Difference between revisions of "User:Mchalmers"

From OWASP
Jump to: navigation, search
m (Education)
 
(43 intermediate revisions by the same user not shown)
Line 1: Line 1:
<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa">https://www.owasp.org/images/thumb/8/8e/Chalmers%2C_Matthew.jpg/150px-Chalmers%2C_Matthew.jpg</div><div style="text-align: justify;">I've been doing information assurance related work my entire professional career, since earning my bachelor's from the Missouri University of Science & Technology. I've worked for public, private, government and non-profit organizations in the defense, finance, manufacturing and healthcare industries including the National Security Agency, JPMorgan Chase and Rockwell Automation. Currently I'm the Chief IT Auditor for the Marshfield Clinic. I've earned the CISM, CISA, CRMA, GSNA, GCFA, CCSK, CEH, and other certifications and I'm pursuing a doctor of science (Sc.D.) in information assurance. I specialize in information technology audit, compliance, control, governance, risk management, and security; applied cryptography and key management; and security usability.
+
<div style="float: left; margin-right: 5px; padding-top: 11px; border: 1px solid #aaa; width: 178px; height: 200px; text-align: center;">https://www.owasp.org/images/thumb/8/8e/Chalmers%2C_Matthew.jpg/150px-Chalmers%2C_Matthew.jpg</div>I make things better and help people succeed. I make technology processes better and help executive management succeed at ManpowerGroup by leading the Global IT Audit Advisory Services team.
  
<br><br>I've been involved with OWASP since about 2002. I can be reached at '''matthew''' ''dot'' '''chalmers''' ''at'' '''owasp''' ''dot'' '''org'''.</div><br clear="all"><br>
+
I've been focussed on information security related work my entire professional career. I've earned numerous industry certifications such as the CISM and CEH as well as a Master of Science in Information Assurance en route to a Doctor of Science (Sc.D.) expected in 2017. I specialize in IT audit, compliance, control, governance, risk management, security, and usability.
 +
 
 +
I've been involved with OWASP since about 2002. I can be reached at matthew '''.''' chalmers ''@'' owasp '''.''' org.
 +
 
 +
<br style="clear: both;">
  
 
==OWASP Involvement==
 
==OWASP Involvement==
Line 14: Line 18:
 
** [http://lists.owasp.org/mailman/listinfo/owasp_pr_project OWASP PR Project]
 
** [http://lists.owasp.org/mailman/listinfo/owasp_pr_project OWASP PR Project]
 
* [[Global Chapter Committee]]
 
* [[Global Chapter Committee]]
* [[Summit 2011]]
+
* [[Summit 2011|OWASP Global Summit 2011]]
 
** [[Summit_2011_Working_Sessions/Session082|Audit Working Session Chair]]
 
** [[Summit_2011_Working_Sessions/Session082|Audit Working Session Chair]]
 
** [[Summit_2011_Working_Sessions/Session080|PCI Working Session Co-Chair]]
 
** [[Summit_2011_Working_Sessions/Session080|PCI Working Session Co-Chair]]
Line 30: Line 34:
 
** [[Chicago]] chapter (2005-2011)
 
** [[Chicago]] chapter (2005-2011)
 
** [[Madison]] chapter (2005-Present)
 
** [[Madison]] chapter (2005-Present)
 +
** [[Milwaukee]] chapter (2012-Present)
  
 
==Non-OWASP Involvement==
 
==Non-OWASP Involvement==
 
* [http://www.acm.org/ ACM] (Association for Computing Machinery)
 
* [http://www.acm.org/ ACM] (Association for Computing Machinery)
 +
** [http://www.sigact.org/ SIGACT] (Special Interest Group on Algorithms and Computation Theory)
 +
** [http://www.sigcas.org/ SIGCAS] (Special Interest Group on Computers and Society)
 
** [http://www.sigchi.org/ SIGCHI] (Special Interest Group on Computer-Human Interaction)
 
** [http://www.sigchi.org/ SIGCHI] (Special Interest Group on Computer-Human Interaction)
 
** [http://www.sigsac.org/ SIGSAC] (Special Interest Group on Security, Audit, and Control)
 
** [http://www.sigsac.org/ SIGSAC] (Special Interest Group on Security, Audit, and Control)
 +
* [http://www.acfea.org/ ACFEA] (Armed Forces Communications and Electronics Association)
 
* [http://www.cloudsecurityalliance.org/ CSA] (Cloud Security Alliance)
 
* [http://www.cloudsecurityalliance.org/ CSA] (Cloud Security Alliance)
 
* [http://www.eff.org/ EFF] (Electronic Frontier Foundation)
 
* [http://www.eff.org/ EFF] (Electronic Frontier Foundation)
 +
* [http://www.iacr.org/ IACR] (International Association for Cryptologic Research)
 
* [http://csrc.nist.gov/nissc/1999/program/isso/sld077.htm IATFF] (Information Assurance Technical Framework Forum)
 
* [http://csrc.nist.gov/nissc/1999/program/isso/sld077.htm IATFF] (Information Assurance Technical Framework Forum)
 
* [http://www.ieee.org/ IEEE] (Institute of Electrical & Electronics Engineers)
 
* [http://www.ieee.org/ IEEE] (Institute of Electrical & Electronics Engineers)
Line 50: Line 59:
 
* [http://www.theiia.org/ IIA] (Institute of Internal Auditors), [http://www.theiia.org/chapters/milwaukee Milwaukee Chapter]
 
* [http://www.theiia.org/ IIA] (Institute of Internal Auditors), [http://www.theiia.org/chapters/milwaukee Milwaukee Chapter]
 
** Research Committee
 
** Research Committee
 +
* [http://www.identitymanagementinstitute.org/ IMI] (Identity Management Institute)
 
* [http://www.isaca.org/ ISACA] (Information Systems Audit and Control Association), [http://www.isaca-km.org/ Kettle Moraine Chapter]
 
* [http://www.isaca.org/ ISACA] (Information Systems Audit and Control Association), [http://www.isaca-km.org/ Kettle Moraine Chapter]
 
* [http://www.isoc.org/ ISoc] (Internet Society)
 
* [http://www.isoc.org/ ISoc] (Internet Society)
Line 61: Line 71:
 
=="Credentials"==
 
=="Credentials"==
 
===Certifications===
 
===Certifications===
 +
* [http://www.identitymanagementinstitute.org/cirm/ CIRM] - Certified Identity Risk Manager
 +
* [http://www.accessdata.com/training/certifications  ACE] - AccessData Certified Examiner
 +
* [http://www.eccouncil.org/ciso/ CCISO] - Certified Chief Information Security Officer
 
* [http://www.isaca.org/cism CISM] - Certified Information Security Manager
 
* [http://www.isaca.org/cism CISM] - Certified Information Security Manager
* [http://www.isaca.org/cisa CISA] - Certified Information Systems Auditor
+
* [http://cloudsecurityalliance.org/education/ccsk/ CCSK] - Certified in Cloud Security Knowledge
 
* [http://na.theiia.org/certification/crma-certification CRMA] - Certified in Risk Management Assurance
 
* [http://na.theiia.org/certification/crma-certification CRMA] - Certified in Risk Management Assurance
* [http://www.giac.org/certifications/audit/gsna.php GSNA] - GIAC-certified Systems and Network Auditor
 
 
* [http://www.giac.org/certifications/forensics/gcfa.php GCFA] - GIAC Certified Forensic Analyst
 
* [http://www.giac.org/certifications/forensics/gcfa.php GCFA] - GIAC Certified Forensic Analyst
* [http://cloudsecurityalliance.org/education/ccsk/ CCSK] - Certified in Cloud Security Knowledge
+
* [http://www.itil-officialsite.com/Qualifications/ITILQualificationLevels/ITILFoundation.aspx ITIL] - Foundation Certified (Version 3)
 +
* [http://www.isaca.org/cisa CISA] - Certified Information Systems Auditor
 
* [http://www.eccouncil.org/certification/certified_ethical_hacker.aspx CEH] - Certified Ethical Hacker
 
* [http://www.eccouncil.org/certification/certified_ethical_hacker.aspx CEH] - Certified Ethical Hacker
* [http://www.eccouncil.org/ciso/ CCISO] - Certified Chief Information Security Officer
 
* [http://www.accessdata.com/training/certifications  ACE] - AccessData Certified Examiner
 
 
* [http://www.abchs.com/certification/chsiii.php CHS] - Certified in Homeland Security (Level III)
 
* [http://www.abchs.com/certification/chsiii.php CHS] - Certified in Homeland Security (Level III)
* [http://www.redcross.org/take-a-class/program-highlights/cpr-first-aid/professional-rescuers#emergency-medical-response CFR-D] - Certified First Responder with Defibrillation
+
* [http://www.giac.org/certifications/audit/gsna.php GSNA] - GIAC-certified Systems and Network Auditor
* [http://www.itil-officialsite.com/Qualifications/ITILQualificationLevels/ITILFoundation.aspx ITIL Foundation] Certified (Version 3)
+
* [http://www.giac.org/certifications/ GSEC] - GIAC Security Essentials Certified
 +
* [http://www.microsoft.com/ MCP] - Microsoft Certified Professional
  
 
===Education===
 
===Education===
* [http://www.capitol-college.edu/ Capitol College] (2012 - 2014)
+
* Doctor of Science, Information Assurance, 2017 '''(expected)''', [http://www.captechu.edu/ Capitol Technology University]
** Master of Science, Information Assurance, with honors
+
* Master of Science, Information Assurance, 2014 (with honors), [http://www.captechu.edu/ Capitol Technology University]
* [http://www.dliflc.edu/ Defense Language Institute] (1995 - 1996)
+
* Graduate Certificate, Information Assurance Administration, 2014, [http://www.captechu.edu/ Capitol Technology University]
** Diploma & Linguistic Certification, Russian
+
* [http://www.mst.edu/ Missouri University of Science & Technology] (1990 - 1994)
+
** Bachelor of Arts, Psychology & Philosophy
+
  
 
===Training===
 
===Training===
 
* IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
 
* IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
* IIA/Audimation - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
+
* IIA - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
* MISTI/ISACA - Auditing & Securing Cloud-Based Services (1/2011)
+
* ISACA - Auditing & Securing Cloud-Based Services (1/2011)
 
* ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
 
* ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
 
* PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
 
* PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
Line 91: Line 100:
 
* Entellus Technology Group – SAP ERP Basis Auditing & Security Risks (12/2007)
 
* Entellus Technology Group – SAP ERP Basis Auditing & Security Risks (12/2007)
 
* SAP America – Virsa Compliance Calibrator Training (10/2006)
 
* SAP America – Virsa Compliance Calibrator Training (10/2006)
* IIA/Deloitte – SAP ERP Technical Audit (8/2006)
+
* IIA – SAP ERP Technical Audit (8/2006)
 
* SPI Dynamics – Web Application Security Assessment with WebInspect (11/2005)
 
* SPI Dynamics – Web Application Security Assessment with WebInspect (11/2005)
 
* SANS – Hacker Techniques, Exploits and Incident Handling (10/2005)
 
* SANS – Hacker Techniques, Exploits and Incident Handling (10/2005)
 
* Infosec Institute – Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
 
* Infosec Institute – Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
* EC-Council/Mile2 – Certified Ethical Hacker Training (7/2004)
+
* Mile2 – Certified Ethical Hacker Training (7/2004)
 
* Foundstone – Ultimate Web Hacking (9/2003)
 
* Foundstone – Ultimate Web Hacking (9/2003)
 
* Siegeworks – Advanced AppAuditor Training (12/2002)
 
* Siegeworks – Advanced AppAuditor Training (12/2002)
Line 101: Line 110:
 
* Sanctum – AppScan AppAuditor Training (5/2001)
 
* Sanctum – AppScan AppAuditor Training (5/2001)
 
* National Cryptologic School - Information Systems Security Engineering (2/2000)
 
* National Cryptologic School - Information Systems Security Engineering (2/2000)
* National Cryptologic School - Operational Information Systems Security (11/1999)
+
* National Cryptologic School - Operational Information Systems Security (11/1998)
* American Red Cross - Emergency Medical Response (5/1995)
+
  
==Miscellany==
+
==Social Media Profiles==
<!-- [https://www.facebook.com/mdchalmers http://icons.iconarchive.com/icons/danleech/simple/48/facebook-icon.png] [https://plus.google.com/111498867553953764439/about http://icons.iconarchive.com/icons/danleech/simple/48/google-plus-icon.png] [https://www.amazon.com/gp/pdp/profile/A1TS7LUEDD6B03 http://icons.iconarchive.com/icons/danleech/simple/48/amazon-icon.png] [http://mystatus.skype.com/bigclassic/mdchalmers http://icons.iconarchive.com/icons/danleech/simple/48/skype-icon.png] [https://sourceforge.net/users/mchalmers http://s3.coder.io/sourceforge.net.png] [https://www.xing.com/profile/Matthew_Chalmers http://files.softicons.com/download/social-media-icons/simple-icons-by-dan-leech/png/48x48/xing.png] [https://www.ohloh.net/accounts/mchalmers http://a0.twimg.com/profile_images/1875443436/icon_normal.png] [https://www.huterra.com/member/Matthew%20Chalmers/ https://lh6.googleusercontent.com/-RHaHkZ61nN0/AAAAAAAAAAI/AAAAAAAAAAA/Tx_mhDQ7iUA/s48-c-k-no/photo.jpg] [http://www.youtube.com/channel/UCQq11fnwqdiI2CRJmIMTboQ http://www.visual-experiments.com/blog/wp-content/uploads/2010/03/logo.youtube.png] --> [https://www.linkedin.com/in/mdchalmers http://icons.iconarchive.com/icons/danleech/simple/48/linkedin-icon.png] [https://www.researchgate.net/profile/Matthew_Chalmers2/ https://fbcdn-profile-a.akamaihd.net/hprofile-ak-ash1/s48x48/592053_47853226208_1055406790_q.jpg] [https://capitol-college.academia.edu/MatthewChalmers http://individual.utoronto.ca/dbristow/images/Academia-icon.png] [https://www.ieee.org/portal/myieee/memberNetMemberProfile.html?custNum=xQ8X05l0WhB4dcZo%2Fg2WOA%3D%3D https://lh3.googleusercontent.com/-mOf05sh0-B0/AAAAAAAAAAI/AAAAAAAAAAA/F5wexTHG_LM/s48-c-k-no/photo.jpg] [https://campus.acm.org/public/vcard/vcard.cfm?handle=mdchalmers https://fbcdn-profile-a.akamaihd.net/hprofile-ak-prn2/t1.0-1/c0.0.48.48/p48x48/1970515_10152349176710761_1764576424_t.jpg]
+
<!--
 +
[http://mystatus.skype.com/bigclassic/mdchalmers https://icons.iconarchive.com/icons/danleech/simple/48/skype-icon.png]
 +
[http://www.youtube.com/channel/UCQq11fnwqdiI2CRJmIMTboQ http://www.visual-experiments.com/blog/wp-content/uploads/2010/03/logo.youtube.png]
 +
[https://www.huterra.com/member/Matthew%20Chalmers/communities https://lh6.googleusercontent.com/-RHaHkZ61nN0/AAAAAAAAAAI/AAAAAAAAAAA/Tx_mhDQ7iUA/s48-c-k-no/photo.jpg]
 +
-->
 +
[https://www.linkedin.com/in/mdchalmers https://icons.iconarchive.com/icons/danleech/simple/48/linkedin-icon.png] <!-- --> [https://www.xing.com/profile/Matthew_Chalmers https://icons.iconarchive.com/icons/danleech/simple/48/xing-icon.png] <!-- --> [https://www.facebook.com/mdchalmers https://icons.iconarchive.com/icons/danleech/simple/48/facebook-icon.png] <!-- --> [https://plus.google.com/111498867553953764439/about https://icons.iconarchive.com/icons/danleech/simple/48/google-plus-icon.png] <!-- --> [https://www.ohloh.net/accounts/mdchalmers https://pbs.twimg.com/profile_images/491231714056732672/4tBLt6aW_normal.png] <!-- --> [https://www.amazon.com/gp/pdp/profile/A1TS7LUEDD6B03 https://icons.iconarchive.com/icons/danleech/simple/48/amazon-icon.png] <!-- --> [https://www.researchgate.net/profile/Matthew_Chalmers2/ http://www.experimental-designs.com/wp-content/uploads/2014/03/Research-Gate-Icon.png] <!-- --> [https://captechu.academia.edu/MatthewChalmers http://www.thegrumpyhacker.com/images/academia-small.png] <!-- --> [https://scholar.google.com/citations?hl=en&user=ziXW83YAAAAJ http://people.ucsc.edu/~mclapham/googlescholar.jpg] <!-- --> [https://sourceforge.net/users/mchalmers https://gouessej.files.wordpress.com/2011/07/sourceforge.png] <!-- --> [https://campus.acm.org/public/vcard/vcard.cfm?handle=mdchalmers http://www.pringit.com/media/pics/01/77/48/5831184t.png] <!-- --> [https://www.ieee.org/portal/myieee/memberNetMemberProfile.html?custNum=xQ8X05l0WhB4dcZo%2Fg2WOA%3D%3D https://lh3.googleusercontent.com/-mOf05sh0-B0/AAAAAAAAAAI/AAAAAAAAAAA/F5wexTHG_LM/s48-c-k-no/photo.jpg] <!-- --> [https://connect.internetsociety.org/myprofile/profile/?UserKey=1d5fe9e7-aff6-4711-b4f3-95969b135a91 https://pbs.twimg.com/profile_images/378800000668457482/ba86ae99ee34618394f7418cd801e7a9_normal.jpeg] <!-- --> [https://keybase.io/mchalmers https://pbs.twimg.com/profile_images/441423558619586560/a8__KWaa_normal.png] <!-- --> [https://orcid.org/0000-0001-8153-4386 https://pbs.twimg.com/profile_images/2724646359/e9815d877cd092a19918df74e04f0415_normal.png]

Latest revision as of 01:18, 25 July 2015

150px-Chalmers%2C_Matthew.jpg
I make things better and help people succeed. I make technology processes better and help executive management succeed at ManpowerGroup by leading the Global IT Audit Advisory Services team.

I've been focussed on information security related work my entire professional career. I've earned numerous industry certifications such as the CISM and CEH as well as a Master of Science in Information Assurance en route to a Doctor of Science (Sc.D.) expected in 2017. I specialize in IT audit, compliance, control, governance, risk management, security, and usability.

I've been involved with OWASP since about 2002. I can be reached at matthew . chalmers @ owasp . org.


OWASP Involvement

OWASP Wiki

OWASP Projects

OWASP Chapters

  • Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the Washington DC chapter)
    • Active member 2004-2005
    • Recorded meeting minutes and maintained chapter web pages (pre-wiki)
  • Founder and former chapter leader of the original Milwaukee chapter
  • "Member-at-Large"

Non-OWASP Involvement

"Credentials"

Certifications

  • CIRM - Certified Identity Risk Manager
  • ACE - AccessData Certified Examiner
  • CCISO - Certified Chief Information Security Officer
  • CISM - Certified Information Security Manager
  • CCSK - Certified in Cloud Security Knowledge
  • CRMA - Certified in Risk Management Assurance
  • GCFA - GIAC Certified Forensic Analyst
  • ITIL - Foundation Certified (Version 3)
  • CISA - Certified Information Systems Auditor
  • CEH - Certified Ethical Hacker
  • CHS - Certified in Homeland Security (Level III)
  • GSNA - GIAC-certified Systems and Network Auditor
  • GSEC - GIAC Security Essentials Certified
  • MCP - Microsoft Certified Professional

Education

Training

  • IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
  • IIA - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
  • ISACA - Auditing & Securing Cloud-Based Services (1/2011)
  • ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
  • PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
  • SANS – Computer Forensics, Investigation, and Response (4/2008)
  • Entellus Technology Group – SAP ERP Basis Auditing & Security Risks (12/2007)
  • SAP America – Virsa Compliance Calibrator Training (10/2006)
  • IIA – SAP ERP Technical Audit (8/2006)
  • SPI Dynamics – Web Application Security Assessment with WebInspect (11/2005)
  • SANS – Hacker Techniques, Exploits and Incident Handling (10/2005)
  • Infosec Institute – Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
  • Mile2 – Certified Ethical Hacker Training (7/2004)
  • Foundstone – Ultimate Web Hacking (9/2003)
  • Siegeworks – Advanced AppAuditor Training (12/2002)
  • SANS – Auditing Networks, Perimeters, and Systems (4/2002)
  • Sanctum – AppScan AppAuditor Training (5/2001)
  • National Cryptologic School - Information Systems Security Engineering (2/2000)
  • National Cryptologic School - Operational Information Systems Security (11/1998)

Social Media Profiles

linkedin-icon.png xing-icon.png facebook-icon.png google-plus-icon.png 4tBLt6aW_normal.png amazon-icon.png Research-Gate-Icon.png academia-small.png googlescholar.jpg sourceforge.png 5831184t.png photo.jpg ba86ae99ee34618394f7418cd801e7a9_normal.jpeg a8__KWaa_normal.png e9815d877cd092a19918df74e04f0415_normal.png