LON J. BERMAN
Berman Associates, Inc. (BAI)
Mr. Berman has over 35 years experience in the information systems field. His areas of specialization include Information Security, Training, and System Development/Integration. He is noted for his abilities in multidisciplinary problem solving, technical and non-technical communication, and team leadership.
For the past 33 years, Mr. Berman has served as owner and principal
consultant of Berman Associates, Inc. (BAI), the small consulting firm he
Mr. Berman is a recognized authority in the field of Information Security. Among his specific areas of expertise are: Certification and Accreditation of federal government systems (DIACAP, DITSCAP, NIST/FISMA, DCID), government security policies and guidelines (e.g. DoD, OMB, NIST, HIPAA), security assessment methodology, and information security training.
Mr. Berman is an experienced trainer who has presented training programs and developed courseware ranging from security awareness training to software quality assurance. He has also given presentations and seminars at numerous information technology and security conferences.
Mr. Berman is also an old pro system developer and integrator, with extensive experience in mainframe, UNIX, and Windows environments.
Mr. Berman has an active security clearance (SECRET), and holds BS (Biology) and MS (Computer Science) degrees. He is also a Certified Information Systems Security Professional (CISSP).
Below is a sample of projects underway or completed in the past several years. In all these efforts, Mr. Berman was an active participant in the work as technical specialist, team leader, or, in most cases, both.
LON J. BERMAN EXPERIENCE
· Served as principal subject-matter-expert for development of an automated security certification and assessment (DIACAP, NIACAP, DCID, NIST, and Commercial) tool. Developed requirements and design, and served as consultant throughout the development effort. Designed and implemented content management effort for extracting requirements from departmental and agency regulations and developed testing and validation procedures.
· Provided security consulting services to the US Army Information Technology Agency (ITA) formerly known as the Network Infrastructure Services Agency - Pentagon (NISA-P).
· Provided security certification and accreditation support to the U.S. Army Medical Information Systems and Services Agency (USAMISSA).
· Provided security certification and accreditation services for the Pentagon Single Agency Manager Classified and Unclassified mainframe systems.
· Provided security consulting services to the Administrative Office of the United States Courts.
security certification and accreditation services to the
· Provided security consulting services to the Headquarters Department of Army Information Management Center.
· Provided support in the development and testing of a commercial document imaging software product.
· Developed Security Awareness Training and Education courseware for the U.S. Army Medical Command.
· Provided security certification and accreditation services for the U.S. Army Medical Materiel Command.
· Provided network consulting and documentation services to the U.S. Department of Agriculture Headquarters Network Branch.
· Developed multimedia networking and database software for a retail environment.
· Provided system support staff to the U.S. Department of Agriculture Rural Development division.
· Provided computer installation, configuration, security and transition support to the U.S. Army Research Laboratory.
· Developed computer graphics training courses for the U.S. Healthcare Financing Administration.
· Provided network consulting services to the Office of the Chief of Naval Operations.
· Provided systems consulting and system integration services to the U.S. Department of Agriculture Farmers Home Administration.
· Provided software development and systems integration services to two companies involved in development of Electronic Data Interchange software.
· Provided systems consulting and support services to the Defense Security Assistance Administration.
· Developed and presented training courses in Software Quality Assurance for Motorola Corporation.
· Provided software development and software quality assurance training to GTE Corporation.
LON J. BERMAN SUMMARY OF SKILLS
Certification and accreditation (DIACAP, DITSCAP, FISMA/NIST 800-37)
Government security standards and processes (OMB, NIST, HIPAA)
Policy development and review
Departmental and agency security regulations
Security in the intelligence community (DCID 6/3)
ISO standard 17799
Security test plan development and security testing
Threat, vulnerability and risk assessment
Security assessment and monitoring tools
Computer security UNIX environment
Computer security Windows environment
Computer security Mainframe environment
Communications security (COMSEC)
Network security (TCP/IP, routers, switches, internet)
Interconnection security agreement development and review
Contingency plan development and review
Computer-based training development
SYSTEM DEVELOPMENT AND INTEGRATION
Programming in numerous languages
System testing methodology
Test tools and automation
Software quality assurance methodology
Windows 9X, NT, 2000, XP operating systems
UNIX (Solaris, AIX, HP-UX, Linux) operating systems
Mainframe (MVS, VM) operating systems
Team leadership and management
Verbal and written communication, both technical and non-technical