Our consultants and trainers have an average experience of 20 years in information security and a rooted background in working with government technology systems.
Lon J. Berman (CISSP, RDRP)
RMF Evangelist/Principal Consultant
Principal Consultant Lon J. Berman has more than 40 years experience in the information systems field. His areas of specialization include Information Security, Training, and System Development/Integration. Lon is a recognized authority in the area of information security risk management. Among his specific areas of expertise are Certification and Accreditation of federal government systems (RMF, DIACAP, FISMA, DCID), government security policies and guidelines, security assessment methodology, and information security training. He is noted for his abilities in multidisciplinary problem solving, technical and non-technical communication, and team leadership.
Philip D. Schall (Ph.D., CISSP, RDRP)
Executive Director Training Services
Dr. Schall is a results-driven training professional specializing in Risk Management Framework (RMF). He brings a background in learning and development within a variety of industries including enterprise software, medical device and diagnostics (MD&D) as well as academia. He is a Certified Information Systems Security Professional (CISSP), (ISC)2 Authorized Instructor as well as a Registered DoD RMF Practitioner (RDRP).
Dr. Schall’s research interests are centered around the relationship between the receipt of formalized RMF training and RMF effectiveness. His previous studies have shown statistical significance in the receipt of formalized RMF training and perceptions of RMF effectiveness utilizing Analysis of Variance (ANOVA) and Pearson’s Correlations. His current research is focused on exploring the relationship between the receipt of formalized RMF training and the reduction in RMF project costs. Dr. Schall is committed to improving the real world application of RMF with the goal of mitigating the idea that RMF is failing.
Dr. Schall has served on a variety of academic boards and is active as a university professor teaching in the fields of information systems and cybersecurity.
Kathryn Daily (CISSP, CAP, RDRP)
Director of Consulting/Lead Consultant
Kathryn Daily started in the information systems industry in 2007 and has been a consultant with BAI since 2009. During that decade+, she has worked many RMF consulting projects with commercial, federal and Department of Defense customers as well as industry processing classified information. She teaches STIG 101, eMASS essentials, RMF for DCSA, and RMF in the Cloud. She uses her extensie experience in consulting to effectively contribute to RMF Today, the newsletter published quarterly by BAI.
Additionally, she maintains all of the technical aspects of BAI including tools, services and compliance with all industry cybersecurity requirements.
Kathryn studied at Radford University and graduated in 2006 with a degree in Information Systems and Science with a concentration in Web Development. She currently holds a CISSP and CAP and is currently working towards several other certifications. Her areas of specialization include Information Security and the Risk Management Framework as well as process improvement.
When she isn’t working, she is active in her community by volunteering at her local domestic violence shelter as well as the local animal shelter. She also rescues dogs and currently has a treeing walker coonhound named Jasper and a cat named Annabelle.
Director of Sales and Marketing
Alice’s resume reflects a variety of work experiences over the past 40 years. Starting with twelve years in the food brokerage industry as office and customer service manager to over 20 years in the credit & collections industry, with job descriptions from clerical manager to general manager and sales manager for a national credit reporting company, and over 15 years as owner of Contact Solutions, a B2B lead generation company. This work history has provided an education that compliments her current position as Sales & Marketing Director for BAI Information Security.
Amanda Lowell (RDRP)
Assistant Director of Business Development and Cyber Strategy
Amanda is an evangelist for leadership development and cybersecurity awareness. She has spent the last four years developing secure technical solutions for mission-critical systems in the healthcare and GovCon sectors. With a background in cybersecurity incident response, penetration testing, software development, project management, IT system administration, sales, and marketing, Amanda brings a diverse perspective to the table at BAI. Amanda received her Bachelor’s of Science in Computer Science: Cybersecurity from Liberty University and is CompTIA Security+ CE and RDRP certified. In her free time, Amanda enjoys weightlifting, travel, and furthering her skills in technical aspects of cybersecurity through home-lab projects and CTFs.
Linda Gross (CISM, RDRP)
Lead RMF Instructor
Linda is a trainer with BAI and brings many years of experience in the Information Security field from her former work as a government employee. She retired in July 2015 after 40 years of civilian service at the Rock Island Arsenal.
During her government career, she worked as a Computer Programmer, Computer Specialist, Data Base Manager, and Systems Analyst. In 2000, she assumed the position of Information Assurance Manager for the Tank-Automotive Command, RIA. She spent her final year teaching Risk Management Framework (RMF) to System owners/POCs and Information Assurance personnel within her command. In 2009, she received a Special Act Award for leading the certification and accreditation effort on an Inventory Accountability system used by multiple Army and Air Force organizations. She graduated from the USDA Executive Leadership Program in 2004 and obtained her professional Certification in Information Security Management (CISM) from the ISACA IT Governance Institute in February 2010.
Corey Kline (CISSP, CEH, CNDA)
Mr. Kline served in the U.S. Army for 22 years, retiring in January 2016 from the Army Cyber Command with over 20 years of Cyber Security experience. Cory assisted the Army with the development and implementation of the Risk Management Framework as well as planning the cybersecurity services to be implemented for the Army’s transition to the Cloud. As the Director of Compliance and DoD Programs at LP3, he conducts Business Development and project management for cyber security related projects focusing on integrating products and services into the DoD Enterprise through the Risk Management Framework for both classified and unclassified projects.
Cory holds a Master of Science in Cyber Security and Digital Forensic Investigation from Norwich University and certifications as a Computer Information System Security Professional (CISSP), Project Management Professional (PMP), Certified Ethical Hacker (CEH), Certified Network Defense Architect (CNDA), and is a Certified Specialist in Cloud Security.
Ernest Smith (CISSP, PMP, RDRP)
RMF Instructor & Consultant
Ernest Smith is a 21 year retired Army veteran spending most of his career in the 82nd Airborne Division as a Paratrooper. Ernest has served as a security control assessor working side by side with Authorizing Officials and Designated Authorizing Officials giving him a unique perspective on how RMF is implemented. Ernest is a RMF practitioner implementing RMF methodologies for a number of different communities to include the DoD, Intel Community, private hospitals, the automotive industry, and a host of government contracting companies helping them comply with RMF standards before they sell products to the DoD and the Intel Community. Ernest uses all of this RMF relevant experience to give RMF students the most comprehensive RMF training sessions.
Alphonso M. Brown (MBA, MIS, CISSP, NQV3)
RMF Instructor & Consultant
Alphonso M. Brown is a 17-year active Navy Reservist and 13-year cybersecurity professional with a record of success in information security, risk management, and life cycle management. He possesses experience in multiple disciplines of cybersecurity and information systems management. His experience supporting both the private sector and DoD has provided him with a broad knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.
Alphonso currently supports the Space and Naval Warfare Systems Command (SPAWAR), Program Executive Office for Command, Control, Communications, Computers and Intelligence (PEO C4I), Shore and Expeditionary Integration Program Office (PMW 790). It is his responsibility to ensure information assurance controls (IAC) and network security policies are enforced in the systems that make up the outermost layers of the Navy’s Defense-in-Depth (DiD) to include screening, analysis, and protective services for the navy networks across the globe. This is accomplished by facilitating the development of documentation in support of DoD RMF/DIACAP accreditations, performing vulnerability management activities, and overseeing the creation and submission of DoD (RMF/DIACAP) packages across multiple Programs of Record (PORs).
Austin Lee (CISSP-ISSEP, CISM, GAWN, GSNA, GISF)
Austin has more than 12 years of experience in cybersecurity within the Federal, DoD, and commercial arenas. During his time as an Army Civil Servant, he served as an ACA/SCA-V where he performed DIACAP/RMF cybersecurity certification and accreditation as well as assessment and authorization efforts for Army information systems throughout the world. He currently provides SME-level security engineering for compliance and governance support. He works with organizations to ensure IT and OT systems and networks are secured to achieve an acceptable level of risk, while educating system stakeholders in ongoing compliance and secure operations. With a focus in OT, Mr. Lee’s experience ranges from hydroelectric, building control systems, and locks and dams to U.S. Army enterprise systems and applications and tactical systems deployed in theater.
William Alan Matthey II (FITSP-M, CISSP/CAP/CCSP, CISM, MCSE/MCT, RDRP)
RMF & IT Certification Instructor
William has been delivering security training and consulting for over 35 years. With a formidable skill set that includes management and technical skills, he is currently working on projects worldwide to develop and manage secure Enterprise solutions utilizing Windows 10 & Server 2016 Technologies. Having worked for the Department of Defense (DOD) and the Department of State (DOS) he has been delivering security training and consulting services for the US government Worldwide. He currently does a lot of training in support of DOD 8140 and the RMF Transition around the globe. As a presenter at CACI, Tech Ed, Deep Diver Master Class and Cyber Crimes Roadshows he continues working as a Global Security Evangelist.
James Blake (CISSP/CAP, CRISC/CISA, RDRP)
James (Jim) Blake is a business-focused IT Risk Management and Compliance Consultant and trainer. Jim has served in a variety of information technology and infrastructure related consulting roles since 1998 after retiring from the U.S. Air Force and holds the Certified Information Systems Security Professional (CISSP) and Certified Authorization Professional (CAP) certifications from the International Information Systems Security Certification Consortium ((ISC)2). He also holds the Certified in Risk and Information System Control (CRISC) and Certified Information Systems Auditor (CISA) certifications from ISACA.
He is deeply skilled in Cyber Security, IT Compliance, and Risk Management program areas. He has been providing training classes covering the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) for U.S. federal government civilian and Department of Defense (DoD) clients. He also has provided training in the IT Audit and Compliance arena. Jim has a Master of Science in Social and Applied Economics from Wright State University and a Bachelor of Science in Electrical Engineering from Old Dominion University.
Leighton Johnson (CISA, CISM, CISSP-ISSEP, CAP, RDRP, CRISC)
Security Controls Assessor (SCA) Workshop Instructor
Leighton Johnson, the CTO of ISFMT (Information Security Forensics Management Team), a provider of computer security & forensics consulting and certification training, has presented computer security, cyber security and forensics lectures, conference presentations and seminars all across the United States, Asia and Europe. He is also the founder and CEO of Chimera Security, a research and development company delving into the realms of cryptography, mobile technology and cloud computing to create better and more secure solutions for today’s advanced users and providers. He has over 40 years’ experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance. Primary focus areas include computer security, information operations & assurance, incident response & forensics investigations, software system development life cycle focused on testing of systems, systems engineering and integration activities, database administration and cyber defense & offense activities. He retains many professional security certifications, including CISA, CISM, CISSP-ISSEP, CAP, RDRP and CRISC and has taught certification, risk management, forensics and auditing courses all around the world over the past 15 years. He wrote “Security Controls Evaluation, Testing, and Assessment Handbook” published December 2015 by Syngress Press. He has conducted incident response and digital forensics investigations for both public and private clients for the past 20 years. He has also contributed a bi-monthly column to the ISACA online Journal on Incident Response, Risk Management and Forensics continuously since 2009.
Marilyn Fritz (CISSP, CISA, PMP, ITIL-F)
Marilyn Fritz is an information security professional with 35 years of experience in large multi-national corporate environments. She has expertise in conducting compliance, regulatory, and assurance assessments based on industry standards such as HIPAA, ISO 27001 and PCI DSS. Her expertise also includes the NIST Cybersecurity Framework (CSF), the NIST Risk Management Framework (RMF), the U. S. Department of Defense (DoD) Defense Information Assurance Certification and Accreditation Process (DIACAP), and the NIST risk management approach to information security continuous monitoring. She has information security controls expertise in NIST SP 800-53, NERC CIP, HIPAA, PCI DSS, and ISO 27001, and has worked extensively with CMMI metrics.
Marilyn is a seasoned veteran in leading cross-functional teams, portfolio and project management, as well as performance improvement and instructional design initiatives. She has also created security policies, standards, and procedures, and is an expert trainer and facilitator. Her education includes doctoral work at Harvard University, a Master’s degree from Columbia University, and Bachelor’s degrees from Rutgers University and Memorial University of Newfoundland.