Craig BarlowSenior Security Consultant
Mr. Barlow has 30 years of experience in network architecture, network architecture gap identification and remediation, assessment of financially sensitive information, and information security consulting. Since joining N&ST in 2009, Mr. Barlow has participated in a variety of CIP engagements, including performing gap analyses, mock audits, Cyber Vulnerability Assessments (CVAs), and development of needed policies, programs, procedures, and forms, including for low impact facilities. In his role as a trainer, Mr. Barlow co-developed and regularly delivers a soft-skill training class to prepare SMEs for the rigors of an actual on-site audit. Mr. Barlow has also spent time in Abu Dhabi, assessing and protecting critical infrastructure for a key government agency. Mr. Barlow has served as a member of a Regional Entity NERC CIP Audit team that assessed compliance of entities as well as representing NERC as an observer on other audits. Mr. Barlow has assisted a large utility in managing the Cyber Security Policy for its multi-faceted Smart Grid deployment, worked to track adherence to its Policy, and developed reports for inclusion in quarterly reporting to the DoE.
Prior to N&ST, Mr. Barlow worked for a succession of companies that were acquired by Verizon Business. Mr. Barlow specialized in assessing organizations in various industries for compliance with the ISO 17799 / 27001 standard. He also assessed adherence to the criteria articulated by the card associations, called the Payment Card Industry Data Security Standard (PCI DSS). In 2006, Mr. Barlow conducted the first assessment, developed by BITS, for determining the state of security at partners trusted with sensitive information from financial institutions. As a specialist, he not only continued to perform similar assessments, but was also an active member of a committee for two years that worked to further expand the assessment methodology.
Prior to Verizon, Mr. Barlow worked for Bolt, Beranek, and Newman (BBN) / GTE Cybertrust / Baltimore Technologies in a network architecture group performing both gap analyses and remediation activities. In this role, Mr. Barlow worked with both ISPs and international organizations seeking to provide data services in areas where local telecommunications monopolies were being dismantled, traveling globally.
Starting in the mid-1980s, Mr. Barlow worked for ten years in the insurance industry, implementing and supporting data networks, including the installation of the company’s first local area network.
Mr. Barlow has a Bachelor of Arts degree from Tufts University and a Masters of Business Administration from Clark University. He is a Certified Information Systems Security Professional (CISSP).