Newstaff, Inc. Information Security Services Resume

Download as: .pdf .docx .doc .xml .xps .mcw .wps .rtf .txt

Profile

Harvey Newstrom is a principal security consultant with a history of helping Fortune-500 corporations and Federal Agencies leverage IT security to increase mission efficiency. He combines executive business savvy with technical know-how to produce solutions that are both realistic and effective. His diverse background with industry, military, and government gives him a broader insight than many security experts. He has authored several books, dozens of technical manuals, hundreds of white papers, and is a frequent public speaker.

Mr. Newstrom established security practices for Harris, AT&T, IBM, Fiderus, Newstaff and various government agencies. He has lead security teams from IBM, Ernst & Young, Deloitte & Touche, AT&T, Harris and Newstaff. He restructured security organizations at JPMorgan, Chase Manhattan, Reliant Energy, Bank of America, FirstUSA Bank, IBM, Ryder, Advantis, Fleming, Harris, and AT&T. He launched enterprise-wide security initiatives at Fleming, Pitney Bowes, Ryder, Staples, ADP, Bank of America, Credit Suisse First Boston, EBS, First USA, JP Morgan, Chase Manhattan, Anthem, AT&T, Apple Computer, Cisco, Harris, IBM, Lanier, Lotus, Philips Electronics, Tivoli, Florida Power & Light, and Reliant Energy. His has consulted for the CIA, DoD, DoJ, FBI, IRS, NARA, NASA, NRO, NSA, Pentagon, USDA and other federal agencies.

Credentials

Skills

Skills: Confidentiality, Integrity, Availability, Access Control, Awareness and Training, Audit and Accountability, Certification and Accreditation, Testing, Penetration Testing, Beta Testing, Compliance Testing, Vulnerability Scans, Ethical Hacking, Appraisal, Risk Assessment, Forensics, Investigations, Configuration Management, Security Maintenance, Contingency Planning, Strategy, Development, Design, Identification and Authentication, Architecture, Standards, Policies and Procedures, Implementation, Remediation, Firewalls, Intrusion Detection Systems, Incident Response, Media Protection, Physical Security, Environmental Security, Network Security, System Security, Personnel Security, Consulting, Public Speaking, Research and Development.

Industries: Fortune-500, Military, Government, International, e-Commerce, Consulting, Business, Education, Entertainment, Financial, Healthcare, Internet, Manufacturing, Non-Profit, Publishing, Technology, Utilities.

Standards: ACM, BS-7799, CBK, CC, CISA, CIA, CISM, CISSP, Clinger-Cohen, CMM, CMMI, COBIT, DCID 6/3, DITSCAP, DoD, DoD 5015.2-STD, DoJ, E-Government Act, EFF, FEA, FBI, FIPS, FISCAM, FISMA, GAO, GLBA, HIPAA, IAM, IBM, IEEE, INFOSEC, ISACA, (ISC)2, ISSAP, ISSMP, SSA, ISO-15489, ISO-9126, ISO-9000, ISO-17799, ISOO, ITRMA, ITSEC, NARA, NCIC, NIACAP, NISPOM, NIST, NISTIR-5153, Orange Book, OMB, Privacy Act, RFCs, SANS, Sarbanes-Oxley, SAS-70, SSE-CMM, TCSEC, USDA, US Law, and many others.

Career

Principal Security Architect, Science Applications International Corporation, Lanham, MD (4/04 - present)
Lead team of eight security engineers. Designed the Security Architecture component of the Enterprise Architecture for the National Archives and Records Administration (NARA). Integrated Federal Enterprise Architecture business-level guidance with NIST system-level guidance into cohesive security. Merged NIST, DCID, DoD, ISOO, OMB, FISCAM and ISOO security controls into a consistent system that meets all requirements in each area. Conducted Certification and Accreditation of all agency systems to ensure federal compliance. Conducted design reviews and approval input at all phases of system development lifecycle. Met all federal mandates for government agencies while delivering a service assessed to CMMI Level 3.

Principal Security Consultant, Newstaff, Inc. West Melbourne, FL (1/01 - 3/04)
Returned to Newstaff, Inc. to develop automated security tools, security consulting methodology, and perform independent research in security. Wrote proposals, generated sales, and acted as project manager on all security projects. Provided the expertise, training, methodology, and direction for all security consultants. Acted as project manager for security consulting projects. Developed automated penetration testing system. Developed automated forensics system.

Director of Security Testing, Fiderus Strategic Security and Privacy Services, Cary, NC (9/00 - 12/00)
Created the Security Consulting Practice of “ethical hackers” for this $75 million startup. Developed methodology for security testing. Conducted training classes for consultants. Earned the company’s first revenue, and later the company’s first account. Lead the division to become the first operational for the company. Achieved more revenue than all other divisions combined by the end of the first quarter.

Lead Security Consultant, IBM Security and Privacy Services, Orlando, FL (7/98 - 8/00)
After consulting to IBM for a few years, IBM hired me directly to lead teams and develop methodology for its security and privacy consulting practice. Project Manager for security audits of Fortune-500 customers, and for internal IBM product development. Conducted classes for IBM developers on secure software development and testing through all phases of system development lifecycle. First security patent application was in 1998.

Lead Security Consultant, Newstaff, Inc., West Melbourne, FL (1/95 - 6/98)
Cofounded Newstaff in 1995 to provide mission-based security architecture consulting services to Fortune-500 companies. Wrote proposals, generated sales, and acted as project manager on all security projects. Provided the expertise, training, methodology, and direction for all security consultants. Landed the company’s first account, which was a six-month contract with IBM. Followed-up with a total of 6 IBM contracts. Resolved unexplained campus-wide computer shutdowns at IBM’s famous Boca Raton site to a design flaw in the NetBIOS protocol. Reorganized South Florida campus from one big site into five distributed sites. Helped establish proof-of-concept for IBM’s new Security and Privacy Services practice. Automated network monitoring, intrusion detection, and security alerts.

Lead Network Security Engineer, Harris Electronic Systems, Palm Bay, FL (1/85 - 12/94)
Divisional Security Auditor. Manager for security R&D. Team lead on security engagements for military projects. Project Manager for internal security projects and external customer security projects. Certified software and servers for production use. Wrote in-house security standards, policies and procedures. Lead change-control committee, design-review teams, and organizational steering committees. Lead in-house R&D in network security. Developed system software and tools for security testing, monitoring, reporting, analysis, and secure communications to support military contracts. Managed all phases of system development lifecycle. Lead R&D efforts on several military security applications including stealth packets, multi-layer disk data recovery, covert timing channels, and a method for obscuring clear-text passwords in clear-text transmissions. Operated company beta-test lab to evaluate products before shipping.

Lead Software Engineer, Castronova Enterprises, Melbourne, FL (6/82 - 12/84)
Managed a small team of developers to produce secure turnkey systems for industry. Managed security in all phases of system development lifecycle. Performed design review, monitored development, performed acceptance testing, and audited client implementations.

Manager of Information Systems, Florida Department of Education, Brevard County, FL (5/81 - 5/82)
Managed team of students and staff in operations of school computer lab. Developed policies and procedures. Audited compliance. Taught education courses on computer security and software development. Monitored activities and systems.