Difference between revisions of "User:Mchalmers"

From OWASP
Jump to: navigation, search
m
m
(34 intermediate revisions by the same user not shown)
Line 1: Line 1:
<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Chalmers,_Matthew.jpg|172px]]</div>Matthew is an information, information technology, and technology process assurance, audit, compliance, control, governance, oversight, risk assessment, risk management, security, and usability expert.
+
<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Chalmers,_Matthew.jpg|174px]]</div>I lead second line of defense assessment, credible challenge, governance, and oversight of technology programs, processes, and issue remediation relating to application programming interfaces; authentication, identity & access management; and encryption & key management for all of U.S. Bank.
  
Matthew has been involved with OWASP since about 2002. He can be reached at matthew '''.''' chalmers ''@'' owasp '''.''' org.
+
I have written, spoken, and provided training (publicly and privately, classified and unclassified) on myriad subjects including cryptography, GRC, IT audit, penetration testing, and web/application vulnerability assessment.
 +
 
 +
I am a doctoral degree candidate at Capitol Technology University expecting to defend my dissertation in December 2019. My research involves a new approach to end-to-end email encryption and its usability.
 +
 
 +
I can be reached at matthew ''dot'' chalmers ''at'' owasp ''dot'' org.
  
 
<br style="clear: both;">
 
<br style="clear: both;">
Line 22: Line 26:
 
* [http://lists.owasp.org/mailman/listinfo/governance OWASP Governance Task Force]
 
* [http://lists.owasp.org/mailman/listinfo/governance OWASP Governance Task Force]
 
* [[OWASP Codes of Conduct]]
 
* [[OWASP Codes of Conduct]]
** [https://owasp.org/index.php/OWASP_Codes_of_Conduct#tab=Certifying_Bodies Certifying Bodies]
+
** [https://www.owasp.org/index.php/OWASP_Codes_of_Conduct#tab=Certifying_Bodies Certifying Bodies]
  
 
===OWASP Chapters===
 
===OWASP Chapters===
Line 41: Line 45:
 
** [http://www.sigchi.org/ SIGCHI] (Special Interest Group on Computer-Human Interaction)
 
** [http://www.sigchi.org/ SIGCHI] (Special Interest Group on Computer-Human Interaction)
 
** [http://www.sigsac.org/ SIGSAC] (Special Interest Group on Security, Audit, and Control)
 
** [http://www.sigsac.org/ SIGSAC] (Special Interest Group on Security, Audit, and Control)
 +
* [http://www.word-detective.com/2013/03/scuttlebutt/ CANOE] (Committee to Ascribe a Nautical Origin to Everything)
 
* [http://www.cloudsecurityalliance.org/ CSA] (Cloud Security Alliance)
 
* [http://www.cloudsecurityalliance.org/ CSA] (Cloud Security Alliance)
 
* [http://www.eff.org/ EFF] (Electronic Frontier Foundation)
 
* [http://www.eff.org/ EFF] (Electronic Frontier Foundation)
 +
** [https://www.eff.org/about/opportunities/volunteer Cooperating Tech]
 +
* [https://www.fsisac.com/ FS-ISAC] (Financial Services Information Sharing and Analysis Center)
 +
** [https://www.fsisac.com/about/committees Research Survey Committee]
 
* [http://www.iacr.org/ IACR] (International Association for Cryptologic Research)
 
* [http://www.iacr.org/ IACR] (International Association for Cryptologic Research)
 
* [http://csrc.nist.gov/nissc/1999/program/isso/sld077.htm IATFF] (Information Assurance Technical Framework Forum)
 
* [http://csrc.nist.gov/nissc/1999/program/isso/sld077.htm IATFF] (Information Assurance Technical Framework Forum)
Line 54: Line 62:
 
** [http://www.signalprocessingsociety.org/technical-committees/list/ifs-tc/ Signal Processing Society Information Forensics and Security Technical Committee]
 
** [http://www.signalprocessingsociety.org/technical-committees/list/ifs-tc/ Signal Processing Society Information Forensics and Security Technical Committee]
 
* [http://www.theiia.org/ IIA] (Institute of Internal Auditors)
 
* [http://www.theiia.org/ IIA] (Institute of Internal Auditors)
** [https://chapters.theiia.org/milwaukee/Pages/default.aspx Milwaukee Chapter] Member, 2006-2012; Secretary of the Board, 2009-2011
+
** [https://chapters.theiia.org/milwaukee/Pages/default.aspx Milwaukee Chapter] Member, 2006-2012 & 2015-2016; Secretary of the Board, 2009-2011
** [https://chapters.theiia.org/madison/Pages/default.aspx Madison Chapter]
+
** [https://chapters.theiia.org/madison/Pages/default.aspx Madison Chapter] Member, 2012-2015; Invited Speaker, 2016
 
* [http://www.identitymanagementinstitute.org/ IMI] (Identity Management Institute)
 
* [http://www.identitymanagementinstitute.org/ IMI] (Identity Management Institute)
 
* [http://www.isaca.org/ ISACA] (Information Systems Audit and Control Association)
 
* [http://www.isaca.org/ ISACA] (Information Systems Audit and Control Association)
** [http://isaca-km.org/ Kettle Moraine Chapter]
+
** [http://isaca-km.org/ Kettle Moraine Chapter] Member, 2006-2016; Invited Speaker, 2014
 
* [http://www.isoc.org/ ISoc] (Internet Society)
 
* [http://www.isoc.org/ ISoc] (Internet Society)
 
** [http://www.ietf.org/ IETF] (Internet Engineering Task Force)
 
** [http://www.ietf.org/ IETF] (Internet Engineering Task Force)
Line 64: Line 72:
 
** [https://irtf.org/ IRTF] (Internet Research Task Force)
 
** [https://irtf.org/ IRTF] (Internet Research Task Force)
 
*** [https://irtf.org/cfrg CFRG] (Crypto Forum Research Group)
 
*** [https://irtf.org/cfrg CFRG] (Crypto Forum Research Group)
* [http://www.nist.gov/ NIST] (National Institute of Standards and Technology) [http://www.nist.gov/itl/ ITL] (Information Technology Laboratory) [http://www.nist.gov/itl/csd/ CSD] (Computer Security Division) [http://www.nist.gov/itl/csd/ct/ CTG] (Cryptographic Technology Group)
+
* [http://www.nist.gov/ NIST] (National Institute of Standards and Technology)
** [http://csrc.nist.gov/groups/ST/key_mgmt/ Cryptographic Key Management Project]
+
** [http://www.nist.gov/itl/ ITL] (Information Technology Laboratory)
 +
*** [http://www.nist.gov/itl/csd/ CSD] (Computer Security Division)
 +
**** [http://www.nist.gov/itl/csd/ct/ CTG] (Cryptographic Technology Group)
 +
***** [http://csrc.nist.gov/groups/ST/key_mgmt/ Cryptographic Key Management Project]
 
* [http://www.sans.org/ SANS Institute] (System administration, Audit, Networking and Security Institute)
 
* [http://www.sans.org/ SANS Institute] (System administration, Audit, Networking and Security Institute)
 
** [http://www.sans.org/mentor/ Mentor] Program
 
** [http://www.sans.org/mentor/ Mentor] Program
Line 88: Line 99:
 
* [http://www.giac.org/certifications/audit/gsna.php GSNA] - GIAC-certified Systems and Network Auditor
 
* [http://www.giac.org/certifications/audit/gsna.php GSNA] - GIAC-certified Systems and Network Auditor
 
* [https://www.microsoft.com/en-us/learning/microsoft-certified-professional.aspx MCP] - Microsoft Certified Professional
 
* [https://www.microsoft.com/en-us/learning/microsoft-certified-professional.aspx MCP] - Microsoft Certified Professional
 
===Education===
 
* Master of Science, Information Assurance, [http://capitol.technology.university/ Capitol Technology University]
 
* Bachelor of Arts, Psychology & Philosophy, [http://www.mst.edu/ Missouri University of Science & Technology]
 
  
 
===Training===
 
===Training===
 +
* CoalFire - Adaptive Penetration Testing (5/2018)
 
* CITI - Human Subjects Research (10/2014)
 
* CITI - Human Subjects Research (10/2014)
 
* IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
 
* IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
Line 114: Line 122:
 
* National Cryptologic School - Information Systems Security Engineering (2/2000)
 
* National Cryptologic School - Information Systems Security Engineering (2/2000)
 
* National Cryptologic School - Operational Information Systems Security (11/1998)
 
* National Cryptologic School - Operational Information Systems Security (11/1998)
 +
 +
===Education===
 +
* Doctor of Science (Candidate for the Degree), Cybersecurity, [http://capitol.technology.university/ Capitol Technology University]
 +
** Dissertation (WIP): User Perception of Utility Constraints in End-to-End Email Encryption Solutions
 +
* Master of Science, Information Assurance, [http://capitol.technology.university/ Capitol Technology University]
 +
* Bachelor of Arts, Psychology & Philosophy, [http://www.mst.edu/ Missouri University of Science & Technology]
 +
* Associate of Arts, Russian, [http://www.dliflc.edu/ Defense Language Institute]

Revision as of 16:48, 9 May 2019

Chalmers, Matthew.jpg
I lead second line of defense assessment, credible challenge, governance, and oversight of technology programs, processes, and issue remediation relating to application programming interfaces; authentication, identity & access management; and encryption & key management for all of U.S. Bank.

I have written, spoken, and provided training (publicly and privately, classified and unclassified) on myriad subjects including cryptography, GRC, IT audit, penetration testing, and web/application vulnerability assessment.

I am a doctoral degree candidate at Capitol Technology University expecting to defend my dissertation in December 2019. My research involves a new approach to end-to-end email encryption and its usability.

I can be reached at matthew dot chalmers at owasp dot org.


OWASP Involvement

OWASP Wiki

OWASP Projects

OWASP Chapters

  • Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the Washington DC chapter)
    • Active member 2004-2005
    • Recorded meeting minutes and maintained chapter web pages (pre-wiki)
  • Founder and former chapter leader of the original Milwaukee chapter
  • "Member-at-Large"

Non-OWASP Involvement

"Credentials"

Certifications

  • CDP - Certified in Data Protection
  • CIAM - Certified Identity and Access Manager
  • CIRM - Certified Identity Risk Manager
  • ACE - AccessData Certified Examiner
  • CCISO - Certified Chief Information Security Officer
  • CISM - Certified Information Security Manager
  • CCSK - Certified in Cloud Security Knowledge
  • CRMA - Certified in Risk Management Assurance
  • GCFA - GIAC Certified Forensic Analyst
  • ITIL Foundation Certified
  • CISA - Certified Information Systems Auditor
  • CHS - Certified in Homeland Security
  • CEH - Certified Ethical Hacker
  • GSNA - GIAC-certified Systems and Network Auditor
  • MCP - Microsoft Certified Professional

Training

  • CoalFire - Adaptive Penetration Testing (5/2018)
  • CITI - Human Subjects Research (10/2014)
  • IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
  • IIA - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
  • ISACA - Auditing & Securing Cloud-Based Services (1/2011)
  • ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
  • PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
  • SANS - Computer Forensics, Investigation, and Response (4/2008)
  • Entellus Technology Group - SAP ERP Basis Auditing & Security Risks (12/2007)
  • SAP America - Virsa Compliance Calibrator Training (10/2006)
  • IIA - SAP ERP Technical Audit (8/2006)
  • SPI Dynamics - Web Application Security Assessment with WebInspect (11/2005)
  • SANS - Hacker Techniques, Exploits and Incident Handling (10/2005)
  • Infosec Institute - Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
  • Mile2 - Certified Ethical Hacker Training (7/2004)
  • Foundstone - Ultimate Web Hacking (9/2003)
  • Siegeworks - Advanced AppAuditor Training (12/2002)
  • SANS - Auditing Networks, Perimeters, and Systems (4/2002)
  • Sanctum - AppScan AppAuditor Training (5/2001)
  • National Cryptologic School - Information Systems Security Engineering (2/2000)
  • National Cryptologic School - Operational Information Systems Security (11/1998)

Education