Matthew J. Harmon

Cyber security researcher · Standards contributor · SANS instructor · 30 years

social@mjh.email Signal: mjh.42 ORCID Resume

Offensive and defensive security since the 1990s. Designs and hardens UNIX-like environments. Teaches teams to hunt intrusions and recover from incidents. ANSI liaison to ISO and ITU on security standards. Translates emerging threats into actionable playbooks through speaking, publications, and mentoring.

Standards

ISO/IEC 24791-6 software system infrastructure security
AIM Global RFID Experts Group data access security guidance
ISO/IEC TR 24729-4 RFID tag data security implementation guide
ISO/IEC 21450 and IEEE 1451 smart transducer standards
GCVE-BCP-02 vulnerability handling and disclosure (co-author)

Credentials

Certifications

GSEC, GCIH, GCIA (GIAC)
(ISC)² CISSP
Aviatrix ACE Multi-Cloud
Other
Gaming Commission Class E
NWS Storm Spotter

Training

SANS MGT 414, SEC 440
ANSI "Delegate to Diplomat"
Hennepin County MRC

Teaching and community

SANS Instructor, SEC 401/464/504 (2008 to 2020)
CSCI 2461/2462 offensive/defensive (2018 to 2020)
Weekly practitioner mentoring since 2020

Lead Organizer, B-Sides MSP (2013 to 2017)
Founder, (ISC)² Twin Cities (2012 to 2014)
Founders Award, MN Cyber Security Summit
CERT and MN MRC (2018 to 2024)

Projects

CMFWYP.com TX String Can Seasonal Cipher Toilet Duck DotDotSlash.ing ModifiedJulian.Date WX.MJD

Publications

2001SSH CRC32 CVE-2001-0144, joint analysis with Dittrich. Write-up, Snort 1324.

2010"Plugging Security Gaps," ISO Focus+. Read.

2015"Taking Control with Critical Security Controls," CSO Outlook. Read.

2017"Cyber Security Experts Panel," MSPBJ. Read.

2025GCVE-BCP-02 vulnerability handling and disclosure (co-author).

Presentations

Plugging Security GapsISO Focus+, 2010

Incident Handling and ForensicsMN Criminal Investigators, 2011

Why Take the Risk?MN Gov Tech Symposium, 2011

Security on a Shoestring BudgetMN Council of Nonprofits, 2012

Java Exploits: Offense and Defense(ISC)2 Twin Cities, 2012

DDoS Survival(ISC)2 Twin Cities, 2013

Cyber Security WorkshopSaint Paul College ACM, 2014

Threat Intelligence Neighborhood WatchSANS @ Night, 2015

State of Cyber SecurityPalo Alto FUEL, 2015

Media coverage (ATM skimming, breach response)KSTP, WCCO, TechRepublic, 2014 to 2018

2026 Matthew J. Harmon · matthewjharmon.com · mjharmon.com · mjh.bio · thetrailingdot.com · kmsp42.com · registrar.earth · fms.sh · zine.mismi.net