335 Bry Lynn Drive, West Melbourne, FL 32904-3811
321.544.3642 ∙ firstname.lastname@example.org ∙ www.harveynewstrom.com
(Resume updated 11/20/2012)
Harvey Newstrom is a Principal Security Architect specializing in helping CISOs develop and optimize their enterprise security programs within Fortune 500 corporations and Federal agencies to protect vital assets and improve ROI by increasing confidentiality, integrity and availability of IT resources.
Harvey Newstrom consults nationwide, mostly in Washington, DC (60%), and resides in Melbourne, FL (30%).
Consulted to DNI, CIA, NSA, DHS, NRO, FBI, US-CERT, GAO, OMB, NIST, DoD, DoE, DoJ, DoS, FAA, SEC, VA and Sandia Labs.
Created agency security architecture cited by OMB auditors as “the best” of any federal agency.
Authored research requisitioned by NIST for use in their SP 800-53 and SP 800-53A federal guidance.
Architected information security programs for dozens of Fortune 500 companies and federal agencies.
Authored hundreds of text books, security manuals, white-papers and reports for various clients.
Bachelor of Professional Studies in Business, Barry University, 3.692GPA (9/16/1989)
Associate of Science in Computer Science, Morris Junior College, 4.0GPA (6/29/1984)
Previous Dual Major in Computer Science / Science Education, Florida Institute of Technology (1/1980-3/1982)
Current Security Certifications
CISSP – (ICS)2 Certified Information Systems Security Professional (#26730 11/16/2001)
CISSP-ISSAP – (ICS)2 Information Systems Security Management Professional (#26730 8/31/2004)
CISSP-ISSMP – (ICS)2 Information Systems Security Architecture Professional (#26730 9/7/2004)
CSSLP – (ICS)2 Certified Secure Software Lifecycle Professional (#26730 4/8/2009)
CISA – ISACA Certified Information Systems Auditor (#0332168 9/16/2003)
CISM – ISACA Certified Information Security Manager (#0300730 5/29/2003)
CRISC – ISACA Certified in Risk and Information Systems Control (#1000261 6/22/2010)
CGEIT – ISACA Certified in the Governance of Enterprise IT (#801400 12/11/2008)
IAM – National Security Agency InfoSec Assessment Methodology (10/16/2002)
Specialized Security Training
DNI DCID 6/3 – Director of National Intelligence Special Security Center DCID 6/3 Training (4/5/2006)
Federal CSAM – Dept. of Justice Cyber Security Assessment and Management Training (3/30/2010)
EnCase – Guidance Software EnCase Forensics Training (5/22/2009)
NetForensics – NetForensics SIM-One Training (5/29/2008)
SANS GSEC – SANS GIAC Security Essentials Certification (9/2002, 10/2004, 10/2006, expired 10/2008)
CIFI – IISFA Certified Information Forensics Investigator (#115 4/12/2005)
IBM Certified – IBM Certified Professional consulting in Security and Privacy Services (10/1/1999)
Specialized Executive Training
IBM PM – IBM Project Manager Training (2/2000)
Harris Executive – Situational Leadership Training (9/1989)
Harris PM – Team Leadership Training (714/1989)
CMMI Level 3 – Capability Maturity Model Integration training and team lead experience (5/12/2006)
Active Security Clearances
TS/SCI – Top Secret / Sensitive Compartmentalized Information (renewed 2/15/2012)
TS – Top Secret (renewed 2/15/2012)
S – Secret (renewed 8/5/2005)
SSBI – Single Scope Background Investigation (renewed 2/8/2012)
NACLC – National Agency Check with Law and Credit Check (renewed 10/1/2011)
Principal Security Architect, Science Applications International Corporation, Lanham, MD (4/2004 – present)
Managed team of 8 security engineers to design, develop, and implement agency security programs.
Designed programs for architecture, management, training, certification and accreditation (C&A), assessment and authorization (A&A), continuous monitoring, engineering, incident handling, and risk management.
Authored security architectures, program plans, policies, procedures, standards, requirements, security technical implementation guides (STIGs), system security plans (SSPs), security test and evaluation (ST&E) plans, security assessment reports (SARs), and plan of action and milestones (POA&Ms).
Lead FISMA compliance audits, federal investigations, forensics, incident response, and remediation.
Consulted to DNI, CIA, NSA, DHS, FBI, US-CERT, GAO, OMB, NIST, DoE, DoJ, DoS, FAA, SEC, USPTO, VA, and Sandia Labs.
Principal Security Consultant, Newstaff Incorporated, Oklahoma City, OK (1/2001 – 04/2004)
Returned to Newstaff to establish Oklahoma City branch office and expand customer base into western U.S.
Signed first contract, a corporate security program development initiative for Fleming Companies, Inc.
Designed security for K-mart’s national shipping distribution network and partner network interoperability.
Helped Cox Networks expands its home cable network into corporate business network service offerings.
Developed security upgrade proposals for Mayo Clinic at its Arizona, Minnesota, and Florida campuses.
Also consulted to IBM, Deloitte & Touche, Hillsborough County, Sykes, Ultimate Software, and TEKsystems.
Director of Security Testing, Fiderus Strategic Security and Privacy Services, Cary, NC (8/2000 – 12/2000)
Established the security consulting practice of “ethical hackers” for this $75 million startup.
Lead Security Testing Division to win the company’s first revenue and the highest profits for the quarter.
Developed intellectual capital for consulting methods for security testing, penetration testing, and auditing.
Trained consultants in all divisions, established beta-test lab, and helped company structurally reorganize.
Delivered fully-functioning and profitable division with established customer base in first quarter of operation.
Consulted to EBS, E-cognito.
Lead Security Consultant, IBM Security and Privacy Services, Orlando, FL (7/1998 – 8/2000)
Hired directly to IBM’s newly launched consulting practice for which I consulted as a contractor via Newstaff.
Co-invented patent-pending intellectual capital for practice with other IBM researchers on first assignment.
Achieved the highest volume of consultant sales within IBM Security and Privacy practice during first year.
Authored courses on secure software development and trained this and other IBM groups.
Audited JPMorgan, Chase, Bank of America, FirstUSA, ADP, Credit Suisse, States of Delaware and Iowa.
Developed security for Olympics, EBS, Staples, AllState, Lear, Michelin, Anthem, Reliant Energy, and USDA.
Lead Security Consultant, Newstaff Incorporated, Melbourne, FL (1/1995 – 7/1998)
Cofounded Newstaff to provide security consulting services to Fortune 500 companies and federal agencies.
Signed the first contract, which was a network security investigation for IBM involving hundreds of servers.
Discovered security vulnerability design flaw in IBM’s NetBIOS protocol, and helped develop patch fix.
Designed network security for splitting up Boca Raton site into five smaller sites in South Florida.
Automated network monitoring, intrusion detection, and security alerts for IBM South Florida networks.
Participated in proof-of-concepts proposing launch of IBM Security and Privacy Services consulting practice.
Also consulted to IBM clients, Advantis, AT&T, Philips, Ryder, CGI Systems, and Computer Horizons.
Information Security Engineer, Harris Corporation, Palm Bay, FL (1/1985 – 12/1994)
Served as Programmer (1/1985), Engineer Specialist (9/1987), Senior Engineer Specialist (12/1989), Lead Engineer (9/1991).
Appointed first Information System Security Officer (ISSO) for Metronet Network, the corporate network.
Authored security policies, procedures, manuals, briefings, requirements, designs, and evaluations.
Lead teams for security R&D, classified projects, product development, investigations, beta-test, and C&A.
Established and lead committees for design review, change control, risk review, and steering committees.
Developed system software and tools for security testing, monitoring, reporting, analysis, and communication.
Beta-tested network security for Harris H-series, B1 Secure Unix, Nighthawk Firewall, and Ada Compiler.
CEO Award from John T. Hartley for Network Security Awareness Team (8/26/1992).
CEO Award from John T. Hartley for Washington Operations Network Security Project (1/21/1994).
Director Award from Don Adee for Network Disaster Preparedness Review Team (10/5/1993).
Director Award from Don Adee for Production Network Revitalization Team (10/29/1992).