User:Mchalmers

https://www.owasp.org/images/thumb/8/8e/Chalmers%2C_Matthew.jpg/150px-Chalmers%2C_Matthew.jpg I have been doing information security and related work my entire professional career, since earning my bachelor's degree from the Missouri University of Science & Technology (formerly the University of Missouri-Rolla). I have worked for large public, private and government organizations in the defense, finance and manufacturing industries including the National Security Agency, JPMorgan Chase and Rockwell Automation; currently I am Chief Auditor - Information Technologies at Marshfield Clinic Health System. I hold the CISA, CRMA, GSNA, GCFA, CEH and CHS certifications and I am ITIL v3 Foundation certified. I currently specialize in information technology assessment, audit, compliance, control, governance, management and security. I have been involved with OWASP since about 2002 and can be reached at matthew dot chalmers at owasp dot org.

OWASP Wiki

 * My wiki contributions

OWASP Projects

 * Local Chapter Resources
 * Certification Project (content owner/reviewer)
 * Application Security Requirements Project (interim project manager)
 * OWASP EU Summit 2008
 * OWASP PR Project
 * Global Chapter Committee
 * Summit 2011
 * Audit Working Session Chair
 * PCI Working Session Co-Chair
 * Fundraising Appeal
 * OWASP Governance Task Force

OWASP Chapters

 * Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the Washington DC chapter).
 * Active member 2004-2005.
 * Recorded meeting minutes and maintained chapter web pages (pre-wiki).
 * "Member-at-Large" of the Chicago and Madison Local Chapters.
 * Presently organising a new chapter in Milwaukee.

Non-OWASP Involvement

 * ACFEI (American College of Forensic Examiners Institute)
 * EC-Council (International Council of Electronic Commerce Consultants)
 * GALA (Grafton Area Live Arts)
 * Webmaster
 * IATFF (Information Assurance Technical Framework Forum)
 * IEEE Computer Society
 * Technical Committee on Security & Privacy
 * ISoc (Internet Society)
 * IETF SAAG (Internet Engineering Task Force Security Area Advisory Group)
 * IIA (Institute of Internal Auditors)
 * Milwaukee Chapter board of governors, 2009-2011; Secretary & Webmaster, 2011-2012
 * ISACA (Information Systems Audit and Control Association)
 * Active member of the Kettle Moraine chapter
 * NIAP (National Information Assurance Partnership)
 * NIST (National Institute of Standards and Technology)
 * ITL CSD CTG Cryptographic Key Management Workshop participant
 * Pi Kappa Phi, Gamma Lambda Chapter
 * Alumni Housing Corps Historian, Webmaster
 * SANS Institute (System administration, Audit, Networking and Security Institute)
 * Mentor for courses SEC-508: Computer Forensics, Investigation, and Response; and AUD-507: Auditing Networks, Perimeters & Systems
 * Village of Grafton, Wisconsin
 * Board of Review
 * Zoning Board of Appeals
 * WASC (Web Application Security Consortium)
 * WASC Articles Peer Review Team Member

Certifications

 * CISA - Certified Information Systems Auditor
 * CRMA - Certified in Risk Management Assurance
 * GSNA - GIAC Certified Systems and Network Auditor
 * GCFA - GIAC Certified Forensic Analyst
 * CEH - Certified Ethical Hacker
 * CHS - Certified in Homeland Security (Level III)

Education & Training

 * MISTI/ISACA - Auditing & Securing Cloud-Based Services (1/2011)
 * ISACA - Information Security Management Course & Strategies for Implementing IT Governance Course (12/2010)
 * PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
 * SANS – Computer Forensics, Investigation, and Response (4/2008)
 * Entellus Technology Group – SAP ERP Basis Auditing & Security Risks (12/2007)
 * SAP America – Virsa Compliance Calibrator Training (10/2006)
 * IIA/Deloitte – SAP ERP Technical Audit (8/2006)
 * SPI Dynamics – Web Application Security Assessment with WebInspect (11/2005)
 * SANS – Hacker Techniques, Exploits and Incident Handling (10/2005)
 * Infosec Institute – Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
 * EC-Council/Mile2 – Certified Ethical Hacker Training (7/2004)
 * Foundstone – Ultimate Web Hacking (9/2003)
 * Siegeworks – Advanced AppAuditor Training (12/2002)
 * SANS – Auditing Networks, Perimeters, and Systems (4/2002)
 * Sanctum – AppScan AppAuditor Training (5/2001)
 * Bank One University (1/2001 – 2/2005)
 * Numerous soft skills courses including Planning and Executing Projects, Understanding Personality Styles, Incident Management, Presentation Skills, SMART Goals, and Using the Gallup Q12
 * National Cryptologic School (2/1997 – 11/2000)
 * Over 45 classified & unclassified courses including Information Systems Security Engineering, Technical Writing & Documentation, Encryption Key Management, Operational Information Systems Security, Computer Network Exploitation, and Operations Security
 * Naval Technical Training Center Detachment/Naval Center for Information Dominance Detachment at Goodfellow AFB (7/1996 - 12/1996)
 * Course X3ABR1N333A 011/014 (classified)
 * Naval Security Group Detachment/Naval Center for Information Dominance Detachment at Presidio of Monterey (4/1995 - 7/1996)
 * Course A-232-0021 (classified)
 * University of Missouri-Rolla (8/1990 - 12/1994)
 * Baccalaureates in psychology and philosophy; minors in computer science, history and French

Miscellany
http://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif http://assets0.geni.com/images/Geni.jpg http://www.ginahigbeegolf.com/sitebuildercontent/sitebuilderpictures/facebook-logo-small.jpg http://www.theiia.org/chapters/files/183/i/Check_Me_Out_Image.jpg http://www.fuelmilwaukee.org/resource/resmgr/logos-fuel/fuel-milwaukee-logo.jpg