LON J. BERMAN

 

Principal Consultant

Berman Associates, Inc. (BAI)

 

Phone: 540-808-1050

Fax: 540-808-1051

 

Email: Lon@Baisoftware.com

Web: www.Baisoftware.com

 

 

Mr. Berman has over 35 years experience in the information systems field.  His areas of specialization include Information Security, Training, and System Development/Integration.  He is noted for his abilities in multidisciplinary problem solving, technical and non-technical communication, and team leadership.

 

For the past 33 years, Mr. Berman has served as owner and principal consultant of Berman Associates, Inc. (BAI), the small consulting firm he founded in Northern Virginia in 1974.  Under his leadership, BAI has been a provider of information technology services to government and industry throughout the region.

 

Mr. Berman is a recognized authority in the field of Information Security. Among his specific areas of expertise are: Certification and Accreditation of federal government systems (DIACAP, DITSCAP, NIST/FISMA, DCID), government security policies and guidelines (e.g. DoD, OMB, NIST, HIPAA), security assessment methodology, and information security training.

 

Mr. Berman is an experienced trainer who has presented training programs and developed courseware ranging from security awareness training to software quality assurance. He has also given presentations and seminars at numerous information technology and security conferences.

 

Mr. Berman is also an “old pro” system developer and integrator, with extensive experience in mainframe, UNIX, and Windows environments.

 

Mr. Berman has an active security clearance (SECRET), and holds BS (Biology) and MS (Computer Science) degrees. He is also a Certified Information Systems Security Professional (CISSP).

 

Below is a sample of projects underway or completed in the past several years.  In all these efforts, Mr. Berman was an active participant in the work – as technical specialist, team leader, or, in most cases, both.

 


LON J. BERMAN – EXPERIENCE

 

 

·        Served as principal subject-matter-expert for development of an automated security certification and assessment (DIACAP, NIACAP, DCID, NIST, and Commercial) tool. Developed requirements and design, and served as consultant throughout the development effort. Designed and implemented content management effort for extracting requirements from departmental and agency regulations and developed testing and validation procedures.

 

·        Provided security consulting services to the US Army Information Technology Agency (ITA) – formerly known as the Network Infrastructure Services Agency - Pentagon (NISA-P).

 

·        Provided security certification and accreditation support to the U.S. Army Medical Information Systems and Services Agency (USAMISSA).

 

·        Provided security certification and accreditation services for the Pentagon Single Agency Manager Classified and Unclassified mainframe systems.

 

·        Provided security consulting services to the Administrative Office of the United States Courts.

 

·        Provided security certification and accreditation services to the Defense Manpower Data Center.

 

·        Provided security consulting services to the Headquarters Department of Army Information Management Center.

 

·        Provided support in the development and testing of a commercial document imaging software product.

 

·        Developed Security Awareness Training and Education courseware for the U.S. Army Medical Command.

 

·        Provided security certification and accreditation services for the U.S. Army Medical Materiel Command.

 

·        Provided network consulting and documentation services to the U.S. Department of Agriculture Headquarters Network Branch.

 

·        Developed multimedia networking and database software for a retail environment.

 

·        Provided system support staff to the U.S. Department of Agriculture Rural Development division.

 

·        Provided computer installation, configuration, security and transition support to the U.S. Army Research Laboratory.

 

·        Developed computer graphics training courses for the U.S. Healthcare Financing Administration.

 

·        Provided network consulting services to the Office of the Chief of Naval Operations.

 

·        Provided systems consulting and system integration services to the U.S. Department of Agriculture Farmers Home Administration.

 

·        Provided software development and systems integration services to two companies involved in development of Electronic Data Interchange software.

 

·        Provided systems consulting and support services to the Defense Security Assistance Administration.

 

·        Developed and presented training courses in Software Quality Assurance for Motorola Corporation.

 

·        Provided software development and software quality assurance training to GTE Corporation.

 


LON J. BERMAN – SUMMARY OF SKILLS

 

 

INFORMATION SECURITY

Certification and accreditation (DIACAP, DITSCAP, FISMA/NIST 800-37)

Government security standards and processes (OMB, NIST, HIPAA)

Policy development and review

Departmental and agency security regulations

Common Criteria

Security in the intelligence community (DCID 6/3)

ISO standard 17799

Security test plan development and security testing

Threat, vulnerability and risk assessment

Security assessment and monitoring tools

Computer security – UNIX environment

Computer security – Windows environment

Computer security – Mainframe environment

Communications security (COMSEC)

Network security (TCP/IP, routers, switches, internet)

Physical security

Interconnection security agreement development and review

Contingency plan development and review

 

TRAINING

Courseware development

Classroom training

Computer-based training development

 

SYSTEM DEVELOPMENT AND INTEGRATION

Requirements definition

System design

Rapid prototyping

Programming in numerous languages

System testing methodology

Test tools and automation

System documentation

Software quality assurance methodology

Windows 9X, NT, 2000, XP operating systems

UNIX (Solaris, AIX, HP-UX, Linux) operating systems

Mainframe (MVS, VM) operating systems

Networking

 

GENERAL

Team leadership and management

Verbal and written communication, both technical and non-technical

Proposal development