User:Mchalmers

I lead second line of defense assessment, credible challenge, governance, and oversight of technology programs, processes, and issue remediation relating to application programming interfaces; authentication, identity & access management; and encryption & key management for all of U.S. Bank.

I have written, spoken, and provided training (publicly and privately, classified and unclassified) on myriad subjects including cryptography, GRC, IT audit, penetration testing, and web/application vulnerability assessment.

I am currently ABD in pursuit of a doctoral degree in cybersecurity from Capitol Technology University. My dissertation involves a new approach to end-to-end email encryption and its usability.

I can be reached at matthew dot chalmers at owasp dot org.



OWASP Wiki

 * My wiki contributions

OWASP Projects

 * Local Chapter Resources
 * Certification Project (content owner/reviewer)
 * Application Security Requirements Project (interim project manager)
 * OWASP EU Summit 2008
 * OWASP PR Project
 * Global Chapter Committee
 * OWASP Global Summit 2011 - see my attendee bio
 * Audit Working Session Chair
 * PCI Working Session Co-Chair
 * Fundraising Appeal
 * OWASP Governance Task Force
 * OWASP Codes of Conduct
 * Certifying Bodies

OWASP Chapters

 * Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the Washington DC chapter)
 * Active member 2004-2005
 * Recorded meeting minutes and maintained chapter web pages (pre-wiki)
 * Founder and former chapter leader of the original Milwaukee chapter
 * "Member-at-Large"
 * Chicago chapter (2005-2012)
 * Milwaukee chapter (2005-2016)
 * Madison chapter (2012-2016)
 * Minneapolis-St. Paul chapter (2016-Present)

Non-OWASP Involvement

 * ACM (Association for Computing Machinery)
 * SIGACT (Special Interest Group on Algorithms and Computation Theory)
 * SIGCAS (Special Interest Group on Computers and Society)
 * SIGCHI (Special Interest Group on Computer-Human Interaction)
 * SIGSAC (Special Interest Group on Security, Audit, and Control)
 * CANOE (Committee to Ascribe a Nautical Origin to Everything)
 * CSA (Cloud Security Alliance)
 * EFF (Electronic Frontier Foundation)
 * Cooperating Tech
 * IACR (International Association for Cryptologic Research)
 * IATFF (Information Assurance Technical Framework Forum)
 * IEEE (Institute of Electrical & Electronics Engineers)
 * Communications Society
 * Communications and Information Security Technical Committee
 * Computer Society
 * Cybersecurity Community
 * Technical Committee on Security & Privacy
 * Information Theory Society
 * Signal Processing Society Information Forensics and Security Technical Committee
 * IIA (Institute of Internal Auditors)
 * Milwaukee Chapter Member, 2006-2012 & 2015-2016; Secretary of the Board, 2009-2011
 * Madison Chapter Member, 2012-2015; Invited Speaker, 2016
 * IMI (Identity Management Institute)
 * ISACA (Information Systems Audit and Control Association)
 * Kettle Moraine Chapter Member, 2006-2016; Invited Speaker, 2014
 * ISoc (Internet Society)
 * IETF (Internet Engineering Task Force)
 * SAAG (Security Area Advisory Group)
 * IRTF (Internet Research Task Force)
 * CFRG (Crypto Forum Research Group)
 * NIST (National Institute of Standards and Technology)
 * ITL (Information Technology Laboratory)
 * CSD (Computer Security Division)
 * CTG (Cryptographic Technology Group)
 * Cryptographic Key Management Project
 * SANS Institute (System administration, Audit, Networking and Security Institute)
 * Mentor Program
 * WASC (Web Application Security Consortium)
 * Articles Peer Review Team

Certifications

 * CDP - Certified in Data Protection
 * CIAM - Certified Identity and Access Manager
 * CIRM - Certified Identity Risk Manager
 * ACE - AccessData Certified Examiner
 * CCISO - Certified Chief Information Security Officer
 * CISM - Certified Information Security Manager
 * CCSK - Certified in Cloud Security Knowledge
 * CRMA - Certified in Risk Management Assurance
 * GCFA - GIAC Certified Forensic Analyst
 * ITIL Foundation Certified
 * CISA - Certified Information Systems Auditor
 * CHS - Certified in Homeland Security
 * CEH - Certified Ethical Hacker
 * GSNA - GIAC-certified Systems and Network Auditor
 * MCP - Microsoft Certified Professional

Training

 * CoalFire - Adaptive Penetration Testing (5/2018)
 * CITI - Human Subjects Research (10/2014)
 * IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
 * IIA - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
 * ISACA - Auditing & Securing Cloud-Based Services (1/2011)
 * ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
 * PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
 * SANS - Computer Forensics, Investigation, and Response (4/2008)
 * Entellus Technology Group - SAP ERP Basis Auditing & Security Risks (12/2007)
 * SAP America - Virsa Compliance Calibrator Training (10/2006)
 * IIA - SAP ERP Technical Audit (8/2006)
 * SPI Dynamics - Web Application Security Assessment with WebInspect (11/2005)
 * SANS - Hacker Techniques, Exploits and Incident Handling (10/2005)
 * Infosec Institute - Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
 * Mile2 - Certified Ethical Hacker Training (7/2004)
 * Foundstone - Ultimate Web Hacking (9/2003)
 * Siegeworks - Advanced AppAuditor Training (12/2002)
 * SANS - Auditing Networks, Perimeters, and Systems (4/2002)
 * Sanctum - AppScan AppAuditor Training (5/2001)
 * National Cryptologic School - Information Systems Security Engineering (2/2000)
 * National Cryptologic School - Operational Information Systems Security (11/1998)

Education

 * Doctor of Science (ABD), Cybersecurity, Capitol Technology University
 * Dissertation (WIP): User Perception of Utility Constraints in End-to-End Email Encryption Solutions
 * Master of Science, Information Assurance, Capitol Technology University
 * Bachelor of Arts, Psychology & Philosophy, Missouri University of Science & Technology
 * Associate of Arts, Russian, Defense Language Institute