Difference between revisions of "User:Mchalmers"

From OWASP
Jump to: navigation, search
m (Education & Training)
 
(68 intermediate revisions by the same user not shown)
Line 1: Line 1:
<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa">https://www.owasp.org/images/thumb/8/8e/Chalmers%2C_Matthew.jpg/150px-Chalmers%2C_Matthew.jpg</div><div style="text-align: justify;">I've been doing information assurance related work my entire professional career, since earning my bachelor's degrees from the [http://www.mst.edu/ Missouri University of Science & Technology]. I've worked for public, private, government and non-profit organizations in the defense, finance, manufacturing and healthcare industries including the National Security Agency, JPMorgan Chase and Rockwell Automation.
+
<!-- <style>#toc{float:left}</style> --><div style="float: left; margin-right: 5px; padding: 5px; border: 1px solid #aaa;">https://www.owasp.org/images/thumb/8/8e/Chalmers%2C_Matthew.jpg/150px-Chalmers%2C_Matthew.jpg</div><div style="float: left; width:60%; text-align: justify; margin-right: 6px;">Currently I'm the Chief Auditor&ndash;Information Technology for Marshfield Clinic. I've earned both management and technical certifications such as the CISM and CEH as well as a Master of Science in Information Assurance en route to a Doctor of Science (Sc.D.) expected in 2017. I specialize in information technology audit, compliance, control, governance, risk management, security, and usability. I've been involved with OWASP since about 2002. I can be reached at '''matthew''' ''dot'' '''chalmers''' ''at'' '''owasp''' ''dot'' '''org'''.</div>
 
+
Currently I'm the Chief IT Auditor for [http://www.marshfieldclinic.org/patients/?page=about_legacy Marshfield Clinic Health System]. I hold the [http://www.isaca.org/cism CISM], [http://www.isaca.org/cisa CISA], [http://www.theiia.org/recent-iia-news/index.cfm?i=16487 CRMA], [http://www.giac.org/certifications/audit/gsna.php GSNA], [http://www.giac.org/certifications/forensics/gcfa.php GCFA], [http://cloudsecurityalliance.org/education/ccsk/ CCSK], [http://www.eccouncil.org/ciso/ CCISO], [http://www.eccouncil.org/certification/certified_ethical_hacker.aspx CEH], [http://www.abchs.com/about/ CHS], CFR-D and other certifications.
+
 
+
I specialize in information technology assessment, audit, compliance, control, governance, management and security.
+
 
+
I've been involved with OWASP since about 2002. I can be reached at '''matthew''' ''dot'' '''chalmers''' ''at'' '''owasp''' ''dot'' '''org'''.</div><br clear="all"><br>
+
 
+
 
==OWASP Involvement==
 
==OWASP Involvement==
 
===OWASP Wiki===
 
===OWASP Wiki===
Line 16: Line 9:
 
* [[:Category:OWASP Application Security Requirements Project|Application Security Requirements Project]] (interim project manager)
 
* [[:Category:OWASP Application Security Requirements Project|Application Security Requirements Project]] (interim project manager)
 
* [[OWASP EU Summit 2008]]
 
* [[OWASP EU Summit 2008]]
** [https://lists.owasp.org/mailman/listinfo/owasp_pr_project OWASP PR Project]
+
** [http://lists.owasp.org/mailman/listinfo/owasp_pr_project OWASP PR Project]
 
* [[Global Chapter Committee]]
 
* [[Global Chapter Committee]]
* [[Summit 2011]]
+
* [[Summit 2011|OWASP Global Summit 2011]]
 
** [[Summit_2011_Working_Sessions/Session082|Audit Working Session Chair]]
 
** [[Summit_2011_Working_Sessions/Session082|Audit Working Session Chair]]
 
** [[Summit_2011_Working_Sessions/Session080|PCI Working Session Co-Chair]]
 
** [[Summit_2011_Working_Sessions/Session080|PCI Working Session Co-Chair]]
 
** [[Summit_2011/Funding/Matt_Chalmers|Fundraising Appeal]]
 
** [[Summit_2011/Funding/Matt_Chalmers|Fundraising Appeal]]
* [https://lists.owasp.org/mailman/listinfo/governance OWASP Governance Task Force]
+
* [http://lists.owasp.org/mailman/listinfo/governance OWASP Governance Task Force]
 +
* [[OWASP Codes of Conduct]]
 +
** [https://owasp.org/index.php/OWASP_Codes_of_Conduct#tab=Certifying_Bodies Certifying Bodies]
 +
 
 
===OWASP Chapters===
 
===OWASP Chapters===
 
* Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the [[Washington_DC|Washington DC]] chapter)
 
* Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the [[Washington_DC|Washington DC]] chapter)
 
** Active member 2004-2005
 
** Active member 2004-2005
 
** Recorded meeting minutes and maintained chapter web pages (pre-wiki)
 
** Recorded meeting minutes and maintained chapter web pages (pre-wiki)
 +
* Founder and former chapter leader of the original [[Milwaukee]] chapter
 
* "Member-at-Large"
 
* "Member-at-Large"
 
** [[Chicago]] chapter (2005-2011)
 
** [[Chicago]] chapter (2005-2011)
 
** [[Madison]] chapter (2005-Present)
 
** [[Madison]] chapter (2005-Present)
* Founder and former chapter leader of the mailing list-only [[Milwaukee]] chapter
+
** [[Milwaukee]] chapter (2012-Present)
  
 
==Non-OWASP Involvement==
 
==Non-OWASP Involvement==
<!-- * [http://www.acfei.com/ ACFEI] (American College of Forensic Examiners Institute)
+
* [http://www.acm.org/ ACM] (Association for Computing Machinery)
* [http://www.eccouncil.org/ EC-Council] (International Council of Electronic Commerce Consultants)
+
** [http://www.sigchi.org/ SIGCHI] (Special Interest Group on Computer-Human Interaction)
* [http://www.graftonarealivearts.us/ GALA] (Grafton Area Live Arts) webmaster
+
** [http://www.sigsac.org/ SIGSAC] (Special Interest Group on Security, Audit, and Control)
* [http://www.phrases.org.uk/meanings/nautical-phrases.html CANOE] (Committee to Ascribe a Nautical Origin to Everything) -->
+
* [http://www.cloudsecurityalliance.org/ CSA] (Cloud Security Alliance)
 +
* [http://www.eff.org/ EFF] (Electronic Frontier Foundation)
 
* [http://csrc.nist.gov/nissc/1999/program/isso/sld077.htm IATFF] (Information Assurance Technical Framework Forum)
 
* [http://csrc.nist.gov/nissc/1999/program/isso/sld077.htm IATFF] (Information Assurance Technical Framework Forum)
* [http://www.computer.org/ IEEE Computer Society] [http://www.ieee-security.org/ Technical Committee on Security & Privacy]
+
* [http://www.ieee.org/ IEEE] (Institute of Electrical & Electronics Engineers)
* [http://www.theiia.org/ IIA] (Institute of Internal Auditors) [http://www.theiia.org/chapters/milwaukee Milwaukee Chapter]
+
** [http://www.comsoc.org/ Communications Society]
** Secretary & Webmaster, 2011-2012
+
*** [http://cms.comsoc.org/eprise/main/SiteGen/TC_CIS/Content/Home.html Communications and Information Security Technical Committee]
** Board of governors, 2009-2011
+
*** [http://committees.comsoc.org/ehealth/ eHealth Technical Committee]
* [http://www.isaca.org/ ISACA] (Information Systems Audit and Control Association) [http://www.isaca-km.org/ Kettle Moraine Chapter]
+
** [http://www.computer.org/ Computer Society]
* [http://www.isoc.org/ ISoc] (Internet Society) [http://tools.ietf.org/area/sec/trac/wiki IETF SAAG] (Internet Engineering Task Force Security Area Advisory Group)
+
*** [http://www.ieee-security.org/ Technical Committee on Security & Privacy]
<!-- * [http://www.niap-ccevs.org/ NIAP] (National Information Assurance Partnership) -->
+
** [http://www.itsoc.org/ Information Theory Society]
* [http://www.nist.gov/ NIST] (National Institute of Standards and Technology) [http://www.nist.gov/itl/ ITL] [http://www.nist.gov/itl/csd/ CSD] [http://www.nist.gov/itl/csd/ct/ CTG] Cryptographic Key Management Workshop delegate
+
** [http://lifesciences.ieee.org/ Life Sciences Community]
* [http://corp.getoutsidecounsel.com/ Outside Counsel] Mentor
+
** [http://www.signalprocessingsociety.org/technical-committees/list/ifs-tc/ Signal Processing Society Information Forensics and Security Technical Committee]
* [http://www.pikapp.org/ Pi Kappa Phi], [http://www.pikapps-mst.org/ Gamma Lambda Chapter]
+
** [http://spectrum.ieee.org/static/ieee-spectrum-forecasters Spectrum Forecasters]
** Alumni Housing Corp Historian, 2010-Present
+
* [http://www.theiia.org/ IIA] (Institute of Internal Auditors), [http://www.theiia.org/chapters/milwaukee Milwaukee Chapter]
** Webmaster, 2007-Present
+
** Research Committee
* [http://www.sans.org/ SANS Institute] (System administration, Audit, Networking and Security Institute)
+
* [http://www.isaca.org/ ISACA] (Information Systems Audit and Control Association), [http://www.isaca-km.org/ Kettle Moraine Chapter]
** [http://www.sans.org/mentor/ Mentor] for courses [http://www.sans.org/training/description.php?mid=98 SEC-508]: Computer Forensics, Investigation, and Response; and [http://www.sans.org/training/description.php?mid=6 AUD-507]: Auditing Networks, Perimeters & Systems
+
* [http://www.isoc.org/ ISoc] (Internet Society)
<!-- * [http://www.upaf.org/ UPAF] [http://events.upaf.org/ride/ Ride for the Arts]
+
** [http://www.ietf.org/ IETF] (Internet Engineering Task Force)
** 75-mile route, 2010-2011
+
*** [http://tools.ietf.org/area/sec/trac/wiki SAAG] (Security Area Advisory Group)
*** Highest individual fundraiser on Rockwell Automation team, both years -->
+
* [http://www.nist.gov/ NIST] (National Institute of Standards and Technology) [http://www.nist.gov/itl/ ITL] (Information Technology Laboratory) [http://www.nist.gov/itl/csd/ CSD] (Computer Security Division) [http://www.nist.gov/itl/csd/ct/ CTG] (Cryptographic Technology Group) [http://csrc.nist.gov/groups/ST/key_mgmt/ Cryptographic Key Management Project]
* [http://www.village.grafton.wi.us/ Village of Grafton, Wisconsin]
+
* [http://www.sans.org/ SANS Institute] (System administration, Audit, Networking and Security Institute) [http://www.sans.org/mentor/ Mentor] Program
** [http://www.village.grafton.wi.us/index.aspx?nid=290 Board of Review], 2010-2012
+
* [http://www.webappsec.org/ WASC] (Web Application Security Consortium)
** [http://www.village.grafton.wi.us/index.aspx?NID=289 Board of Appeals], 2011-2012
+
** [http://projects.webappsec.org/w/page/13246984/WASC-Community Articles Peer Review Team]
* [http://www.webappsec.org/ WASC] (Web Application Security Consortium) [http://projects.webappsec.org/w/page/13246984/WASC-Community Articles Peer Review Team] member
+
  
 
=="Credentials"==
 
=="Credentials"==
 
===Certifications===
 
===Certifications===
* CISM - Certified Information Security Manager
+
* [http://www.isaca.org/cism CISM] - Certified Information Security Manager
* CISA - Certified Information Systems Auditor
+
* [http://www.isaca.org/cisa CISA] - Certified Information Systems Auditor
* CRMA - Certified in Risk Management Assurance
+
* [http://na.theiia.org/certification/crma-certification CRMA] - Certified in Risk Management Assurance
* GSNA - GIAC-certified Systems and Network Auditor
+
* [http://www.giac.org/certifications/audit/gsna.php GSNA] - GIAC-certified Systems and Network Auditor
* GCFA - GIAC Certified Forensic Analyst
+
* [http://www.giac.org/certifications/forensics/gcfa.php GCFA] - GIAC Certified Forensic Analyst
* CCSK - Certified in Cloud Security Knowledge
+
* [http://cloudsecurityalliance.org/education/ccsk/ CCSK] - Certified in Cloud Security Knowledge
* CCISO - Certified Chief Information Security Officer
+
* [http://www.eccouncil.org/certification/certified_ethical_hacker.aspx CEH] - Certified Ethical Hacker
* CEH - Certified Ethical Hacker
+
* [http://www.eccouncil.org/ciso/ CCISO] - Certified Chief Information Security Officer
* CHS - Certified in Homeland Security (Level III)
+
* [http://www.accessdata.com/training/certifications  ACE] - AccessData Certified Examiner
* CFR-D - Certified First Responder with Defibrillation
+
* [http://www.abchs.com/certification/chsiii.php CHS] - Certified in Homeland Security (Level III)
* ITIL v3 Foundation Certified
+
* [http://www.redcross.org/take-a-class/program-highlights/cpr-first-aid/professional-rescuers#emergency-medical-response CFR-D] - Certified First Responder with Defibrillation
 +
* [http://www.itil-officialsite.com/Qualifications/ITILQualificationLevels/ITILFoundation.aspx ITIL Foundation] Certified (Version 3)
 +
 
 +
===Education===
 +
* [http://www.capitol-college.edu/ Capitol College] (2014-2017)
 +
** Doctor of Science, Information Assurance
 +
* [http://www.capitol-college.edu/ Capitol College] (2012 - 2014)
 +
** Master of Science, Information Assurance, with honors
 +
* [http://www.dliflc.edu/ Defense Language Institute] (1995 - 1996)
 +
** Diploma & Linguistic Certification, Russian
 +
* [http://www.mst.edu/ University of Missouri-Rolla] (1990 - 1994)
 +
** Bachelor of Arts, Psychology & Philosophy
  
===Education & Training===
+
===Training===
* Capitol College (8/2012 - 5/2014, expected)
+
* CITI - Human Subjects Research (10/2014)
** Master of Science in Information Assurance
+
* IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
 
* IIA/Audimation - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
 
* IIA/Audimation - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
 
* MISTI/ISACA - Auditing & Securing Cloud-Based Services (1/2011)
 
* MISTI/ISACA - Auditing & Securing Cloud-Based Services (1/2011)
Line 88: Line 96:
 
* SANS – Hacker Techniques, Exploits and Incident Handling (10/2005)
 
* SANS – Hacker Techniques, Exploits and Incident Handling (10/2005)
 
* Infosec Institute – Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
 
* Infosec Institute – Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
* EC-Council/Mile2 – Certified Ethical Hacker Training (7/2004)
+
* Mile2/SMU – Certified Ethical Hacker Training (7/2004)
 
* Foundstone – Ultimate Web Hacking (9/2003)
 
* Foundstone – Ultimate Web Hacking (9/2003)
 
* Siegeworks – Advanced AppAuditor Training (12/2002)
 
* Siegeworks – Advanced AppAuditor Training (12/2002)
 
* SANS – Auditing Networks, Perimeters, and Systems (4/2002)
 
* SANS – Auditing Networks, Perimeters, and Systems (4/2002)
 
* Sanctum – AppScan AppAuditor Training (5/2001)
 
* Sanctum – AppScan AppAuditor Training (5/2001)
* Bank One University (1/2001 – 1/2005)
+
* National Cryptologic School - Information Systems Security Engineering (2/2000)
** Numerous business/management courses including Planning and Executing Projects, Understanding Personality Styles, Incident Management, Presentation Skills, SMART Goals, and Using the Gallup Q12
+
* National Cryptologic School - Operational Information Systems Security (11/1999)
* National Cryptologic School (1/1997 – 1/2001)
+
** Numerous classified & unclassified courses including Information Systems Security Engineering, Technical Writing & Documentation, Encryption Key Management, Operational Information Systems Security, Computer Network Exploitation, and Operations Security
+
* Naval Technical Training Center Detachment/Naval Center for Information Dominance Detachment at Goodfellow AFB (7/1996 - 12/1996)
+
** Course X3ABR1N333A 011/014 (classified)
+
 
* American Red Cross - Emergency Medical Response (5/1995)
 
* American Red Cross - Emergency Medical Response (5/1995)
* Naval Security Group Detachment/Naval Center for Information Dominance Detachment at Presidio of Monterey (4/1995 - 7/1996)
 
** Course A-232-0021 (classified)
 
* Missouri University of Science & Technology (8/1990 - 12/1994)
 
** Bachelors of Arts in Psychology and Philosophy
 
  
 
==Miscellany==
 
==Miscellany==
[https://www.facebook.com/mdchalmers http://icons.iconarchive.com/icons/danleech/simple/48/facebook-icon.png][https://www.linkedin.com/in/mdchalmers http://icons.iconarchive.com/icons/danleech/simple/48/linkedin-icon.png][https://plus.google.com/111498867553953764439/about http://icons.iconarchive.com/icons/danleech/simple/48/google-plus-icon.png][https://www.amazon.com/gp/pdp/profile/A1TS7LUEDD6B03 http://icons.iconarchive.com/icons/danleech/simple/48/amazon-icon.png][http://mystatus.skype.com/bigclassic/mdchalmers http://icons.iconarchive.com/icons/danleech/simple/48/skype-icon.png][https://sourceforge.net/users/mchalmers http://s3.coder.io/sourceforge.net.png]
+
<!-- [https://www.facebook.com/mdchalmers http://icons.iconarchive.com/icons/danleech/simple/48/facebook-icon.png] [https://plus.google.com/111498867553953764439/about http://icons.iconarchive.com/icons/danleech/simple/48/google-plus-icon.png] [https://www.amazon.com/gp/pdp/profile/A1TS7LUEDD6B03 http://icons.iconarchive.com/icons/danleech/simple/48/amazon-icon.png] [http://mystatus.skype.com/bigclassic/mdchalmers http://icons.iconarchive.com/icons/danleech/simple/48/skype-icon.png] [https://sourceforge.net/users/mchalmers http://s3.coder.io/sourceforge.net.png] [https://www.xing.com/profile/Matthew_Chalmers http://files.softicons.com/download/social-media-icons/simple-icons-by-dan-leech/png/48x48/xing.png] [https://www.ohloh.net/accounts/mchalmers http://a0.twimg.com/profile_images/1875443436/icon_normal.png] [https://www.huterra.com/member/Matthew%20Chalmers/ https://lh6.googleusercontent.com/-RHaHkZ61nN0/AAAAAAAAAAI/AAAAAAAAAAA/Tx_mhDQ7iUA/s48-c-k-no/photo.jpg] [http://www.youtube.com/channel/UCQq11fnwqdiI2CRJmIMTboQ http://www.visual-experiments.com/blog/wp-content/uploads/2010/03/logo.youtube.png] --> [https://www.linkedin.com/in/mdchalmers http://icons.iconarchive.com/icons/danleech/simple/48/linkedin-icon.png] [https://www.researchgate.net/profile/Matthew_Chalmers2/ https://fbcdn-profile-a.akamaihd.net/hprofile-ak-ash1/s48x48/592053_47853226208_1055406790_q.jpg] [https://capitol-college.academia.edu/MatthewChalmers http://www.thegrumpyhacker.com/images/academia-small.png] [https://www.ieee.org/portal/myieee/memberNetMemberProfile.html?custNum=xQ8X05l0WhB4dcZo%2Fg2WOA%3D%3D https://lh3.googleusercontent.com/-mOf05sh0-B0/AAAAAAAAAAI/AAAAAAAAAAA/F5wexTHG_LM/s48-c-k-no/photo.jpg] [https://campus.acm.org/public/vcard/vcard.cfm?handle=mdchalmers http://www.sigsoft.org/images/acm_logo.gif] [http://connect.internetsociety.org/myprofile/profile/?UserKey=1d5fe9e7-aff6-4711-b4f3-95969b135a91 https://pbs.twimg.com/profile_images/378800000668457482/ba86ae99ee34618394f7418cd801e7a9_normal.jpeg]
[https://www.xing.com/profile/Matthew_Chalmers http://files.softicons.com/download/social-media-icons/simple-icons-by-dan-leech/png/48x48/xing.png]
+
<!-- [https://www.ohloh.net/accounts/mchalmers http://a0.twimg.com/profile_images/1875443436/icon_normal.png] -->
+

Latest revision as of 12:05, 26 February 2015

150px-Chalmers%2C_Matthew.jpg
Currently I'm the Chief Auditor–Information Technology for Marshfield Clinic. I've earned both management and technical certifications such as the CISM and CEH as well as a Master of Science in Information Assurance en route to a Doctor of Science (Sc.D.) expected in 2017. I specialize in information technology audit, compliance, control, governance, risk management, security, and usability. I've been involved with OWASP since about 2002. I can be reached at matthew dot chalmers at owasp dot org.

OWASP Involvement

OWASP Wiki

OWASP Projects

OWASP Chapters

  • Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the Washington DC chapter)
    • Active member 2004-2005
    • Recorded meeting minutes and maintained chapter web pages (pre-wiki)
  • Founder and former chapter leader of the original Milwaukee chapter
  • "Member-at-Large"

Non-OWASP Involvement

"Credentials"

Certifications

  • CISM - Certified Information Security Manager
  • CISA - Certified Information Systems Auditor
  • CRMA - Certified in Risk Management Assurance
  • GSNA - GIAC-certified Systems and Network Auditor
  • GCFA - GIAC Certified Forensic Analyst
  • CCSK - Certified in Cloud Security Knowledge
  • CEH - Certified Ethical Hacker
  • CCISO - Certified Chief Information Security Officer
  • ACE - AccessData Certified Examiner
  • CHS - Certified in Homeland Security (Level III)
  • CFR-D - Certified First Responder with Defibrillation
  • ITIL Foundation Certified (Version 3)

Education

Training

  • CITI - Human Subjects Research (10/2014)
  • IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
  • IIA/Audimation - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
  • MISTI/ISACA - Auditing & Securing Cloud-Based Services (1/2011)
  • ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
  • PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
  • SANS – Computer Forensics, Investigation, and Response (4/2008)
  • Entellus Technology Group – SAP ERP Basis Auditing & Security Risks (12/2007)
  • SAP America – Virsa Compliance Calibrator Training (10/2006)
  • IIA/Deloitte – SAP ERP Technical Audit (8/2006)
  • SPI Dynamics – Web Application Security Assessment with WebInspect (11/2005)
  • SANS – Hacker Techniques, Exploits and Incident Handling (10/2005)
  • Infosec Institute – Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
  • Mile2/SMU – Certified Ethical Hacker Training (7/2004)
  • Foundstone – Ultimate Web Hacking (9/2003)
  • Siegeworks – Advanced AppAuditor Training (12/2002)
  • SANS – Auditing Networks, Perimeters, and Systems (4/2002)
  • Sanctum – AppScan AppAuditor Training (5/2001)
  • National Cryptologic School - Information Systems Security Engineering (2/2000)
  • National Cryptologic School - Operational Information Systems Security (11/1999)
  • American Red Cross - Emergency Medical Response (5/1995)

Miscellany

linkedin-icon.png 592053_47853226208_1055406790_q.jpg academia-small.png photo.jpg acm_logo.gif ba86ae99ee34618394f7418cd801e7a9_normal.jpeg