Cyber Security Researcher · Standards Advocate · Educator

Matthew J. Harmon

Thirty years building resilient infrastructure, contributing to global security standards, and teaching teams to defend what matters.

Download Résumé Proof-of-work gated

Contact

Email: social@mjh.email
Signal: mjh.42
ORCID: 0000-0003-1632-8927

Writing: thetrailingdot.com
Courses: t34ch.tech
Code: codeberg.org/matthewjharmon
Training: kmsp42.com
Registry: registrar.earth
FMS: fms.sh
Zine: zine.mismi.net

Profile

Security practitioner since the dial-up era

Hands-on with offensive and defensive cyber security since the 1990s. Matthew has designed and hardened UNIX-like environments—Linux, FreeBSD, OpenBSD, HardenedBSD—while teaching teams to interpret threat intelligence, hunt intrusions, and recover from incidents.

He shares his perspective through public speaking, publications, and written guidance that translate emerging threats into actionable playbooks.

Areas of Focus

Offense & Defense

Bridges red-team insights with blue-team readiness to shorten detection and response cycles.

Infrastructure Resilience

Designs secure-by-default network and cloud topologies, stress-tested against modern adversaries.

Security Education

Develops courses, workshops, and mentoring programs that raise the bar for practitioners.

Global Standards & Advisory Work

Shaping international security guidance

Matthew represented ANSI as liaison to ISO and the ITU, contributing to foundational security standards within ISO JTC 1 / SC 27, SC 31 / WG 7, and technical committees focused on fraud countermeasures and secure item management.

His work helped establish baseline expectations for radio-frequency identification security, software infrastructure protections, and smart transducer interfaces (ISO/IEC 21450, IEEE 1451).

ISO/IEC 24791-6 software system infrastructure security
AIM Global RFID Experts Group data access security guidance
ISO/IEC TR 24729-4 RFID tag data security implementation guide
Contributor to ISO/IEC 21450 & IEEE 1451 smart transducer standards
Co-author, GCVE-BCP-02 Practical Guide to Vulnerability Handling & Disclosure

Credentials & Training

Certifications that reinforce proven experience

Certifications

GIAC Security Essentials (GSEC)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Intrusion Analyst (GCIA)
(ISC)² CISSP
Aviatrix Certified Engineer (ACE) Multi-Cloud Networking Associate
Other Licenses
Gaming Commission Class E License
National Weather Service Certified Storm Spotter

Selected Training & Service

SANS MGT 414 · CISSP prep
SANS SEC 440 · 20 Critical Security Controls
ANSI "Delegate to Diplomat" program
Hennepin County Medical Reserve Corps volunteer

Community & Teaching

Building the next generation of practitioners

Teaching

SANS Instructor — SEC 401 (GSEC), 464, 504 (GCIH), 2008–2020
Primary Instructor, CSCI 2461 & 2462 — offensive/defensive security and Linux, 2018–2020
Weekly mentoring sessions for emerging practitioners since 2020

Community Leadership

Lead Organizer, Security B-Sides MSP (2013–2017) — multi-year community conference with The Nerdery and Target Corporation
Founder & President, (ISC)² Twin Cities Chapter (2012–2014)
Founders Award, Minnesota Cyber Security Summit
Minneapolis CERT and MN Medical Reserve Corps volunteer (2018–2024)

Selected Projects

Tools and resources for practitioners

ModifiedJulian.Date — Precise Modified Julian Date reference with clean visual context.
CMFWYP.com — Live IP telemetry paired with Shodan and VirusTotal for instant situational awareness.
Applied Linux Audiobook Edition — Hosted audiobook with synced manuscript and audio chapters.
DotDotSlash.ing — A lighter look at path traversal mishaps—memes, cautionary tales, and teachable moments.
TX (TAR Extended) — Hybrid-signed archives with Reed–Solomon repair, resumable workspaces, and selective restore.
Snowflakes Specification Library — SF128 snowflake variants with live encoder/decoder for telemetry pipelines and deduplicated log IDs.
String Can — Experimental P2P messenger with post-quantum key negotiation, proof-of-work gatekeeping, and defensive telemetry.
Seasonal Cipher — Quarterly-rotating substitution cipher for teaching key agility, shared secrets, and audit trails.
Toilet Duck — Field toolkit for sanitizing compromised systems—checklists, detection scripts, and recovery notes from real-world IR.

Publications

Research and commentary

2001

SSH CRC32 Vulnerability CVE-2001-0144 — joint analysis with Dittrich; see archived write-up and Snort Signature 1324.
2010

"Plugging Security Gaps," ISO Focus+ — co-authored guidance on closing RFID security exposures. Read article.
2015

"Taking Control of IT Ops with Critical Security Controls," CSO Outlook — a pragmatic checklist for mid-market teams. Read article.
2017

"Cyber Security Experts Panel," Minneapolis/St. Paul Business Journal — perspectives on prioritising investments amid rapid change. Read panel recap.
2025

Co-author of GCVE-BCP-02 Practical Guide to Vulnerability Handling and Disclosure — actionable guidance for Global CVE Allocation stakeholders on coordinated vulnerability response.

Presentations & Media

Selected talks, interviews, and workshops

Plugging Security Gaps ISO Focus+ · 2010
Incident Handling & Forensics MN Criminal Investigators · 2011
Why Take the Risk? MN Gov Tech Symposium · 2011
Security on a Shoestring Budget MN Council of Nonprofits · 2012
Java Exploits: Offense & Defense (ISC)² Twin Cities · 2012
DDoS Survival (ISC)² Twin Cities · 2013
Cyber Security Workshop Saint Paul College ACM · 2014
TechRepublic Tech Pro 2014–2015 Interviews on risk assessments, penetration testing, and defensive strategy.
Threat Intelligence Neighborhood Watch SANS @ Night · 2015
State of Cyber Security Palo Alto FUEL · 2015
DataCenter Dynamics 2015 DDoS mitigation strategies for critical workloads.
Media Coverage — ATM skimming, breach response, Noodles & Company KSTP, WCCO, TechRepublic · 2014–2018