Difference between revisions of "User:Mchalmers"

From OWASP
Jump to: navigation, search
m (Education)
m
 
(98 intermediate revisions by the same user not shown)
Line 1: Line 1:
<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa">https://www.owasp.org/images/thumb/8/8e/Chalmers%2C_Matthew.jpg/150px-Chalmers%2C_Matthew.jpg</div><div style="text-align: justify;">I've been doing information assurance related work my entire professional career, since earning my bachelor's from the Missouri University of Science & Technology. I've worked for public, private, government and non-profit organizations in the defense, finance, manufacturing and healthcare industries including the National Security Agency, JPMorgan Chase and Rockwell Automation. Currently I'm the Chief IT Auditor for the Marshfield Clinic. I've earned the CISM, CISA, CRMA, GSNA, GCFA, CCSK, CEH, and other certifications and I'm pursuing a doctor of science (Sc.D.) in information assurance. I specialize in information technology audit, compliance, control, governance, risk management, and security; applied cryptography and key management; and security usability.
+
<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Chalmers,_Matthew.jpg|172px]]</div>Matthew Chalmers specializes in assurance, audit, compliance, control, governance, oversight, risk assessment/management, and security of information, information technology, and technology process.
  
<br><br>I've been involved with OWASP since about 2002. I can be reached at '''matthew''' ''dot'' '''chalmers''' ''at'' '''owasp''' ''dot'' '''org'''.</div><br clear="all"><br>
+
Matthew has been involved with OWASP since about 2002. He can be reached at matthew ''dot'' chalmers ''at'' owasp ''dot'' org.
 +
 
 +
<br style="clear: both;">
  
 
==OWASP Involvement==
 
==OWASP Involvement==
Line 14: Line 16:
 
** [http://lists.owasp.org/mailman/listinfo/owasp_pr_project OWASP PR Project]
 
** [http://lists.owasp.org/mailman/listinfo/owasp_pr_project OWASP PR Project]
 
* [[Global Chapter Committee]]
 
* [[Global Chapter Committee]]
* [[Summit 2011]]
+
* [[Summit 2011|OWASP Global Summit 2011]] - see [[Summit_2011_Attendee_Bios#Chalmers.2C_Matthew|my attendee bio]]
 
** [[Summit_2011_Working_Sessions/Session082|Audit Working Session Chair]]
 
** [[Summit_2011_Working_Sessions/Session082|Audit Working Session Chair]]
 
** [[Summit_2011_Working_Sessions/Session080|PCI Working Session Co-Chair]]
 
** [[Summit_2011_Working_Sessions/Session080|PCI Working Session Co-Chair]]
Line 28: Line 30:
 
* Founder and former chapter leader of the original [[Milwaukee]] chapter
 
* Founder and former chapter leader of the original [[Milwaukee]] chapter
 
* "Member-at-Large"
 
* "Member-at-Large"
** [[Chicago]] chapter (2005-2011)
+
** [[Chicago]] chapter (2005-2012)
** [[Madison]] chapter (2005-Present)
+
** [[Milwaukee]] chapter (2005-2016)
 +
** [[Madison]] chapter (2012-2016)
 +
** [[Minneapolis_St_Paul|Minneapolis-St. Paul]] chapter (2016-Present)
  
 
==Non-OWASP Involvement==
 
==Non-OWASP Involvement==
 
* [http://www.acm.org/ ACM] (Association for Computing Machinery)
 
* [http://www.acm.org/ ACM] (Association for Computing Machinery)
 +
** [http://www.sigact.org/ SIGACT] (Special Interest Group on Algorithms and Computation Theory)
 +
** [http://www.sigcas.org/ SIGCAS] (Special Interest Group on Computers and Society)
 
** [http://www.sigchi.org/ SIGCHI] (Special Interest Group on Computer-Human Interaction)
 
** [http://www.sigchi.org/ SIGCHI] (Special Interest Group on Computer-Human Interaction)
 
** [http://www.sigsac.org/ SIGSAC] (Special Interest Group on Security, Audit, and Control)
 
** [http://www.sigsac.org/ SIGSAC] (Special Interest Group on Security, Audit, and Control)
 
* [http://www.cloudsecurityalliance.org/ CSA] (Cloud Security Alliance)
 
* [http://www.cloudsecurityalliance.org/ CSA] (Cloud Security Alliance)
 
* [http://www.eff.org/ EFF] (Electronic Frontier Foundation)
 
* [http://www.eff.org/ EFF] (Electronic Frontier Foundation)
 +
* [http://www.iacr.org/ IACR] (International Association for Cryptologic Research)
 
* [http://csrc.nist.gov/nissc/1999/program/isso/sld077.htm IATFF] (Information Assurance Technical Framework Forum)
 
* [http://csrc.nist.gov/nissc/1999/program/isso/sld077.htm IATFF] (Information Assurance Technical Framework Forum)
 
* [http://www.ieee.org/ IEEE] (Institute of Electrical & Electronics Engineers)
 
* [http://www.ieee.org/ IEEE] (Institute of Electrical & Electronics Engineers)
 
** [http://www.comsoc.org/ Communications Society]
 
** [http://www.comsoc.org/ Communications Society]
 
*** [http://cms.comsoc.org/eprise/main/SiteGen/TC_CIS/Content/Home.html Communications and Information Security Technical Committee]
 
*** [http://cms.comsoc.org/eprise/main/SiteGen/TC_CIS/Content/Home.html Communications and Information Security Technical Committee]
*** [http://committees.comsoc.org/ehealth/ eHealth Technical Committee]
 
 
** [http://www.computer.org/ Computer Society]
 
** [http://www.computer.org/ Computer Society]
 +
*** [http://cybersecurity.ieee.org/ Cybersecurity Community]
 
*** [http://www.ieee-security.org/ Technical Committee on Security & Privacy]
 
*** [http://www.ieee-security.org/ Technical Committee on Security & Privacy]
 
** [http://www.itsoc.org/ Information Theory Society]
 
** [http://www.itsoc.org/ Information Theory Society]
** [http://lifesciences.ieee.org/ Life Sciences Community]
 
 
** [http://www.signalprocessingsociety.org/technical-committees/list/ifs-tc/ Signal Processing Society Information Forensics and Security Technical Committee]
 
** [http://www.signalprocessingsociety.org/technical-committees/list/ifs-tc/ Signal Processing Society Information Forensics and Security Technical Committee]
** [http://spectrum.ieee.org/static/ieee-spectrum-forecasters Spectrum Forecasters]
+
* [http://www.theiia.org/ IIA] (Institute of Internal Auditors)
* [http://www.theiia.org/ IIA] (Institute of Internal Auditors), [http://www.theiia.org/chapters/milwaukee Milwaukee Chapter]
+
** [https://chapters.theiia.org/milwaukee/Pages/default.aspx Milwaukee Chapter] Member, 2006-2012; Secretary of the Board, 2009-2011
** Research Committee
+
** [https://chapters.theiia.org/madison/Pages/default.aspx Madison Chapter]
* [http://www.isaca.org/ ISACA] (Information Systems Audit and Control Association), [http://www.isaca-km.org/ Kettle Moraine Chapter]
+
* [http://www.identitymanagementinstitute.org/ IMI] (Identity Management Institute)
 +
* [http://www.isaca.org/ ISACA] (Information Systems Audit and Control Association)
 +
** [http://isaca-km.org/ Kettle Moraine Chapter]
 
* [http://www.isoc.org/ ISoc] (Internet Society)
 
* [http://www.isoc.org/ ISoc] (Internet Society)
 
** [http://www.ietf.org/ IETF] (Internet Engineering Task Force)
 
** [http://www.ietf.org/ IETF] (Internet Engineering Task Force)
 
*** [http://tools.ietf.org/area/sec/trac/wiki SAAG] (Security Area Advisory Group)
 
*** [http://tools.ietf.org/area/sec/trac/wiki SAAG] (Security Area Advisory Group)
* [http://www.nist.gov/ NIST] (National Institute of Standards and Technology) [http://www.nist.gov/itl/ ITL] (Information Technology Laboratory) [http://www.nist.gov/itl/csd/ CSD] (Computer Security Division) [http://www.nist.gov/itl/csd/ct/ CTG] (Cryptographic Technology Group) [http://csrc.nist.gov/groups/ST/key_mgmt/ Cryptographic Key Management Project]
+
** [https://irtf.org/ IRTF] (Internet Research Task Force)
* [http://www.sans.org/ SANS Institute] (System administration, Audit, Networking and Security Institute) [http://www.sans.org/mentor/ Mentor] Program
+
*** [https://irtf.org/cfrg CFRG] (Crypto Forum Research Group)
 +
* [http://www.nist.gov/ NIST] (National Institute of Standards and Technology) [http://www.nist.gov/itl/ ITL] (Information Technology Laboratory) [http://www.nist.gov/itl/csd/ CSD] (Computer Security Division) [http://www.nist.gov/itl/csd/ct/ CTG] (Cryptographic Technology Group)
 +
** [http://csrc.nist.gov/groups/ST/key_mgmt/ Cryptographic Key Management Project]
 +
* [http://www.sans.org/ SANS Institute] (System administration, Audit, Networking and Security Institute)
 +
** [http://www.sans.org/mentor/ Mentor] Program
 
* [http://www.webappsec.org/ WASC] (Web Application Security Consortium)
 
* [http://www.webappsec.org/ WASC] (Web Application Security Consortium)
 
** [http://projects.webappsec.org/w/page/13246984/WASC-Community Articles Peer Review Team]
 
** [http://projects.webappsec.org/w/page/13246984/WASC-Community Articles Peer Review Team]
Line 61: Line 73:
 
=="Credentials"==
 
=="Credentials"==
 
===Certifications===
 
===Certifications===
 +
* [http://www.identitymanagementinstitute.org/cdp/ CDP] - Certified in Data Protection
 +
* [http://www.identitymanagementinstitute.org/ciam/ CIAM] - Certified Identity and Access Manager
 +
* [http://www.identitymanagementinstitute.org/cirm/ CIRM] - Certified Identity Risk Manager
 +
* [http://www.accessdata.com/training/certifications  ACE] - AccessData Certified Examiner
 +
* [http://www.eccouncil.org/ciso/ CCISO] - Certified Chief Information Security Officer
 
* [http://www.isaca.org/cism CISM] - Certified Information Security Manager
 
* [http://www.isaca.org/cism CISM] - Certified Information Security Manager
* [http://www.isaca.org/cisa CISA] - Certified Information Systems Auditor
+
* [http://cloudsecurityalliance.org/education/ccsk/ CCSK] - Certified in Cloud Security Knowledge
 
* [http://na.theiia.org/certification/crma-certification CRMA] - Certified in Risk Management Assurance
 
* [http://na.theiia.org/certification/crma-certification CRMA] - Certified in Risk Management Assurance
* [http://www.giac.org/certifications/audit/gsna.php GSNA] - GIAC-certified Systems and Network Auditor
 
 
* [http://www.giac.org/certifications/forensics/gcfa.php GCFA] - GIAC Certified Forensic Analyst
 
* [http://www.giac.org/certifications/forensics/gcfa.php GCFA] - GIAC Certified Forensic Analyst
* [http://cloudsecurityalliance.org/education/ccsk/ CCSK] - Certified in Cloud Security Knowledge
+
* [http://www.itil-officialsite.com/Qualifications/ITILQualificationLevels/ITILFoundation.aspx ITIL] Foundation Certified
 +
* [http://www.isaca.org/cisa CISA] - Certified Information Systems Auditor
 +
* [http://www.abchs.com/certification/chsiii.php CHS] - Certified in Homeland Security
 
* [http://www.eccouncil.org/certification/certified_ethical_hacker.aspx CEH] - Certified Ethical Hacker
 
* [http://www.eccouncil.org/certification/certified_ethical_hacker.aspx CEH] - Certified Ethical Hacker
* [http://www.eccouncil.org/ciso/ CCISO] - Certified Chief Information Security Officer
+
* [http://www.giac.org/certifications/audit/gsna.php GSNA] - GIAC-certified Systems and Network Auditor
* [http://www.accessdata.com/training/certifications ACE] - AccessData Certified Examiner
+
* [https://www.microsoft.com/en-us/learning/microsoft-certified-professional.aspx MCP] - Microsoft Certified Professional
* [http://www.abchs.com/certification/chsiii.php CHS] - Certified in Homeland Security (Level III)
 
* [http://www.redcross.org/take-a-class/program-highlights/cpr-first-aid/professional-rescuers#emergency-medical-response CFR-D] - Certified First Responder with Defibrillation
 
* [http://www.itil-officialsite.com/Qualifications/ITILQualificationLevels/ITILFoundation.aspx ITIL Foundation] Certified (Version 3)
 
  
 
===Education===
 
===Education===
* [http://www.capitol-college.edu/ Capitol College] (2012 - 2014)
+
* Master of Science, Information Assurance, [http://capitol.technology.university/ Capitol Technology University]
** Master of Science, Information Assurance, with honors
+
* Bachelor of Arts, Psychology & Philosophy, [http://www.mst.edu/ Missouri University of Science & Technology]
* [http://www.dliflc.edu/ Defense Language Institute] (1995 - 1996)
 
** Diploma & Linguistic Certification, Russian
 
* [http://www.mst.edu/ Missouri University of Science & Technology] (1990 - 1994)
 
** Bachelor of Arts, Psychology & Philosophy
 
  
 
===Training===
 
===Training===
 +
* CITI - Human Subjects Research (10/2014)
 
* IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
 
* IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
* IIA/Audimation - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
+
* IIA - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
* MISTI/ISACA - Auditing & Securing Cloud-Based Services (1/2011)
+
* ISACA - Auditing & Securing Cloud-Based Services (1/2011)
 
* ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
 
* ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
 
* PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
 
* PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
* SANS Computer Forensics, Investigation, and Response (4/2008)
+
* SANS - Computer Forensics, Investigation, and Response (4/2008)
* Entellus Technology Group SAP ERP Basis Auditing & Security Risks (12/2007)
+
* Entellus Technology Group - SAP ERP Basis Auditing & Security Risks (12/2007)
* SAP America Virsa Compliance Calibrator Training (10/2006)
+
* SAP America - Virsa Compliance Calibrator Training (10/2006)
* IIA/Deloitte – SAP ERP Technical Audit (8/2006)
+
* IIA - SAP ERP Technical Audit (8/2006)
* SPI Dynamics Web Application Security Assessment with WebInspect (11/2005)
+
* SPI Dynamics - Web Application Security Assessment with WebInspect (11/2005)
* SANS Hacker Techniques, Exploits and Incident Handling (10/2005)
+
* SANS - Hacker Techniques, Exploits and Incident Handling (10/2005)
* Infosec Institute Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
+
* Infosec Institute - Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
* EC-Council/Mile2 – Certified Ethical Hacker Training (7/2004)
+
* Mile2 - Certified Ethical Hacker Training (7/2004)
* Foundstone Ultimate Web Hacking (9/2003)
+
* Foundstone - Ultimate Web Hacking (9/2003)
* Siegeworks Advanced AppAuditor Training (12/2002)
+
* Siegeworks - Advanced AppAuditor Training (12/2002)
* SANS Auditing Networks, Perimeters, and Systems (4/2002)
+
* SANS - Auditing Networks, Perimeters, and Systems (4/2002)
* Sanctum AppScan AppAuditor Training (5/2001)
+
* Sanctum - AppScan AppAuditor Training (5/2001)
 
* National Cryptologic School - Information Systems Security Engineering (2/2000)
 
* National Cryptologic School - Information Systems Security Engineering (2/2000)
* National Cryptologic School - Operational Information Systems Security (11/1999)
+
* National Cryptologic School - Operational Information Systems Security (11/1998)
* American Red Cross - Emergency Medical Response (5/1995)
 
 
 
==Miscellany==
 
<!-- [https://www.facebook.com/mdchalmers http://icons.iconarchive.com/icons/danleech/simple/48/facebook-icon.png] [https://plus.google.com/111498867553953764439/about http://icons.iconarchive.com/icons/danleech/simple/48/google-plus-icon.png] [https://www.amazon.com/gp/pdp/profile/A1TS7LUEDD6B03 http://icons.iconarchive.com/icons/danleech/simple/48/amazon-icon.png] [http://mystatus.skype.com/bigclassic/mdchalmers http://icons.iconarchive.com/icons/danleech/simple/48/skype-icon.png] [https://sourceforge.net/users/mchalmers http://s3.coder.io/sourceforge.net.png] [https://www.xing.com/profile/Matthew_Chalmers http://files.softicons.com/download/social-media-icons/simple-icons-by-dan-leech/png/48x48/xing.png] [https://www.ohloh.net/accounts/mchalmers http://a0.twimg.com/profile_images/1875443436/icon_normal.png] [https://www.huterra.com/member/Matthew%20Chalmers/ https://lh6.googleusercontent.com/-RHaHkZ61nN0/AAAAAAAAAAI/AAAAAAAAAAA/Tx_mhDQ7iUA/s48-c-k-no/photo.jpg] [http://www.youtube.com/channel/UCQq11fnwqdiI2CRJmIMTboQ http://www.visual-experiments.com/blog/wp-content/uploads/2010/03/logo.youtube.png] --> [https://www.linkedin.com/in/mdchalmers http://icons.iconarchive.com/icons/danleech/simple/48/linkedin-icon.png] [https://www.researchgate.net/profile/Matthew_Chalmers2/ https://fbcdn-profile-a.akamaihd.net/hprofile-ak-ash1/s48x48/592053_47853226208_1055406790_q.jpg] [https://capitol-college.academia.edu/MatthewChalmers http://individual.utoronto.ca/dbristow/images/Academia-icon.png] [https://www.ieee.org/portal/myieee/memberNetMemberProfile.html?custNum=xQ8X05l0WhB4dcZo%2Fg2WOA%3D%3D https://lh3.googleusercontent.com/-mOf05sh0-B0/AAAAAAAAAAI/AAAAAAAAAAA/F5wexTHG_LM/s48-c-k-no/photo.jpg] [https://campus.acm.org/public/vcard/vcard.cfm?handle=mdchalmers https://fbcdn-profile-a.akamaihd.net/hprofile-ak-prn2/t1.0-1/c0.0.48.48/p48x48/1970515_10152349176710761_1764576424_t.jpg]
 

Latest revision as of 18:31, 22 September 2017

Chalmers, Matthew.jpg
Matthew Chalmers specializes in assurance, audit, compliance, control, governance, oversight, risk assessment/management, and security of information, information technology, and technology process.

Matthew has been involved with OWASP since about 2002. He can be reached at matthew dot chalmers at owasp dot org.


OWASP Involvement

OWASP Wiki

OWASP Projects

OWASP Chapters

  • Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the Washington DC chapter)
    • Active member 2004-2005
    • Recorded meeting minutes and maintained chapter web pages (pre-wiki)
  • Founder and former chapter leader of the original Milwaukee chapter
  • "Member-at-Large"

Non-OWASP Involvement

"Credentials"

Certifications

  • CDP - Certified in Data Protection
  • CIAM - Certified Identity and Access Manager
  • CIRM - Certified Identity Risk Manager
  • ACE - AccessData Certified Examiner
  • CCISO - Certified Chief Information Security Officer
  • CISM - Certified Information Security Manager
  • CCSK - Certified in Cloud Security Knowledge
  • CRMA - Certified in Risk Management Assurance
  • GCFA - GIAC Certified Forensic Analyst
  • ITIL Foundation Certified
  • CISA - Certified Information Systems Auditor
  • CHS - Certified in Homeland Security
  • CEH - Certified Ethical Hacker
  • GSNA - GIAC-certified Systems and Network Auditor
  • MCP - Microsoft Certified Professional

Education

Training

  • CITI - Human Subjects Research (10/2014)
  • IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
  • IIA - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
  • ISACA - Auditing & Securing Cloud-Based Services (1/2011)
  • ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
  • PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
  • SANS - Computer Forensics, Investigation, and Response (4/2008)
  • Entellus Technology Group - SAP ERP Basis Auditing & Security Risks (12/2007)
  • SAP America - Virsa Compliance Calibrator Training (10/2006)
  • IIA - SAP ERP Technical Audit (8/2006)
  • SPI Dynamics - Web Application Security Assessment with WebInspect (11/2005)
  • SANS - Hacker Techniques, Exploits and Incident Handling (10/2005)
  • Infosec Institute - Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
  • Mile2 - Certified Ethical Hacker Training (7/2004)
  • Foundstone - Ultimate Web Hacking (9/2003)
  • Siegeworks - Advanced AppAuditor Training (12/2002)
  • SANS - Auditing Networks, Perimeters, and Systems (4/2002)
  • Sanctum - AppScan AppAuditor Training (5/2001)
  • National Cryptologic School - Information Systems Security Engineering (2/2000)
  • National Cryptologic School - Operational Information Systems Security (11/1998)