About Me
As a technologist since the ’90s, I have a strong track history of building resilient infrastructure and teaching the next generation about technology. I teach offensive and defensive cyber security and UNIX-like systems including; Linux, FreeBSD, OpenBSD, and HardenedBSD. Additionally, I publish about cyber security, give interviews to local news stations, and present my research in public forums.
Early on in my career, I was active as an international standards developer, functioning as a liaison from ANSI to ISO and the ITU.
- ISO JTC 1 / SC 27 (Sub Committee on IT Security),
- SC 31 / WG 7 (Automatic Identification & Data Collection, Working Group on Security),
- Technical Committee’s 122 and 247 for Fraud countermeasures and Controls,
- Technical Group 7 Security for Item Management.
Contributor
- Contributor to ISO/IEC 24791-6, SC 31, Software system infrastructure – Part 6: Security
- Contributor to AIM Global, RFID Experts Group, REG 352 RFID — Guidelines on data access security
- Contributor to ISO/IEC TR24729-4, Information technology – Radio frequency identification for item management – Implementation guidelines – Part 4: Tag data security
- Contributor to ISO/IEC 21450-{1,2,4} IEEE 1451.{1,2,4}, Information technology — Smart transducer interface for sensors and actuators — Common functions, communication protocols, and Transducer Electronic Data Sheet (TEDS) format
Certifications and Licenses
- GIAC Security Essentials (GSEC #19748)
- GIAC Incident Handler (GCIH #20483)
- GIAC Intrusion Analyst (GCIA #9570)
- (ISC)2 Certified Information Systems Security Professional (CISSP #333906)
- Aviatrix Certified Engineer (ACE) Multi-Cloud Networking Associate (ACE #2021-10689)
- Gaming Commission Class E License (2015)
- National Weather Service Certified Storm Spotter (2022)
Additional Training
- SANS MGT 414, SANS+S Training Program for CISSP Certification
- SANS SEC 440, 20 Critical Security Controls
- ANSI #248 “Delegate to Diplomat: Representing the United States in International Activities”
- Hennepin County MRC (Medical Reserve Corps) Volunteer
Publications
In chronological order:
- M.J. Harmon, et. al.: Dittrich, 2001 SSH CRC32 Vulnerability CVE-2001-0144, Snort Signature 1324
- M.J. Harmon, N.E. Shawver: ISO Focus+, April 2010 Plugging Security Gaps
- M.J. Harmon: CSO Outlook, June 2015: Taking Control of IT Ops with Critical Security Controls
- M.J. Harmon, et al.: Mpls / St. Paul Business Journal, October 2017: Cyber Security Experts Panel
Presentations
Events, interviews, presentations:
| Year | Event | Topic |
|---|---|---|
| 2010 | ISO Focus+ | Plugging Security Gaps |
| 2011 | MN Criminal Investigators | Incident Handling and Forensics Techniques |
| 2011 | MN Gov Tech Symposium | Why take the risk? |
| 2012 | MN Council Non Profits | Security on a Shoestring Budget |
| 2012 | (ISC)2 Twin Cities | Java Exploits Offense and Defense |
| 2013 | (ISC)2 Twin Cities | DDoS Survival |
| 2014 | WCCO TV | Security B-Sides MSP 2014 |
| 2014 | Tech Republic Tech Pro | Risk Assessments |
| 2014 | Saint Paul College ACM | CyberSecurity Workshop |
| 2015 | SANS @ Night | Threat Intelligence |
| 2015 | KSTP TV | Television report on ATM Skimming |
| 2015 | DataCenter Dynamics | DDoS Attacks |
| 2015 | Tech Republic Tech Pro | Penetration Testing |
| 2015 | Palo Alto FUEL User Group | State of Cyber Security |
| 2015 | CSO Outlook June Issue | Taking Control of IT Ops |
| 2016-2018 | KSTP TV | Noodles & Company Breach Coverage |
| 2015 | Cyber Security Summit | Threat Intelligence 101 |
| 2017 | SANS @ Night | Hands on Cyber Security: Internet of Everything |
| 2018 | SANS @ Night | Cyber Ranges (with Script) |
| 2017-2018 | Saint Paul College | CSCI 2461 (Linux), CSCI 2482 (Incident Handling) |
| 2022 | Cauda Equina Syndrome | Cauda Equina Syndrome Survival to Recovery |
| 2022- | Everything is a File | "Everything is a File" course on BSD, Linux, and Cloud Incident Response |
| 2023- | Linux & BSD SecOps | "Linux and BSD Security Operations" TBD |