Revision as of 09:45, 27 August 2012 by Mchalmers (talk | contribs) (Education & Training)

Jump to: navigation, search
I have been doing information security and related work my entire professional career, since earning my bachelor's degree from the Missouri University of Science & Technology (formerly the University of Missouri-Rolla). I have worked for public, private, government and non-profit organizations in the defense, finance, manufacturing and healthcare industries including the National Security Agency, JPMorgan Chase and Rockwell Automation. Currently I am the Chief IT Auditor for Marshfield Clinic Health System. I hold the CISM, CISA, CRMA, GSNA, GCFA, CCSK, CEH and CHS certifications and I am ITIL v3 Foundation certified. I specialize in information technology assessment, audit, compliance, control, governance and security.

I have been involved with OWASP since about 2002 and can be reached at matthew dot chalmers at owasp dot org.

OWASP Involvement


OWASP Projects

OWASP Chapters

  • Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the Washington DC chapter).
    • Active member 2004-2005.
    • Recorded meeting minutes and maintained chapter web pages (pre-wiki).
  • "Member-at-Large" of the Chicago and Madison Local Chapters.
  • Founder and former chapter leader of the mailing list-only Milwaukee Local Chapter.

Non-OWASP Involvement



  • CISM - Certified Information Security Manager
  • CISA - Certified Information Systems Auditor
  • CRMA - Certified in Risk Management Assurance
  • GSNA - GIAC-certified Systems and Network Auditor
  • GCFA - GIAC Certified Forensic Analyst
  • CCSK - Certified in Cloud Security Knowledge
  • CEH - Certified Ethical Hacker
  • CHS - Certified in Homeland Security (Level III)
  • ITIL v3 Foundation Certified

Education & Training

  • Capitol College (8/2012 - 6/2014)
    • Master's degree in Information Assurance
  • MISTI/ISACA - Auditing & Securing Cloud-Based Services (1/2011)
  • ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
  • PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
  • SANS – Computer Forensics, Investigation, and Response (4/2008)
  • Entellus Technology Group – SAP ERP Basis Auditing & Security Risks (12/2007)
  • SAP America – Virsa Compliance Calibrator Training (10/2006)
  • IIA/Deloitte – SAP ERP Technical Audit (8/2006)
  • SPI Dynamics – Web Application Security Assessment with WebInspect (11/2005)
  • SANS – Hacker Techniques, Exploits and Incident Handling (10/2005)
  • Infosec Institute – Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
  • EC-Council/Mile2 – Certified Ethical Hacker Training (7/2004)
  • Foundstone – Ultimate Web Hacking (9/2003)
  • Siegeworks – Advanced AppAuditor Training (12/2002)
  • SANS – Auditing Networks, Perimeters, and Systems (4/2002)
  • Sanctum – AppScan AppAuditor Training (5/2001)
  • Bank One University (1/2001 – 1/2005)
    • Numerous business/management courses including Planning and Executing Projects, Understanding Personality Styles, Incident Management, Presentation Skills, SMART Goals, and Using the Gallup Q12
  • National Cryptologic School (1/1997 – 1/2001)
    • Over 45 classified & unclassified courses including Information Systems Security Engineering, Technical Writing & Documentation, Encryption Key Management, Operational Information Systems Security, Computer Network Exploitation, and Operations Security
  • Naval Technical Training Center Detachment/Naval Center for Information Dominance Detachment at Goodfellow AFB (7/1996 - 12/1996)
    • Course X3ABR1N333A 011/014 (classified)
  • Naval Security Group Detachment/Naval Center for Information Dominance Detachment at Presidio of Monterey (4/1995 - 7/1996)
    • Course A-232-0021 (classified)
  • University of Missouri-Rolla (8/1990 - 12/1994)
    • Bachelor's degrees in Psychology and Philosophy; minors in Computer Science, History and French

Miscellany xing.png