User:Mchalmers

https://www.owasp.org/images/thumb/8/8e/Chalmers%2C_Matthew.jpg/150px-Chalmers%2C_Matthew.jpg Currently I'm the Chief Auditor–Information Technology for Marshfield Clinic. I've earned both management and technical certifications such as the CISM and CEH as well as a Master of Science in Information Assurance en route to a Doctor of Science (Sc.D.) expected in 2017. I specialize in information technology audit, compliance, control, governance, risk management, security, and usability. I've been involved with OWASP since about 2002. I can be reached at matthew dot chalmers at owasp dot org.

OWASP Wiki

 * My wiki contributions

OWASP Projects

 * Local Chapter Resources
 * Certification Project (content owner/reviewer)
 * Application Security Requirements Project (interim project manager)
 * OWASP EU Summit 2008
 * OWASP PR Project
 * Global Chapter Committee
 * OWASP Global Summit 2011
 * Audit Working Session Chair
 * PCI Working Session Co-Chair
 * Fundraising Appeal
 * OWASP Governance Task Force
 * OWASP Codes of Conduct
 * Certifying Bodies

OWASP Chapters

 * Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the Washington DC chapter)
 * Active member 2004-2005
 * Recorded meeting minutes and maintained chapter web pages (pre-wiki)
 * Founder and former chapter leader of the original Milwaukee chapter
 * "Member-at-Large"
 * Chicago chapter (2005-2011)
 * Madison chapter (2005-Present)
 * Milwaukee chapter (2012-Present)

Non-OWASP Involvement

 * ACM (Association for Computing Machinery)
 * SIGCHI (Special Interest Group on Computer-Human Interaction)
 * SIGSAC (Special Interest Group on Security, Audit, and Control)
 * CSA (Cloud Security Alliance)
 * EFF (Electronic Frontier Foundation)
 * IATFF (Information Assurance Technical Framework Forum)
 * IACR (International Association for Cryptologic Research)
 * IEEE (Institute of Electrical & Electronics Engineers)
 * Communications Society
 * Communications and Information Security Technical Committee
 * eHealth Technical Committee
 * Computer Society
 * Technical Committee on Security & Privacy
 * Information Theory Society
 * Life Sciences Community
 * Signal Processing Society Information Forensics and Security Technical Committee
 * Spectrum Forecasters
 * IIA (Institute of Internal Auditors), Milwaukee Chapter
 * Research Committee
 * IMI (Identity Management Institute)
 * ISACA (Information Systems Audit and Control Association), Kettle Moraine Chapter
 * ISoc (Internet Society)
 * IETF (Internet Engineering Task Force)
 * SAAG (Security Area Advisory Group)
 * NIST (National Institute of Standards and Technology) ITL (Information Technology Laboratory) CSD (Computer Security Division) CTG (Cryptographic Technology Group) Cryptographic Key Management Project
 * SANS Institute (System administration, Audit, Networking and Security Institute) Mentor Program
 * WASC (Web Application Security Consortium)
 * Articles Peer Review Team

Certifications

 * CISM - Certified Information Security Manager
 * CISA - Certified Information Systems Auditor
 * CRMA - Certified in Risk Management Assurance
 * GSNA - GIAC-certified Systems and Network Auditor
 * GCFA - GIAC Certified Forensic Analyst
 * CCSK - Certified in Cloud Security Knowledge
 * CEH - Certified Ethical Hacker
 * CCISO - Certified Chief Information Security Officer
 * ACE - AccessData Certified Examiner
 * CHS - Certified in Homeland Security (Level III)
 * CFR-D - Certified First Responder with Defibrillation
 * ITIL Foundation Certified (Version 3)

Education

 * Capitol College (2014-2017)
 * Doctor of Science, Information Assurance
 * Capitol College (2012 - 2014)
 * Master of Science, Information Assurance, with honors
 * Defense Language Institute (1995 - 1996)
 * Diploma & Linguistic Certification, Russian
 * University of Missouri-Rolla (1990 - 1994)
 * Bachelor of Arts, Psychology & Philosophy

Training

 * CITI - Human Subjects Research (10/2014)
 * IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
 * IIA/Audimation - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
 * MISTI/ISACA - Auditing & Securing Cloud-Based Services (1/2011)
 * ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
 * PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
 * SANS – Computer Forensics, Investigation, and Response (4/2008)
 * Entellus Technology Group – SAP ERP Basis Auditing & Security Risks (12/2007)
 * SAP America – Virsa Compliance Calibrator Training (10/2006)
 * IIA/Deloitte – SAP ERP Technical Audit (8/2006)
 * SPI Dynamics – Web Application Security Assessment with WebInspect (11/2005)
 * SANS – Hacker Techniques, Exploits and Incident Handling (10/2005)
 * Infosec Institute – Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
 * Mile2/SMU – Certified Ethical Hacker Training (7/2004)
 * Foundstone – Ultimate Web Hacking (9/2003)
 * Siegeworks – Advanced AppAuditor Training (12/2002)
 * SANS – Auditing Networks, Perimeters, and Systems (4/2002)
 * Sanctum – AppScan AppAuditor Training (5/2001)
 * National Cryptologic School - Information Systems Security Engineering (2/2000)
 * National Cryptologic School - Operational Information Systems Security (11/1999)
 * American Red Cross - Emergency Medical Response (5/1995)

Miscellany
http://icons.iconarchive.com/icons/danleech/simple/48/linkedin-icon.png https://fbcdn-profile-a.akamaihd.net/hprofile-ak-ash1/s48x48/592053_47853226208_1055406790_q.jpg  http://www.thegrumpyhacker.com/images/academia-small.png  https://lh3.googleusercontent.com/-mOf05sh0-B0/AAAAAAAAAAI/AAAAAAAAAAA/F5wexTHG_LM/s48-c-k-no/photo.jpg  http://www.sigsoft.org/images/acm_logo.gif  https://pbs.twimg.com/profile_images/378800000668457482/ba86ae99ee34618394f7418cd801e7a9_normal.jpeg