Since the 1990s, Matthew J. Harmon has been a dedicated technologist with a passion for building resilient infrastructure and imparting knowledge to the next generation of technology enthusiasts. His expertise encompasses offensive and defensive cybersecurity, as well as UNIX-like systems including Linux, FreeBSD, OpenBSD, and HardenedBSD. Over the years, he has also shared his insights on cybersecurity through various publications, interviews with local news stations, and presentations in public forums.
Early in his career, Matthew was actively involved in international standards development, serving as a liaison from ANSI to both ISO and the ITU. His contributions spanned multiple technical committees, including ISO JTC 1 / SC 27 (Sub Committee on IT Security), SC 31 / WG 7 (Automatic Identification & Data Collection, Working Group on Security), and Technical Committees 122 and 247 for Fraud Countermeasures and Controls, as well as Technical Group 7 Security for Item Management. His work in these roles was instrumental in shaping global security standards.
Matthew's contributions to the field of cybersecurity are notable. He played a key role in the development of ISO/IEC 24791-6, which focuses on software system infrastructure security. He also contributed to AIM Global's RFID Experts Group, working on guidelines for data access security, and was involved in the creation of ISO/IEC TR24729-4, providing implementation guidelines for tag data security in radio frequency identification for item management. Additionally, he contributed to ISO/IEC 21450 and IEEE 1451 standards, which define smart transducer interfaces for sensors and actuators, ensuring common functions, communication protocols, and Transducer Electronic Data Sheet (TEDS) format.
Throughout his career, Matthew has earned several certifications that reflect his deep knowledge and expertise in cybersecurity. These include the GIAC Security Essentials (GSEC), GIAC Incident Handler (GCIH), GIAC Intrusion Analyst (GCIA), and the (ISC)2 Certified Information Systems Security Professional (CISSP). He is also an Aviatrix Certified Engineer (ACE) Multi-Cloud Networking Associate, has held a Gaming Commission Class E License, and is a National Weather Service Certified Storm Spotter.
Matthew has also completed additional training, such as SANS MGT 414 (SANS+S Training Program for CISSP Certification) and SANS SEC 440 (20 Critical Security Controls). He has taken part in ANSI's "Delegate to Diplomat: Representing the United States in International Activities" program and served as a volunteer for the Hennepin County Medical Reserve Corps (MRC).
Social Media Links
Email: social@mjh.email
Mastodon: m@social.threata.gent
Projects
- ModifiedJulian.Date - The Modified Julian Date.
- zine.mismi.net - An online zine.
- Applied Linux.net - Introduction to my Applied Linux manuscript including audio narration.
- DotDotSlash.ing - Meme's (some PG-13) related to everyones favorite vulnerability, directory / path traversal.
Publications
In chronological order:
- M.J. Harmon, et. al.: Dittrich, 2001 SSH CRC32 Vulnerability CVE-2001-0144, Snort Signature 1324
- M.J. Harmon, N.E. Shawver: ISO Focus+, April 2010 Plugging Security Gaps
- M.J. Harmon: CSO Outlook, June 2015: Taking Control of IT Ops with Critical Security Controls
- M.J. Harmon, et al.: Mpls / St. Paul Business Journal, October 2017: Cyber Security Experts Panel
Presentations
| Year | Event | Topic |
|---|---|---|
| 2010 | ISO Focus+ | Plugging Security Gaps |
| 2011 | MN Criminal Investigators | Incident Handling and Forensics Techniques |
| 2011 | MN Gov Tech Symposium | Why take the risk? |
| 2012 | MN Council Non Profits | Security on a Shoestring Budget |
| 2012 | (ISC)2 Twin Cities | Java Exploits Offense and Defense |
| 2013 | (ISC)2 Twin Cities | DDoS Survival |
| 2014 | WCCO TV | Security B-Sides MSP 2014 |
| 2014 | Tech Republic Tech Pro | Risk Assessments |
| 2014 | Saint Paul College ACM | CyberSecurity Workshop |
| 2015 | SANS @ Night | Threat Intelligence |
| 2015 | KSTP TV | Television report on ATM Skimming |
| 2015 | DataCenter Dynamics | DDoS Attacks |
| 2015 | Tech Republic Tech Pro | Penetration Testing |
| 2015 | Palo Alto FUEL User Group | State of Cyber Security |
| 2015 | CSO Outlook June Issue | Taking Control of IT Ops |
| 2016-2018 | KSTP TV | Noodles & Company Breach Coverage |
| 2015 | Cyber Security Summit | Cyber Security Summit Presentation |