About US

Meet the Normies

An open secret in InfoSec is that we are vulnerable.  It seems like the more time we spend and the more we do, the less secure we are.  So what’s standing in the way? Everybody wants to do their own thing.  And while that’s a valid human desire, we need to play as a team when it comes to security.  It’s dangerous to go alone.   We’ve evaluated substantially every framework and believe that the NIST Cybersecurity Framework can’t be beat when it comes to wide adoption and fluency with other standards.  Everything that we write (and implement) ties back to it in some way.  We hope that you consider using it for your security program also. We also believe that everyone in the enterprise has something to contribute to Cybersecurity.  NistForNormies is written by real people for real people.  We strive to make complex topics as understandable and relatable for as broad a professional audience as possible.


For Jamie, it isn’t just about security.  Or networks.  Or budget. 

For her, it’s about making sure that everybody has access to the tools, skills, and training to be successful.  She’s especially interested in empowering those of us embedded in the more technical and complex areas of IT and Cybersecurity.  Regardless of background, she knows that you have something to contribute. 

Jamie is an expert in Business Continuity and Disaster Recovery, consulting with scores of companies and non-profits to develop their plans for when things go pear-shaped.  Her broad experience has led her to executive-level roles at large enterprises (just check out her LinkedIn).  Versatility is her greatest strength because she is just as comfortable in people-leadership roles as in technical ones. 

Jamie is a sought-after speaker for RSA and other organizations.  She is the cofounder of NistForNormies.com.  She enjoys spending time with her family and is an avid (and accomplished!) runner, especially during Virginia’s beautiful fall and spring seasons.

If you don’t have your requirements and intent in writing , it’s going to be hard for people to be accountable.

Jamie Sanderson Reid

*Ms. Sanderson is a Member of the Business Continuity Institute and an Associate of the Disaster Recovery Institute.  She is Certified in Risk and Information Systems Control (CRISC) via ISACA.  She prefers cocktail sauce to tartar sauce but will not complain in either event.  Jamie also holds certifications in Cloud Security (CCSP) and Information Systems Security (CISSP) via ISC2. 


Jason doesn’t think it should be this hard.  He wants you to think so too. 

He wants everybody to see that we are all ultimatley accountable to our customers.  And questioning your boss, your IT Department, and your CISO is normal, natural, and healthy.  Jason is caught up in the idea that technology is cool and we should enjoy it.   

Jason is an expert in IT Audit and Assurance.  He is also a veteran management consultant, working in corporate, government, and non-profit environments.  Jason writes and teaches on a variety of complex topics, including accounting, tax, law, and InfoSec. 

Jason focuses on niche consulting (including cybersecurity) and teaching professionals.  He has taught for virtually every state accounting society (he’s coming for you, Puerto Rico) and publishes extensively on social media.  He is a cofounder of NistForNormies.com.  In his free time, he enjoys reading and spending time with his wife, two children, and giant schnauzer. 

We wanna do important things, but we wanna do fun things too.

Jason Carney

** Mr. Carney is a Certified Public Accountant (CPA) licensed to practice in multiple jurisdictions.  He is an attorney and a member of the Minnesota Bar.  Jason is certified as an Information Systems Auditor (CISA) via ISACA.  Jason is allergic to fish but loves shrimp.  He is designated a Project Management Professional (PMP) via the Project Management Institute. Jason also holds a CCSP and a CISSP via ISC2.