LON J. BERMAN
Principal Consultant
Berman Associates, Inc. (BAI)
Phone: 540-808-1050
Fax: 540-808-1051
Email: Lon@Baisoftware.com
Web: www.Baisoftware.com
Mr. Berman has over 35 years experience in the information systems field. His areas of specialization include Information Security, Training, and System Development/Integration. He is noted for his abilities in multidisciplinary problem solving, technical and non-technical communication, and team leadership.
For the past 33 years, Mr. Berman has served as owner and principal
consultant of Berman Associates, Inc. (BAI), the small consulting firm he
founded in
Mr. Berman is a recognized authority in the field of Information
Security. Among his specific areas of expertise are: Certification and
Accreditation of federal government systems (DIACAP, DITSCAP, NIST/FISMA, DCID), government
security policies and guidelines (e.g. DoD, OMB, NIST, HIPAA), security
assessment methodology, and information security training.
Mr. Berman is an experienced trainer who has presented training
programs and developed courseware ranging from security awareness training to
software quality assurance. He has also given presentations and seminars at
numerous information technology and security conferences.
Mr. Berman is also an old pro system developer and integrator, with
extensive experience in mainframe, UNIX, and Windows environments.
Mr. Berman has an active security clearance (SECRET), and holds BS
(Biology) and MS (Computer Science) degrees. He is also a Certified Information
Systems Security Professional (CISSP).
Below is a sample of
projects underway or completed in the past several years. In all these efforts, Mr. Berman was an
active participant in the work as technical specialist, team leader, or, in
most cases, both.
LON J. BERMAN EXPERIENCE
·
Served
as principal subject-matter-expert for development of an automated security
certification and assessment (DIACAP, NIACAP, DCID, NIST, and Commercial)
tool. Developed requirements and design, and served as consultant throughout the
development effort. Designed and implemented content management effort for
extracting requirements from departmental and agency regulations and developed
testing and validation procedures.
·
Provided
security consulting services to the US Army Information Technology Agency (ITA)
formerly known as the Network Infrastructure Services Agency - Pentagon
(NISA-P).
·
Provided
security certification and accreditation support to the U.S. Army Medical
Information Systems and Services Agency (USAMISSA).
·
Provided
security certification and accreditation services for the Pentagon Single
Agency Manager Classified and Unclassified mainframe systems.
·
Provided
security consulting services to the Administrative Office of the United States
Courts.
·
Provided
security certification and accreditation services to the
·
Provided
security consulting services to the Headquarters Department of Army Information
Management Center.
·
Provided
support in the development and testing of a commercial document imaging
software product.
·
Developed
Security Awareness Training and Education courseware for the U.S. Army Medical
Command.
·
Provided
security certification and accreditation services for the U.S. Army Medical
Materiel Command.
·
Provided
network consulting and documentation services to the U.S. Department of
Agriculture Headquarters Network Branch.
·
Developed
multimedia networking and database software for a retail environment.
·
Provided
system support staff to the U.S. Department of Agriculture Rural Development
division.
·
Provided
computer installation, configuration, security and transition support to the
U.S. Army Research Laboratory.
·
Developed
computer graphics training courses for the U.S. Healthcare Financing
Administration.
·
Provided
network consulting services to the Office of the Chief of Naval Operations.
·
Provided
systems consulting and system integration services to the U.S. Department of
Agriculture Farmers Home Administration.
·
Provided
software development and systems integration services to two companies involved
in development of Electronic Data Interchange software.
·
Provided
systems consulting and support services to the Defense Security Assistance
Administration.
·
Developed
and presented training courses in Software Quality Assurance for Motorola
Corporation.
·
Provided
software development and software quality assurance training to GTE
Corporation.
LON J. BERMAN
SUMMARY OF SKILLS
INFORMATION
SECURITY
Certification and accreditation (DIACAP, DITSCAP, FISMA/NIST 800-37)
Government security standards and processes (OMB, NIST, HIPAA)
Policy development and review
Departmental and agency security regulations
Common Criteria
Security in the intelligence community (DCID 6/3)
ISO standard 17799
Security test plan development and security testing
Threat, vulnerability and risk assessment
Security assessment and monitoring tools
Computer security UNIX environment
Computer security Windows environment
Computer security Mainframe environment
Communications security (COMSEC)
Network security (TCP/IP, routers, switches, internet)
Physical security
Interconnection security agreement development and review
Contingency plan development and review
TRAINING
Courseware development
Classroom training
Computer-based training development
SYSTEM
DEVELOPMENT AND INTEGRATION
Requirements definition
System design
Rapid prototyping
Programming in numerous languages
System testing methodology
Test tools and automation
System documentation
Software quality assurance methodology
Windows 9X, NT, 2000, XP operating systems
UNIX (Solaris, AIX, HP-UX, Linux) operating systems
Mainframe (MVS, VM) operating systems
Networking
GENERAL
Team leadership and management
Verbal and written communication, both technical and non-technical
Proposal development