Craig Barlow, Senior Security Consultant

Home » Team » Craig Barlow

Mr. Barlow has more than twenty years of industry experience in network architecture and information security. For seven years, he worked for a series of companies, ultimately purchased by Verizon Business, conducting various types of assessments. Mr. Barlow specializes in assessing organizations for compliance with the ISO 17799 / 27001 security model. For the past four years, Mr. Barlow has assessed organizations for adherence to the criteria articulated by the card associations (Visa, MasterCard, American Express, Discover, and JCB)), currently called the Payment Card Industry Data Security Standard (PCI DSS). BITS has developed an assessment methodology for determining the state of security at partners trusted with sensitive information from financial institutions. Mr. Barlow conducted the first such assessment in 2006. He continues to perform these assessments as well as sit on committees that further development the assessment methodology.

Prior to that experience, Mr. Barlow worked for Bolt, Beranek, and Newman (BBN) / GTE Cybertrust / Baltimore Technologies in a network architecture group performing both gap analyses and remediation plans to address those gaps. While in this department, Mr. Barlow worked with both ISPs and overseas organizations interested in offering data services in environments where the local telecommunications monopoly was being dismantled, traveling to North America, the Caribbean, Middle East, and Far East to work with clients there were relevant and practical to the local markets.

Starting in the mid-1980s, Mr. Barlow worked for ten years in the insurance industry, implementing and supporting data networks. He installed the first local area network in the company within a business unit, ultimately migrating to the corporate networking unit to support this technology company-wide.

Mr. Barlow received a Bachelor of Arts degree from Tufts University and a Masters of Business Administration from Clark University. He is both a Certified Information Systems Security Professional (CISSP) and an Heuristic Information Security Professional (HISP).

NEWS & EVENTS

January 2012 Customer Testimonial
"Anyone can come in and point to where the problem is, but N&ST was part of the team and worked just like we did. They were working consultants which is exactly what a small to medium size utility needs." - Responsible Entity in the SERC region

4/19/2012 - FERC approves Version 4 of the NERC CIP Standards
As many of you are aware, CIP Version 4 was on this morning’s agenda at FERC’s public meeting. This morning, FERC approved agenda item E-6 without comment. For your information, HERE is the item from FERC’s meeting summary.

February 2012 Customer Testimonial

"I have never seen our technical staff actually ask for the same consultants again and again!" - Responsible Entity in the SPP region

March 2012 Customer Testimonial
"N&ST never sat around waiting for us to tell them what to do and came to us when they had questions, but never overburdened us. We are looking forward to working with them again in the future!" - Responsible Entity in the ERCOT region