Difference between revisions of "User:Mchalmers"

From OWASP
Jump to: navigation, search
m (Certifications)
m
 
(43 intermediate revisions by the same user not shown)
Line 1: Line 1:
<div style="float: left; margin-right: 5px; padding-top: 11px; border: 1px solid #aaa; width: 178px; height: 200px; text-align: center;">https://www.owasp.org/images/thumb/8/8e/Chalmers%2C_Matthew.jpg/150px-Chalmers%2C_Matthew.jpg</div>I specialize in information technology and technology process assurance, audit, compliance, control, governance, risk, and security.
+
<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Chalmers,_Matthew.jpg|174px]]</div>I lead second line of defense assessment, credible challenge, governance, and oversight of technology programs, processes, and issue remediation relating to application programming interfaces; authentication, identity & access management; and encryption & key management for all of U.S. Bank.
  
I've been involved with OWASP since about 2002. I can be reached at matthew '''.''' chalmers ''@'' owasp '''.''' org.
+
I have written, spoken, and provided training (publicly and privately, classified and unclassified) on myriad subjects including cryptography, GRC, IT audit, penetration testing, and web/application vulnerability assessment.
 +
 
 +
I am a doctoral degree candidate at Capitol Technology University expecting to defend my dissertation in December 2019. My research involves a new approach to end-to-end email encryption and its usability.
 +
 
 +
I can be reached at matthew ''dot'' chalmers ''at'' owasp ''dot'' org.
  
 
<br style="clear: both;">
 
<br style="clear: both;">
Line 16: Line 20:
 
** [http://lists.owasp.org/mailman/listinfo/owasp_pr_project OWASP PR Project]
 
** [http://lists.owasp.org/mailman/listinfo/owasp_pr_project OWASP PR Project]
 
* [[Global Chapter Committee]]
 
* [[Global Chapter Committee]]
* [[Summit 2011|OWASP Global Summit 2011]]
+
* [[Summit 2011|OWASP Global Summit 2011]] - see [[Summit_2011_Attendee_Bios#Chalmers.2C_Matthew|my attendee bio]]
 
** [[Summit_2011_Working_Sessions/Session082|Audit Working Session Chair]]
 
** [[Summit_2011_Working_Sessions/Session082|Audit Working Session Chair]]
 
** [[Summit_2011_Working_Sessions/Session080|PCI Working Session Co-Chair]]
 
** [[Summit_2011_Working_Sessions/Session080|PCI Working Session Co-Chair]]
Line 22: Line 26:
 
* [http://lists.owasp.org/mailman/listinfo/governance OWASP Governance Task Force]
 
* [http://lists.owasp.org/mailman/listinfo/governance OWASP Governance Task Force]
 
* [[OWASP Codes of Conduct]]
 
* [[OWASP Codes of Conduct]]
** [https://owasp.org/index.php/OWASP_Codes_of_Conduct#tab=Certifying_Bodies Certifying Bodies]
+
** [https://www.owasp.org/index.php/OWASP_Codes_of_Conduct#tab=Certifying_Bodies Certifying Bodies]
  
 
===OWASP Chapters===
 
===OWASP Chapters===
Line 36: Line 40:
  
 
==Non-OWASP Involvement==
 
==Non-OWASP Involvement==
* [http://www.acfea.org/ ACFEA] (Armed Forces Communications and Electronics Association)
 
 
* [http://www.acm.org/ ACM] (Association for Computing Machinery)
 
* [http://www.acm.org/ ACM] (Association for Computing Machinery)
 
** [http://www.sigact.org/ SIGACT] (Special Interest Group on Algorithms and Computation Theory)
 
** [http://www.sigact.org/ SIGACT] (Special Interest Group on Algorithms and Computation Theory)
Line 42: Line 45:
 
** [http://www.sigchi.org/ SIGCHI] (Special Interest Group on Computer-Human Interaction)
 
** [http://www.sigchi.org/ SIGCHI] (Special Interest Group on Computer-Human Interaction)
 
** [http://www.sigsac.org/ SIGSAC] (Special Interest Group on Security, Audit, and Control)
 
** [http://www.sigsac.org/ SIGSAC] (Special Interest Group on Security, Audit, and Control)
 +
* [http://www.word-detective.com/2013/03/scuttlebutt/ CANOE] (Committee to Ascribe a Nautical Origin to Everything)
 
* [http://www.cloudsecurityalliance.org/ CSA] (Cloud Security Alliance)
 
* [http://www.cloudsecurityalliance.org/ CSA] (Cloud Security Alliance)
 
* [http://www.eff.org/ EFF] (Electronic Frontier Foundation)
 
* [http://www.eff.org/ EFF] (Electronic Frontier Foundation)
 +
** [https://www.eff.org/about/opportunities/volunteer Cooperating Tech]
 +
* [https://www.fsisac.com/ FS-ISAC] (Financial Services Information Sharing and Analysis Center)
 +
** [https://www.fsisac.com/about/committees Research Survey Committee]
 
* [http://www.iacr.org/ IACR] (International Association for Cryptologic Research)
 
* [http://www.iacr.org/ IACR] (International Association for Cryptologic Research)
 
* [http://csrc.nist.gov/nissc/1999/program/isso/sld077.htm IATFF] (Information Assurance Technical Framework Forum)
 
* [http://csrc.nist.gov/nissc/1999/program/isso/sld077.htm IATFF] (Information Assurance Technical Framework Forum)
Line 55: Line 62:
 
** [http://www.signalprocessingsociety.org/technical-committees/list/ifs-tc/ Signal Processing Society Information Forensics and Security Technical Committee]
 
** [http://www.signalprocessingsociety.org/technical-committees/list/ifs-tc/ Signal Processing Society Information Forensics and Security Technical Committee]
 
* [http://www.theiia.org/ IIA] (Institute of Internal Auditors)
 
* [http://www.theiia.org/ IIA] (Institute of Internal Auditors)
** [https://chapters.theiia.org/milwaukee/Pages/default.aspx Milwaukee Chapter] Member, 2006-2012; Secretary of the Board, 2009-2011
+
** [https://chapters.theiia.org/milwaukee/Pages/default.aspx Milwaukee Chapter] Member, 2006-2012 & 2015-2016; Secretary of the Board, 2009-2011
** [https://chapters.theiia.org/madison/Pages/default.aspx Madison Chapter]
+
** [https://chapters.theiia.org/madison/Pages/default.aspx Madison Chapter] Member, 2012-2015; Invited Speaker, 2016
 
* [http://www.identitymanagementinstitute.org/ IMI] (Identity Management Institute)
 
* [http://www.identitymanagementinstitute.org/ IMI] (Identity Management Institute)
 
* [http://www.isaca.org/ ISACA] (Information Systems Audit and Control Association)
 
* [http://www.isaca.org/ ISACA] (Information Systems Audit and Control Association)
** [http://isaca-km.org/ Kettle Moraine Chapter]
+
** [http://isaca-km.org/ Kettle Moraine Chapter] Member, 2006-2016; Invited Speaker, 2014
 
* [http://www.isoc.org/ ISoc] (Internet Society)
 
* [http://www.isoc.org/ ISoc] (Internet Society)
 
** [http://www.ietf.org/ IETF] (Internet Engineering Task Force)
 
** [http://www.ietf.org/ IETF] (Internet Engineering Task Force)
Line 65: Line 72:
 
** [https://irtf.org/ IRTF] (Internet Research Task Force)
 
** [https://irtf.org/ IRTF] (Internet Research Task Force)
 
*** [https://irtf.org/cfrg CFRG] (Crypto Forum Research Group)
 
*** [https://irtf.org/cfrg CFRG] (Crypto Forum Research Group)
* [http://www.nist.gov/ NIST] (National Institute of Standards and Technology) [http://www.nist.gov/itl/ ITL] (Information Technology Laboratory) [http://www.nist.gov/itl/csd/ CSD] (Computer Security Division) [http://www.nist.gov/itl/csd/ct/ CTG] (Cryptographic Technology Group)
+
* [http://www.nist.gov/ NIST] (National Institute of Standards and Technology)
** [http://csrc.nist.gov/groups/ST/key_mgmt/ Cryptographic Key Management Project]
+
** [http://www.nist.gov/itl/ ITL] (Information Technology Laboratory)
 +
*** [http://www.nist.gov/itl/csd/ CSD] (Computer Security Division)
 +
**** [http://www.nist.gov/itl/csd/ct/ CTG] (Cryptographic Technology Group)
 +
***** [http://csrc.nist.gov/groups/ST/key_mgmt/ Cryptographic Key Management Project]
 
* [http://www.sans.org/ SANS Institute] (System administration, Audit, Networking and Security Institute)
 
* [http://www.sans.org/ SANS Institute] (System administration, Audit, Networking and Security Institute)
 
** [http://www.sans.org/mentor/ Mentor] Program
 
** [http://www.sans.org/mentor/ Mentor] Program
Line 89: Line 99:
 
* [http://www.giac.org/certifications/audit/gsna.php GSNA] - GIAC-certified Systems and Network Auditor
 
* [http://www.giac.org/certifications/audit/gsna.php GSNA] - GIAC-certified Systems and Network Auditor
 
* [https://www.microsoft.com/en-us/learning/microsoft-certified-professional.aspx MCP] - Microsoft Certified Professional
 
* [https://www.microsoft.com/en-us/learning/microsoft-certified-professional.aspx MCP] - Microsoft Certified Professional
 
===Education===
 
* Master of Science, Information Assurance, [http://capitol.technology.university/ Capitol Technology University]
 
* Bachelor of Arts, Psychology & Philosophy, [http://www.mst.edu/ Missouri University of Science & Technology]
 
  
 
===Training===
 
===Training===
 +
* CoalFire - Adaptive Penetration Testing (5/2018)
 
* CITI - Human Subjects Research (10/2014)
 
* CITI - Human Subjects Research (10/2014)
 
* IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
 
* IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
Line 116: Line 123:
 
* National Cryptologic School - Operational Information Systems Security (11/1998)
 
* National Cryptologic School - Operational Information Systems Security (11/1998)
  
==Social Media Profiles==
+
===Education===
<!--
+
* Doctor of Science (Candidate for the Degree), Cybersecurity, [http://capitol.technology.university/ Capitol Technology University]
[http://mystatus.skype.com/bigclassic/mdchalmers https://icons.iconarchive.com/icons/danleech/simple/48/skype-icon.png]
+
** Dissertation (WIP): User Perception of Utility Constraints in End-to-End Email Encryption Solutions
[http://www.youtube.com/channel/UCQq11fnwqdiI2CRJmIMTboQ http://www.visual-experiments.com/blog/wp-content/uploads/2010/03/logo.youtube.png]
+
* Master of Science, Information Assurance, [http://capitol.technology.university/ Capitol Technology University]
[https://www.huterra.com/member/Matthew%20Chalmers/communities https://lh6.googleusercontent.com/-RHaHkZ61nN0/AAAAAAAAAAI/AAAAAAAAAAA/Tx_mhDQ7iUA/s48-c-k-no/photo.jpg]
+
* Bachelor of Arts, Psychology & Philosophy, [http://www.mst.edu/ Missouri University of Science & Technology]
-->
+
* Associate of Arts, Russian, [http://www.dliflc.edu/ Defense Language Institute]
[https://www.linkedin.com/in/mdchalmers https://icons.iconarchive.com/icons/danleech/simple/48/linkedin-icon.png] <!-- --> [https://www.xing.com/profile/Matthew_Chalmers https://icons.iconarchive.com/icons/danleech/simple/48/xing-icon.png] <!-- --> [https://www.facebook.com/mdchalmers https://icons.iconarchive.com/icons/danleech/simple/48/facebook-icon.png] <!-- --> [https://plus.google.com/111498867553953764439/about https://icons.iconarchive.com/icons/danleech/simple/48/google-plus-icon.png] <!-- --> [https://www.ohloh.net/accounts/mdchalmers https://pbs.twimg.com/profile_images/491231714056732672/4tBLt6aW_normal.png] <!-- --> [https://www.amazon.com/gp/pdp/profile/A1TS7LUEDD6B03 https://icons.iconarchive.com/icons/danleech/simple/48/amazon-icon.png] <!-- --> [https://www.researchgate.net/profile/Matthew_Chalmers2/ http://www.experimental-designs.com/wp-content/uploads/2014/03/Research-Gate-Icon.png] <!-- --> [https://captechu.academia.edu/MatthewChalmers http://www.thegrumpyhacker.com/images/academia-small.png] <!-- --> [https://scholar.google.com/citations?hl=en&user=ziXW83YAAAAJ http://people.ucsc.edu/~mclapham/googlescholar.jpg] <!-- --> [https://sourceforge.net/users/mchalmers https://gouessej.files.wordpress.com/2011/07/sourceforge.png] <!-- --> [https://campus.acm.org/public/vcard/vcard.cfm?handle=mdchalmers https://web.archive.org/web/20141225032524im_/http://www.sigsoft.org/images/acm_logo.gif] <!-- --> [https://www.ieee.org/portal/myieee/memberNetMemberProfile.html?custNum=xQ8X05l0WhB4dcZo%2Fg2WOA%3D%3D https://lh3.googleusercontent.com/-mOf05sh0-B0/AAAAAAAAAAI/AAAAAAAAAAA/F5wexTHG_LM/s48-c-k-no/photo.jpg] <!-- --> [https://connect.internetsociety.org/myprofile/profile/?UserKey=1d5fe9e7-aff6-4711-b4f3-95969b135a91 https://pbs.twimg.com/profile_images/378800000668457482/ba86ae99ee34618394f7418cd801e7a9_normal.jpeg] <!-- --> [https://keybase.io/mchalmers https://pbs.twimg.com/profile_images/441423558619586560/a8__KWaa_normal.png] <!-- --> [https://orcid.org/0000-0001-8153-4386 https://pbs.twimg.com/profile_images/2724646359/e9815d877cd092a19918df74e04f0415_normal.png] <!-- --> [https://www.airbnb.com/users/show/39048452 http://www.cabanasdondelawelli.cl/images/logo-airbnb.png] <!-- --> [http://instructor.mstc.edu/instructor/mchalmers/ http://www.yellowtoad.com/images/mstc.png]
 

Latest revision as of 16:48, 9 May 2019

Chalmers, Matthew.jpg
I lead second line of defense assessment, credible challenge, governance, and oversight of technology programs, processes, and issue remediation relating to application programming interfaces; authentication, identity & access management; and encryption & key management for all of U.S. Bank.

I have written, spoken, and provided training (publicly and privately, classified and unclassified) on myriad subjects including cryptography, GRC, IT audit, penetration testing, and web/application vulnerability assessment.

I am a doctoral degree candidate at Capitol Technology University expecting to defend my dissertation in December 2019. My research involves a new approach to end-to-end email encryption and its usability.

I can be reached at matthew dot chalmers at owasp dot org.


OWASP Involvement

OWASP Wiki

OWASP Projects

OWASP Chapters

  • Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the Washington DC chapter)
    • Active member 2004-2005
    • Recorded meeting minutes and maintained chapter web pages (pre-wiki)
  • Founder and former chapter leader of the original Milwaukee chapter
  • "Member-at-Large"

Non-OWASP Involvement

"Credentials"

Certifications

  • CDP - Certified in Data Protection
  • CIAM - Certified Identity and Access Manager
  • CIRM - Certified Identity Risk Manager
  • ACE - AccessData Certified Examiner
  • CCISO - Certified Chief Information Security Officer
  • CISM - Certified Information Security Manager
  • CCSK - Certified in Cloud Security Knowledge
  • CRMA - Certified in Risk Management Assurance
  • GCFA - GIAC Certified Forensic Analyst
  • ITIL Foundation Certified
  • CISA - Certified Information Systems Auditor
  • CHS - Certified in Homeland Security
  • CEH - Certified Ethical Hacker
  • GSNA - GIAC-certified Systems and Network Auditor
  • MCP - Microsoft Certified Professional

Training

  • CoalFire - Adaptive Penetration Testing (5/2018)
  • CITI - Human Subjects Research (10/2014)
  • IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
  • IIA - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
  • ISACA - Auditing & Securing Cloud-Based Services (1/2011)
  • ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
  • PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
  • SANS - Computer Forensics, Investigation, and Response (4/2008)
  • Entellus Technology Group - SAP ERP Basis Auditing & Security Risks (12/2007)
  • SAP America - Virsa Compliance Calibrator Training (10/2006)
  • IIA - SAP ERP Technical Audit (8/2006)
  • SPI Dynamics - Web Application Security Assessment with WebInspect (11/2005)
  • SANS - Hacker Techniques, Exploits and Incident Handling (10/2005)
  • Infosec Institute - Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
  • Mile2 - Certified Ethical Hacker Training (7/2004)
  • Foundstone - Ultimate Web Hacking (9/2003)
  • Siegeworks - Advanced AppAuditor Training (12/2002)
  • SANS - Auditing Networks, Perimeters, and Systems (4/2002)
  • Sanctum - AppScan AppAuditor Training (5/2001)
  • National Cryptologic School - Information Systems Security Engineering (2/2000)
  • National Cryptologic School - Operational Information Systems Security (11/1998)

Education