		+	** [http://www.itsoc.org/ Information Theory Society]
		+	** [http://www.signalprocessingsociety.org/technical-committees/list/ifs-tc/ Signal Processing Society Information Forensics and Security Technical Committee]
	* [http://www.theiia.org/ IIA] (Institute of Internal Auditors)		* [http://www.theiia.org/ IIA] (Institute of Internal Auditors)
−	** [http://www.theiia.org/chapters/index.cfm/home.page/cid/19 Milwaukee Chapter] board of governors, 2009-2011; Secretary & Webmaster, 2011-2012	+	** [https://chapters.theiia.org/milwaukee/Pages/default.aspx Milwaukee Chapter] Member, 2006-2012 & 2015-2016; Secretary of the Board, 2009-2011
		+	** [https://chapters.theiia.org/madison/Pages/default.aspx Madison Chapter] Member, 2012-2015; Invited Speaker, 2016
		+	* [http://www.identitymanagementinstitute.org/ IMI] (Identity Management Institute)
	* [http://www.isaca.org/ ISACA] (Information Systems Audit and Control Association)		* [http://www.isaca.org/ ISACA] (Information Systems Audit and Control Association)
−	** Active member of the [http://www.isaca-km.org/ Kettle Moraine] chapter	+	** [http://isaca-km.org/ Kettle Moraine Chapter] Member, 2006-2016; Invited Speaker, 2014
−	* [http://www.niap-ccevs.org/ NIAP] (National Information Assurance Partnership)	+	* [http://www.isoc.org/ ISoc] (Internet Society)
		+	** [http://www.ietf.org/ IETF] (Internet Engineering Task Force)
		+	*** [http://tools.ietf.org/area/sec/trac/wiki SAAG] (Security Area Advisory Group)
		+	** [https://irtf.org/ IRTF] (Internet Research Task Force)
		+	*** [https://irtf.org/cfrg CFRG] (Crypto Forum Research Group)
	* [http://www.nist.gov/ NIST] (National Institute of Standards and Technology)		* [http://www.nist.gov/ NIST] (National Institute of Standards and Technology)
−	** [http://www.nist.gov/itl/ ITL] [http://www.nist.gov/itl/csd/ CSD] [http://www.nist.gov/itl/csd/ct/ CTG] Cryptographic Key Management Workshop participant	+	** [http://www.nist.gov/itl/ ITL] (Information Technology Laboratory)
−	* [http://www.pikapp.org/ Pi Kappa Phi], [http://www.pikapps-mst.org/ Gamma Lambda Chapter]	+	*** [http://www.nist.gov/itl/csd/ CSD] (Computer Security Division)
−	** Alumni Housing Corps Historian, Webmaster	+	**** [http://www.nist.gov/itl/csd/ct/ CTG] (Cryptographic Technology Group)
		+	***** [http://csrc.nist.gov/groups/ST/key_mgmt/ Cryptographic Key Management Project]
	* [http://www.sans.org/ SANS Institute] (System administration, Audit, Networking and Security Institute)		* [http://www.sans.org/ SANS Institute] (System administration, Audit, Networking and Security Institute)
−	** [http://www.sans.org/mentor/ Mentor] for courses [http://www.sans.org/training/description.php?mid=98 SEC-508]: Computer Forensics, Investigation, and Response; and [http://www.sans.org/training/description.php?mid=6 AUD-507]: Auditing Networks, Perimeters & Systems	+	** [http://www.sans.org/mentor/ Mentor] Program
−	* [http://www.village.grafton.wi.us/ Village of Grafton, Wisconsin]
−	** [http://www.village.grafton.wi.us/index.aspx?nid=290 Board of Review]
−	** [http://www.village.grafton.wi.us/index.aspx?NID=289 Zoning Board of Appeals]
	* [http://www.webappsec.org/ WASC] (Web Application Security Consortium)		* [http://www.webappsec.org/ WASC] (Web Application Security Consortium)
−	** [http://projects.webappsec.org/w/page/13246984/WASC-Community WASC Articles Peer Review Team Member]	+	** [http://projects.webappsec.org/w/page/13246984/WASC-Community Articles Peer Review Team]
	=="Credentials"==		=="Credentials"==
	===Certifications===		===Certifications===
−	* CISA - Certified Information Systems Auditor	+	* [http://www.identitymanagementinstitute.org/cdp/ CDP] - Certified in Data Protection
−	* CRMA - Certified in Risk Management Assurance	+	* [http://www.identitymanagementinstitute.org/ciam/ CIAM] - Certified Identity and Access Manager
−	* GSNA - GIAC Certified Systems and Network Auditor	+	* [http://www.identitymanagementinstitute.org/cirm/ CIRM] - Certified Identity Risk Manager
−	* GCFA - GIAC Certified Forensic Analyst	+	* [http://www.accessdata.com/training/certifications  ACE] - AccessData Certified Examiner
−	* CEH - Certified Ethical Hacker	+	* [http://www.eccouncil.org/ciso/ CCISO] - Certified Chief Information Security Officer
−	* CHS - Certified in Homeland Security (Level III)	+	* [http://www.isaca.org/cism CISM] - Certified Information Security Manager
		+	* [http://cloudsecurityalliance.org/education/ccsk/ CCSK] - Certified in Cloud Security Knowledge
		+	* [http://na.theiia.org/certification/crma-certification CRMA] - Certified in Risk Management Assurance
		+	* [http://www.giac.org/certifications/forensics/gcfa.php GCFA] - GIAC Certified Forensic Analyst
		+	* [http://www.itil-officialsite.com/Qualifications/ITILQualificationLevels/ITILFoundation.aspx ITIL] Foundation Certified
		+	* [http://www.isaca.org/cisa CISA] - Certified Information Systems Auditor
		+	* [http://www.abchs.com/certification/chsiii.php CHS] - Certified in Homeland Security
		+	* [http://www.eccouncil.org/certification/certified_ethical_hacker.aspx CEH] - Certified Ethical Hacker
		+	* [http://www.giac.org/certifications/audit/gsna.php GSNA] - GIAC-certified Systems and Network Auditor
		+	* [https://www.microsoft.com/en-us/learning/microsoft-certified-professional.aspx MCP] - Microsoft Certified Professional
−	===Education & Training===	+	===Training===
−	* MISTI/ISACA - Auditing & Securing Cloud-Based Services (1/2011)	+	* CoalFire - Adaptive Penetration Testing (5/2018)
−	* ISACA - Information Security Management Course & Strategies for Implementing IT Governance Course (12/2010)	+	* CITI - Human Subjects Research (10/2014)
		+	* IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
		+	* IIA - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
		+	* ISACA - Auditing & Securing Cloud-Based Services (1/2011)
		+	* ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
	* PDS/SOScorp - ITIL v3 Foundation Course (9/2008)		* PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
−	* SANS – Computer Forensics, Investigation, and Response (4/2008)	+	* SANS - Computer Forensics, Investigation, and Response (4/2008)
−	* Entellus Technology Group – SAP ERP Basis Auditing & Security Risks (12/2007)	+	* Entellus Technology Group - SAP ERP Basis Auditing & Security Risks (12/2007)
−	* SAP America – Virsa Compliance Calibrator Training (10/2006)	+	* SAP America - Virsa Compliance Calibrator Training (10/2006)
−	* IIA/Deloitte – SAP ERP Technical Audit (8/2006)	+	* IIA - SAP ERP Technical Audit (8/2006)
−	* SPI Dynamics – Web Application Security Assessment with WebInspect (11/2005)	+	* SPI Dynamics - Web Application Security Assessment with WebInspect (11/2005)
−	* SANS – Hacker Techniques, Exploits and Incident Handling (10/2005)	+	* SANS - Hacker Techniques, Exploits and Incident Handling (10/2005)
−	* Infosec Institute – Advanced Ethical Hacking: Expert Penetration Testing (1/2005)	+	* Infosec Institute - Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
−	* EC-Council/Mile2 – Certified Ethical Hacker Training (7/2004)	+	* Mile2 - Certified Ethical Hacker Training (7/2004)
−	* Foundstone – Ultimate Web Hacking (9/2003)	+	* Foundstone - Ultimate Web Hacking (9/2003)
−	* Siegeworks – Advanced AppAuditor Training (12/2002)	+	* Siegeworks - Advanced AppAuditor Training (12/2002)
−	* SANS – Auditing Networks, Perimeters, and Systems (4/2002)	+	* SANS - Auditing Networks, Perimeters, and Systems (4/2002)
−	* Sanctum – AppScan AppAuditor Training (5/2001)	+	* Sanctum - AppScan AppAuditor Training (5/2001)
−	* Bank One University (1/2001 – 2/2005)	+	* National Cryptologic School - Information Systems Security Engineering (2/2000)
−	** Numerous soft skills courses including Planning and Executing Projects, Understanding Personality Styles, Incident Management, Presentation Skills, SMART Goals, and Using the Gallup Q12	+	* National Cryptologic School - Operational Information Systems Security (11/1998)
−	* National Cryptologic School (2/1997 – 11/2000)	+
−	** Over 45 classified & unclassified courses including Information Systems Security Engineering, Technical Writing & Documentation, Encryption Key Management, Operational Information Systems Security, Computer Network Exploitation, and Operations Security	+	===Education===
−	* Naval Technical Training Center Detachment/Naval Center for Information Dominance Detachment at Goodfellow AFB (7/1996 - 12/1996)	+	* Doctor of Science (Candidate for the Degree), Cybersecurity, [http://capitol.technology.university/ Capitol Technology University]
−	** Course X3ABR1N333A 011/014 (classified)	+	** Dissertation (WIP): User Perception of Utility Constraints in End-to-End Email Encryption Solutions
−	* Naval Security Group Detachment/Naval Center for Information Dominance Detachment at Presidio of Monterey (4/1995 - 7/1996)	+	* Master of Science, Information Assurance, [http://capitol.technology.university/ Capitol Technology University]
−	** Course A-232-0021 (classified)	+	* Bachelor of Arts, Psychology & Philosophy, [http://www.mst.edu/ Missouri University of Science & Technology]
−	* University of Missouri-Rolla (8/1990 - 12/1994)	+	* Associate of Arts, Russian, [http://www.dliflc.edu/ Defense Language Institute]
−	** Baccalaureates in psychology and philosophy; minors in computer science, history and French	+	-->
−	==Miscellany==	+	==LinkedIn==
−	[http://www.linkedin.com/in/mdchalmers http://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif]	+	[http://linkedin.com/in/mdc http://instructor.mstc.edu/instructor/mchalmers/linkedin-find-me-button.gif]
−	[http://www.geni.com/profile/index/5694624893540027648 http://assets0.geni.com/images/Geni.jpg]
−	[http://www.facebook.com/mdchalmers http://www.ginahigbeegolf.com/sitebuildercontent/sitebuilderpictures/facebook-logo-small.jpg]
−	[http://www.theiia.org/memberexchange/ http://www.theiia.org/chapters/files/183/i/Check_Me_Out_Image.jpg]
−	[http://www.fuelmilwaukee.org/member/mchalmers http://www.fuelmilwaukee.org/resource/resmgr/logos-fuel/fuel-milwaukee-logo.jpg]

---

Latest revision as of 19:34, 25 October 2019

Matthew Chalmers has been involved with OWASP since about 2002 and can be reached at matthew dot chalmers at owasp dot org.

OWASP Involvement

OWASP Wiki

• My wiki contributions

OWASP Projects

• Local Chapter Resources
• Certification Project (content owner/reviewer)
• Application Security Requirements Project (interim project manager)
• OWASP EU Summit 2008
  • OWASP PR Project
• Global Chapter Committee
• OWASP Global Summit 2011
  • Audit Working Session Chair
  • PCI Working Session Co-Chair
  • Fundraising Appeal
  • Attendee bio
• OWASP Governance Task Force
• OWASP Codes of Conduct
  • Certifying Bodies

OWASP Chapters

• Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the Washington DC and Baltimore chapters)
• Founder and former chapter leader of the original Milwaukee chapter
• Member
  • Chicago chapter (2005-2012)
  • Milwaukee chapter (2005-2016)
  • Madison chapter (2012-2016)
  • Minneapolis-St. Paul chapter (2016-Present)

LinkedIn