Matthew J. Harmon

Cyber Security Researcher

avatar
Matthew J. Harmon

Since the 1990s, Matthew J. Harmon has been a dedicated technologist with a passion for building resilient infrastructure and imparting knowledge to the next generation of technology enthusiasts. His expertise encompasses offensive and defensive cybersecurity, as well as UNIX-like systems including Linux, FreeBSD, OpenBSD, and HardenedBSD. Over the years, he has also shared his insights on cybersecurity through various publications, interviews with local news stations, and presentations in public forums.

Early in his career, Matthew was actively involved in international standards development, serving as a liaison from ANSI to both ISO and the ITU. His contributions spanned multiple technical committees, including ISO JTC 1 / SC 27 (Sub Committee on IT Security), SC 31 / WG 7 (Automatic Identification & Data Collection, Working Group on Security), and Technical Committees 122 and 247 for Fraud Countermeasures and Controls, as well as Technical Group 7 Security for Item Management. His work in these roles was instrumental in shaping global security standards.

Matthew's contributions to the field of cybersecurity are notable. He played a key role in the development of ISO/IEC 24791-6, which focuses on software system infrastructure security. He also contributed to AIM Global's RFID Experts Group, working on guidelines for data access security, and was involved in the creation of ISO/IEC TR24729-4, providing implementation guidelines for tag data security in radio frequency identification for item management. Additionally, he contributed to ISO/IEC 21450 and IEEE 1451 standards, which define smart transducer interfaces for sensors and actuators, ensuring common functions, communication protocols, and Transducer Electronic Data Sheet (TEDS) format.

Throughout his career, Matthew has earned several certifications that reflect his deep knowledge and expertise in cybersecurity. These include the GIAC Security Essentials (GSEC), GIAC Incident Handler (GCIH), GIAC Intrusion Analyst (GCIA), and the (ISC)2 Certified Information Systems Security Professional (CISSP). He is also an Aviatrix Certified Engineer (ACE) Multi-Cloud Networking Associate, has held a Gaming Commission Class E License, and is a National Weather Service Certified Storm Spotter.

Matthew has also completed additional training, such as SANS MGT 414 (SANS+S Training Program for CISSP Certification) and SANS SEC 440 (20 Critical Security Controls). He has taken part in ANSI's "Delegate to Diplomat: Representing the United States in International Activities" program and served as a volunteer for the Hennepin County Medical Reserve Corps (MRC).

Social Media Links

Projects

Publications

In chronological order:

  1. M.J. Harmon, et. al.: Dittrich, 2001 SSH CRC32 Vulnerability CVE-2001-0144, Snort Signature 1324
  2. M.J. Harmon, N.E. Shawver: ISO Focus+, April 2010 Plugging Security Gaps
  3. M.J. Harmon: CSO Outlook, June 2015: Taking Control of IT Ops with Critical Security Controls
  4. M.J. Harmon, et al.: Mpls / St. Paul Business Journal, October 2017: Cyber Security Experts Panel

Presentations

Year Event Topic
2010 ISO Focus+ Plugging Security Gaps
2011 MN Criminal Investigators Incident Handling and Forensics Techniques
2011 MN Gov Tech Symposium Why take the risk?
2012 MN Council Non Profits Security on a Shoestring Budget
2012 (ISC)2 Twin Cities Java Exploits Offense and Defense
2013 (ISC)2 Twin Cities DDoS Survival
2014 WCCO TV Security B-Sides MSP 2014
2014 Tech Republic Tech Pro Risk Assessments
2014 Saint Paul College ACM CyberSecurity Workshop
2015 SANS @ Night Threat Intelligence
2015 KSTP TV Television report on ATM Skimming
2015 DataCenter Dynamics DDoS Attacks
2015 Tech Republic Tech Pro Penetration Testing
2015 Palo Alto FUEL User Group State of Cyber Security
2015 CSO Outlook June Issue Taking Control of IT Ops
2016-2018 KSTP TV Noodles & Company Breach Coverage
2015 Cyber Security Summit Cyber Security Summit Presentation