Mr. Barlow has over thirty-five years of experience in network architecture, network architecture gap identification & remediation, assessment of financially sensitive information, and information security consulting. Since joining NST in 2009, Mr. Barlow has participated in a variety of NERC CIP engagements, including performing gap analyses; mock audits; development of policies, programs, procedures, and forms for organizations with facilities of all impact ratings; development of RSAW narratives; and assistance in compiling and packaging materials to support the data requests in NERC’s ERT. Mr. Barlow co-developed and delivers a series of training modules, including a general overview of the CIP Standards, more in-depth review of all CIP Standards, considerations when writing RSAW narratives and completing the ERT, and soft-skill training class to prepare SMEs for the rigors of an actual on-site audit. Mr. Barlow has served as a temporary member of a Regional Entity NERC CIP Audit Team as well as represented NERC as an observer on CIP audits.
Mr. Barlow has extensive experience with other information security standards. He has assisted a large utility in managing the Cyber Security Policy for its multi-faceted Smart Grid deployment, including performing risk assessments of those efforts against NIST SP 800-30, as well as lead the development of an IT incident response playbook addressing operational and cybersecurity events. Mr. Barlow developed a body of compliance documentation addressing both NERC CIP V5 and FERC Division of Dam Safety and Inspection, Version 3A. Mr. Barlow has also performed several gap assessments and requirements mappings of the body of information security documents using other frameworks, such as ISO 27002:2022, NIST Special Publication 800-53 Release 5, and the NIST Cybersecurity Framework V1.1. Recently, Mr. Barlow has been advising clients on the requirements in the TSA’s Security Directives.
Prior to N&ST, Mr. Barlow worked for a succession of companies that were acquired by Verizon Business. Mr. Barlow specialized in assessing organizations in various industries for compliance with the ISO 17799 / 27001 Standard. He also assessed adherence to the criteria articulated by the card associations, called the Payment Card Industry Data Security Standard (PCI DSS). In 2006, Mr. Barlow conducted the first assessment, developed by BITS, for determining the state of security at partners trusted with sensitive information from financial institutions. As a specialist, he not only continued to perform similar assessments, but was also an active member of a committee for two years that worked to further expand the assessment methodology.
Prior to Verizon Business, Mr. Barlow worked for Bolt, Beranek, and Newman (BBN) / GTE Cybertrust / Baltimore Technologies in a network architecture group performing both gap analyses and remediation activities. In this role, Mr. Barlow worked with both ISPs and international organizations seeking to provide data services in areas where local telecommunications monopolies were being dismantled, traveling globally.
Starting in the mid-1980s, Mr. Barlow worked for ten years in the insurance industry, implementing and supporting data networks.
Mr. Barlow has a Bachelor of Arts degree from Tufts University and a Masters of Business Administration from Clark University.
