Our consultants and trainers have an average experience of 20 years in information security and a rooted background in working with government technology systems.
Lon J. Berman (CISSP, RDRP)
RMF Evangelist/Principal Consultant
Principal Consultant Lon J. Berman has more than 40 years experience in the information systems field. His areas of specialization include Information Security, Training, and System Development/Integration. Lon is a recognized authority in the area of information security risk management. Among his specific areas of expertise are Certification and Accreditation of federal government systems (RMF, DIACAP, FISMA, DCID), government security policies and guidelines, security assessment methodology, and information security training. He is noted for his abilities in multidisciplinary problem solving, technical and non-technical communication, and team leadership.
Kathryn Daily (CISSP, CAP, RDRP)
Executive Director Technical Services
Kathryn Daily started in the information systems industry in 2009 and has been a consultant with BAI since 2009. She has worked on several RMF consulting projects with commercial, federal and Department of Defense customers. She teaches STIG 101, eMASS essentials and RMF for DoD IT. She regularly contributes to RMF Today, the newsletter published quarterly by BAI. When Kathryn isn’t working on consulting or training, she maintains all of the technical aspects of BAI including tools and services. Kathryn studied at Radford University and graduated in 2006 with a degree in Information Systems and Science with a concentration in Web Development. She currently holds a CISSP and CAP and is currently working towards several other certifications. Her areas of specialization include Information Security and the Risk Management Framework as well as process improvement.
When she isn’t working, she is active in her community by volunteering at her local domestic violence shelter as well as the local animal shelter. She also rescues dogs and currently has a treeing walker coonhound named Jasper and a cat named Annabelle.
Philip D. Schall (Ph.D., CISSP, RDRP)
Executive Director Training Services
Dr. Schall is a results-driven training professional specializing in Risk Management Framework (RMF). He brings a background in learning and development within a variety of industries including enterprise software, medical device and diagnostics (MD&D) as well as academia. He is a Certified Information Systems Security Professional (CISSP), (ISC)2 Authorized Instructor as well as a Registered DoD RMF Practitioner (RDRP).
Dr. Schall’s research interests are centered around the relationship between the receipt of formalized RMF training and RMF effectiveness. His previous studies have shown statistical significance in the receipt of formalized RMF training and perceptions of RMF effectiveness utilizing Analysis of Variance (ANOVA) and Pearson’s Correlations. His current research is focused on exploring the relationship between the receipt of formalized RMF training and the reduction in RMF project costs. Dr. Schall is committed to improving the real world application of RMF with the goal of mitigating the idea that RMF is failing.
Dr. Schall has served on a variety of academic boards and is active as a university professor teaching in the fields of information systems and cybersecurity.
Director of Sales and Marketing
Alice’s resume reflects a variety of work experiences over the past 40 years. Starting with twelve years in the food brokerage industry as office and customer service manager to over 20 years in the credit & collections industry, with job descriptions from clerical manager to general manager and sales manager for a national credit reporting company, and over 15 years as owner of Contact Solutions, a B2B lead generation company. This work history has provided an education that compliments her current position as Sales & Marketing Director for BAI Information Security.
Assistant Director of Sales and Marketing
After spending 21 years with Apple as an Account Executive in higher education, Christi joins BAI as Assistant Director of Sales. During her career at Apple, she facilitated implementations that included hardware, software, training, professional development, and consultative services. Her focused territory included accounts sustaining 75MM in annual revenue. In this role, she built and maintained key relationships with leadership, including provosts, CIO’s, IT Directors, and others. She brings a customer-centric, solutions based approach to BAI and we are delighted to have her onboard to support our mission of meeting the critical RMF training needs of our customers.
Linda Gross (CISM, RDRP)
Lead RMF Instructor
Linda is a trainer with BAI and brings many years of experience in the Information Security field from her former work as a government employee. She retired in July 2015 after 40 years of civilian service at the Rock Island Arsenal.
During her government career, she worked as a Computer Programmer, Computer Specialist, Data Base Manager, and Systems Analyst. In 2000, she assumed the position of Information Assurance Manager for the Tank-Automotive Command, RIA. She spent her final year teaching Risk Management Framework (RMF) to System owners/POCs and Information Assurance personnel within her command. In 2009, she received a Special Act Award for leading the certification and accreditation effort on an Inventory Accountability system used by multiple Army and Air Force organizations. She graduated from the USDA Executive Leadership Program in 2004 and obtained her professional Certification in Information Security Management (CISM) from the ISACA IT Governance Institute in February 2010.
William Alan Matthey II (FITSP-M, CISSP/CAP/CCSP, CISM, MCSE/MCT, RDRP)
RMF & IT Certification Instructor
William has been delivering security training and consulting for over 35 years. With a formidable skill set that includes management and technical skills, he is currently working on projects worldwide to develop and manage secure Enterprise solutions utilizing Windows 10 & Server 2016 Technologies. Having worked for the Department of Defense (DOD) and the Department of State (DOS) he has been delivering security training and consulting services for the US government Worldwide. He currently does a lot of training in support of DOD 8140 and the RMF Transition around the globe. As a presenter at CACI, Tech Ed, Deep Diver Master Class and Cyber Crimes Roadshows he continues working as a Global Security Evangelist.
Marilyn Fritz (CISSP, CISA, PMP, ITIL-F)
Marilyn Fritz is an information security professional with 35 years of experience in large multi-national corporate environments. She has expertise in conducting compliance, regulatory, and assurance assessments based on industry standards such as HIPAA, ISO 27001 and PCI DSS. Her expertise also includes the NIST Cybersecurity Framework (CSF), the NIST Risk Management Framework (RMF), the U. S. Department of Defense (DoD) Defense Information Assurance Certification and Accreditation Process (DIACAP), and the NIST risk management approach to information security continuous monitoring. She has information security controls expertise in NIST SP 800-53, NERC CIP, HIPAA, PCI DSS, and ISO 27001, and has worked extensively with CMMI metrics.
Marilyn is a seasoned veteran in leading cross-functional teams, portfolio and project management, as well as performance improvement and instructional design initiatives. She has also created security policies, standards, and procedures, and is an expert trainer and facilitator. Her education includes doctoral work at Harvard University, a Master’s degree from Columbia University, and Bachelor’s degrees from Rutgers University and Memorial University of Newfoundland.
Ernest Smith (CISSP, PMP, RDRP)
RMF Instructor & Consultant
Ernest Smith is a 21 year retired Army veteran spending most of his career in the 82nd Airborne Division as a Paratrooper. Ernest has served as a security control assessor working side by side with Authorizing Officials and Designated Authorizing Officials giving him a unique perspective on how RMF is implemented. Ernest is a RMF practitioner implementing RMF methodologies for a number of different communities to include the DoD, Intel Community, private hospitals, the automotive industry, and a host of government contracting companies helping them comply with RMF standards before they sell products to the DoD and the Intel Community. Ernest uses all of this RMF relevant experience to give RMF students the most comprehensive RMF training sessions.
Alphonso M. Brown (MBA, MIS, CISSP, NQV3)
RMF Instructor & Consultant
Alphonso M. Brown is a 17-year active Navy Reservist and 13-year cybersecurity professional with a record of success in information security, risk management, and life cycle management. He possesses experience in multiple disciplines of cybersecurity and information systems management. His experience supporting both the private sector and DoD has provided him with a broad knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.
Alphonso currently supports the Space and Naval Warfare Systems Command (SPAWAR), Program Executive Office for Command, Control, Communications, Computers and Intelligence (PEO C4I), Shore and Expeditionary Integration Program Office (PMW 790). It is his responsibility to ensure information assurance controls (IAC) and network security policies are enforced in the systems that make up the outermost layers of the Navy’s Defense-in-Depth (DiD) to include screening, analysis, and protective services for the navy networks across the globe. This is accomplished by facilitating the development of documentation in support of DoD RMF/DIACAP accreditations, performing vulnerability management activities, and overseeing the creation and submission of DoD (RMF/DIACAP) packages across multiple Programs of Record (PORs).
Leighton Johnson (CISA, CISM, CISSP-ISSEP, CAP, RDRP, CRISC)
Security Controls Assessor (SCA) Workshop Instructor
Leighton Johnson, the CTO of ISFMT (Information Security Forensics Management Team), a provider of computer security & forensics consulting and certification training, has presented computer security, cyber security and forensics lectures, conference presentations and seminars all across the United States, Asia and Europe. He is also the founder and CEO of Chimera Security, a research and development company delving into the realms of cryptography, mobile technology and cloud computing to create better and more secure solutions for today’s advanced users and providers. He has over 40 years’ experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance. Primary focus areas include computer security, information operations & assurance, incident response & forensics investigations, software system development life cycle focused on testing of systems, systems engineering and integration activities, database administration and cyber defense & offense activities. He retains many professional security certifications, including CISA, CISM, CISSP-ISSEP, CAP, RDRP and CRISC and has taught certification, risk management, forensics and auditing courses all around the world over the past 15 years. He wrote “Security Controls Evaluation, Testing, and Assessment Handbook” published December 2015 by Syngress Press. He has conducted incident response and digital forensics investigations for both public and private clients for the past 20 years. He has also contributed a bi-monthly column to the ISACA online Journal on Incident Response, Risk Management and Forensics continuously since 2009.
James Blake (CISSP/CAP, CRISC/CISA, RDRP)
James (Jim) Blake is a business-focused IT Risk Management and Compliance Consultant and trainer. Jim has served in a variety of information technology and infrastructure related consulting roles since 1998 after retiring from the U.S. Air Force and holds the Certified Information Systems Security Professional (CISSP) and Certified Authorization Professional (CAP) certifications from the International Information Systems Security Certification Consortium ((ISC)2). He also holds the Certified in Risk and Information System Control (CRISC) and Certified Information Systems Auditor (CISA) certifications from ISACA.
He is deeply skilled in Cyber Security, IT Compliance, and Risk Management program areas. He has been providing training classes covering the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) for U.S. federal government civilian and Department of Defense (DoD) clients. He also has provided training in the IT Audit and Compliance arena. Jim has a Master of Science in Social and Applied Economics from Wright State University and a Bachelor of Science in Electrical Engineering from Old Dominion University.
Logistics and Marketing Specialist
Amanda is an evangelist for leadership development and cybersecurity awareness. With a background in project management, IT system administration, information security, sales, and marketing, Amanda brings a diverse perspective to the table at BAI. Amanda is an honors student currently pursuing a B.S. in Computer Science with a specialty in cyber security. Additionally, she serves as the President of Liberty University’s Cyber Defense Club and is a competing member of the Collegiate Cyber Defense Competition Team.”
Logistics and Marketing Specialist
Grace is a student of Liberty University following a lifelong interest in computers and the tech industry. She is pursuing an Information Assurance major in hopes of better serving and protecting her community in a growing tech industry. She is certified in the use of Microsoft Excel and a Registered DoD RMF Practitioner (RDRP) and has experience in multiple programming languages including C++, Python, and Visual Basic. Grace is a member of her university’s Robotics club and a participating member of the Vanguard Mars Rover team. She is continuing her study by preparing for the Comptia Security+ certification while finishing her degree.