Harvey Newstrom NIST Security Compliance (Download in Word, PDF, text formats) - Credly.com/users/Harvey-Newstrom - LinkedIn.com/in/HarveyNewstrom - mail@HarveyNewstrom.com - HarveyNewstrom.com - Melbourne, FL, USA - 321-544-3642 - 1/1/2024 Credentials - NISTCoauthorships: NIST SP 800-53, 800-53A, 800-53B - ISC2 Security Certifications: CISSP, CSSLP, ISSAP, ISSMP - ISACA Compliance Certifications: CISA, CISM, CRISC, CGEIT - IBM Cloud Certifications: Architect, Security, Compliance - Education: BPS-Business, AS-CompSci Subject Matter Expertise Auditor, Assessor, Architect, ISSM 800-53 Security Controls 800-53A Control Assessments 800-53B Control Baselines CNSSI-1253 Classified 800-171, -171A, -172 Unclassified 800-18 System Security Plan 800-37 RMF System Life Cycle 800-30 Risk Assessment 800-39 Risk Management Federal Agenices - Intelligence Agencies: CIA, NSA, NRO, FBI, DNI - Defense Agencies: DHS, DoD, DISA, DCMA - Research Agencies: DARPA, DoE, SNL - Regulatory Agencies: NIST, NARA, GSA, OMB, GAO, SEC, DoT, FAA, FMCSA, EPA, USDA, USFS Experience NIST Security Compliance Auditor, IBM, Global Telework (8/2021 - present) - Compliance expert in FedRAMP/FISMA, ISO, SOC, HIPAA, PCI, NIST 800 series, ISO 27000 series, GDPR, etc. - Developing cost-effective security program, standards, requirements, policies, processes, procedures, audits. - Conducting regular audits on systems and host third-party audits for certifications and compliance certificates. - Providing security information, reporting, marketing, problem solving, solution architecting, and training. - Collaborating with security architects, technical teams, DevOps, auditors, and customers. Senior Principal Security Architect, SAIC, Global Telework (4/2004 - 7/2021) - Provided subject matter expertise in the design, implementation, and assessment of NIST compliant security. - Documented security programs, standards, requirements, policies, processes, procedures, assessments, audits. - Lead NARA development of first unified security architecture, cited as “best” federal architecture by OMB. - Assisted NIST integrating much of my security architecture work into NIST SP 800-53, 800-53A, and 800-53B. - Implemented security programs at USFS, IRS, EPA, DCMO, DHS, GSA, DOT, others based on NARA/NIST work. Principal Security Consultant, Newstaff, Nationwide Travel (9/2000 - 4/2004) - Rejoined consulting firm to help Fiderus establish security consulting practice, sign and fulfill first contract. - Helped IBM teams supporting Fleming, K-mart, and Cox Cable with nationwide network and security projects. Senior Security Consultant, IBM, Nationwide Travel (8/1998 - 8/2000) - Developed consulting assets, trained consultants, became top selling security and privacy consultant. Security Consultant, Newstaff, Florida Travel (7/1995 - 7/1998) - Cofounded consulting firm to provide network and security support services to IBM. - Helped IBM Investigate and resolve campus-wide system shutdowns originally thought to be hacker attacks. - Helped IBM design new South Florida secure network and transition legacy networks to new infrastructure. - Helped develop proof-of-concept infrastructure for new IBM Security and Privacy consulting practice. Lead Security Engineer, Harris, Melbourne, FL (1/1985 - 12/1994) - First Metronet ISSO, lead first corporate security program, lead beta test lab, helped develop security products.