Craig Barlow

Senior Security Consultant

Mr. Barlow has thirty-five years of experience in network architecture, network architecture gap identification & remediation, assessment of financially sensitive information, and information security consulting. Since joining NST in 2009, Mr. Barlow has participated in a variety of CIP engagements, including performing gap analyses, mock audits, and development of needed policies, programs, procedures, and forms for organizations with facilities of all impact ratings.  Mr. Barlow co-developed and regularly delivers a soft-skill training class to prepare SMEs for the rigors of an actual on-site audit. Mr. Barlow has served as a member of a Regional Entity NERC CIP Audit team that assessed compliance of entities as well as representing NERC as an observer on other audits.

Mr. Barlow has assisted a large utility in managing the Cyber Security Policy for its multi-faceted Smart Grid deployment, including performing risk assessments of those efforts against NIST SP 800-30. Mr. Barlow developed a body of compliance documentation addressing both NERC CIP V5 and FERC Division of Dam Safety and Inspection, Version 3A. Mr. Barlow has also performed several gap assessments and requirements mapping of the body of information security documents using other frameworks, such as ISO 27001:2013, NIST SP 800-53 R4, and the NIST Cybersecurity Framework V1.1.

Earlier in Career 

Prior to NST, Mr. Barlow worked for a succession of companies that were acquired by Verizon Business. Mr. Barlow specialized in assessing organizations in various industries for compliance with the ISO 17799 / 27001 standard. He also assessed adherence to the criteria articulated by the card associations, called the Payment Card Industry Data Security Standard (PCI DSS). In 2006, Mr. Barlow conducted the first assessment, developed by BITS, for determining the state of security at partners trusted with sensitive information from financial institutions. As a specialist, he not only continued to perform similar assessments, but was also an active member of a committee for two years that worked to further expand the assessment methodology. 

Prior to Verizon, Mr. Barlow worked for Bolt, Beranek, and Newman (BBN) / GTE Cybertrust / Baltimore Technologies in a network architecture group performing both gap analyses and remediation activities. In this role, Mr. Barlow worked with both ISPs and international organizations seeking to provide data services in areas where local telecommunications monopolies were being dismantled, traveling globally. 

Starting in the mid-1980s, Mr. Barlow worked for ten years in the insurance industry, implementing and supporting data networks, including the installation of the company’s first local area network. 


Mr. Barlow has a Bachelor of Arts degree from Tufts University and a Masters of Business Administration from Clark University. He is a Certified Information Systems Security Professional (CISSP).