Our Team

Our consultants and trainers have an average experience of 20 years in information security and a rooted background in working with government technology systems.

Lon J. Berman (CISSP, RDRP)

Principal Consultant

Principal Consultant Lon J. Berman has more than 40 years’ experience in the information systems field. His areas of specialization include Information Security, Training, and System Development/Integration. Lon is a recognized authority in the area of information security risk management. Among his specific areas of expertise are Certification and Accreditation of federal government systems (RMF, DIACAP, FISMA, DCID), government security policies and guidelines, security assessment methodology, and information security training. He is noted for his abilities in multidisciplinary problem solving, technical and non-technical communication, and team leadership.

Kathryn Daily (CISSP, CAP, RDRP)

Executive Director Technical Services

Kathryn Daily has 11 years in the information systems industry been a consultant with BAI for 8 years. She has worked on several RMF projects with commercial, federal and Dept. Of Defense customers. She regularly contributes to RMF Today. Kathryn Studied at Radford University and graduated in 2006. She currently holds a CISSP and CAP and is currently working towards several other certifications. Her areas of specialization include Information Security and the Risk Management Framework. Kathryn lives in Radford, VA with her husband, 2 dogs, and 1 cat.

P. Devon Schall (Ph.D., CISSP, RDRP)

Executive Director Training Services

Dr. Schall is a results-driven training professional specializing in Risk Management Framework (RMF). He brings a background in learning and development within a variety of industries including enterprise software, medical device and diagnostics (MD&D) as well as academia. He is a Certified Information Systems Security Professional (CISSP), (ISC)2 Authorized Instructor as well as a Registered DoD RMF Practitioner (RDRP).

Dr. Schall’s research interests are centered around the relationship between the receipt of formalized RMF training and RMF effectiveness.  His previous studies have shown statistical significance in the receipt of formalized RMF training and perceptions of RMF effectiveness utilizing Analysis of Variance (ANOVA) and Pearson’s Correlations. His current research is focused on exploring the relationship between the receipt of formalized RMF training and the reduction in RMF project costs. Dr. Schall is committed to improving the real world application of RMF with the goal of mitigating the idea that RMF is failing.

Dr. Schall has served on a variety of academic boards and is active as a university professor teaching in the fields of information systems and cybersecurity.

Alice Steger

Director of Sales

Alice’s resume reflects a variety of work experiences over the past 40 years. Starting with twelve years in the food brokerage industry as office and customer service manager to over 20 years in the credit & collections industry, with job descriptions from clerical manager to general manager and sales manager for a national credit reporting company, and over 15 years as owner of Contact Solutions, a B2B lead generation company. This work history has provided an education that compliments her current position as Sales & Marketing Director for BAI Information Security.

Robert Jennings, M.S.

Director of Business & Partnership Development

After spending 20 years with Apple as an Account Manager in higher education, Robert joins BAI as Director of Business Development. While at Apple he negotiated and closed agreements for hardware and software with over 30 key accounts sustaining 20MM in annual revenue. In this role, he developed key relationships with leadership at major top research universities throughout the Midatlantic region. BAI is delighted to have Robert onboard to develop business relationships and support BAI’s mission of meeting the critical RMF training need that currently exists.

Lindsey Morrell

Director of Digital Marketing

Lindsey Morrell is the official BAI social media marketer. By utilizing strategic digital marketing efforts she specializes in opening communication channels with influential RMF professionals. Lindsey wholeheartedly believes in the power of social selling and digital marketing. She enjoys reading, cooking, DIY projects, and is passionate about health and fitness.

Linda Gross (CISM, RDRP)

Lead RMF Instructor

Linda is a trainer with BAI and brings many years of experience in the Information Security field from her former work as a government employee. She retired in July 2015 after 40 years of civilian service at the Rock Island Arsenal.

During her government career, she worked as a Computer Programmer, Computer Specialist, Data Base Manager, and Systems Analyst. In 2000, she assumed the position of Information Assurance Manager for the Tank-Automotive Command, RIA. She spent her final year teaching Risk Management Framework (RMF) to System owners/POCs and Information Assurance personnel within her command. In 2009, she received a Special Act Award for leading the certification and accreditation effort on an Inventory Accountability system used by multiple Army and Air Force organizations. She graduated from the USDA Executive Leadership Program in 2004 and obtained her professional Certification in Information Security Management (CISM) from the ISACA IT Governance Institute in February 2010.

William Alan Matthey II (FITSP-M, CISSP/CAP/CCSP, CISM, MCSE/MCT, RDRP)

RMF & IT Certification Instructor

William has been delivering security training and consulting for over 35 years. With a formidable skill set that includes management and technical skills, he is currently working on projects worldwide to develop and manage secure Enterprise solutions utilizing Windows 10 & Server 2016 Technologies. Having worked for the Department of Defense (DOD) and the Department of State (DOS) he has been delivering security training and consulting services for the US government Worldwide. He currently does a lot of training in support of DOD 8140 and the RMF Transition around the globe. As a presenter at CACI, Tech Ed, Deep Diver Master Class and Cyber Crimes Roadshows he continues working as a Global Security Evangelist.

James Blake (CISSP/CAP, CRISC/CISA, RDRP)

RMF Instructor

James (Jim) Blake is a business-focused IT Risk Management and Compliance Consultant and trainer. Jim has served in a variety of information technology and infrastructure related consulting roles since 1998 after retiring from the U.S. Air Force and holds the Certified Information Systems Security Professional (CISSP) and Certified Authorization Professional (CAP) certifications from the International Information Systems Security Certification Consortium ((ISC)2). He also holds the Certified in Risk and Information System Control (CRISC) and Certified Information Systems Auditor (CISA) certifications from ISACA.

He is deeply skilled in Cyber Security, IT Compliance, and Risk Management program areas. He has been providing training classes covering the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) for U.S. federal government civilian and Department of Defense (DoD) clients. He also has provided training in the IT Audit and Compliance arena. Jim has a Master of Science in Social and Applied Economics from Wright State University and a Bachelor of Science in Electrical Engineering from Old Dominion University.

Ernest Smith (CISSP, PMP, RDRP)

RMF Instructor & Consultant

Ernest Smith is a 21 year retired Army veteran spending most of his career in the 82nd Airborne Division as a Paratrooper. Ernest has served as a security control assessor working side by side with Authorizing Officials and Designated Authorizing Officials giving him a unique perspective on how the RMF is implemented. Ernest is a RMF practitioner implementing RMF methodologies for a number of different communities to include the DoD, Intel Community, Private Hospitals, the automotive industry, and a host of government contracting companies helping them comply with RMF standards before they sell products the DoD and Intel Community. Ernest uses all of this RMF relevant experience to give RMF students the most comprehensive RMF training sessions.

Alphonso M. Brown (MBA, MIS, CISSP, NQV3)

RMF Instructor & Consultant

Alphonso M. Brown is a 17-year active Navy Reservist and 13-year cybersecurity professional with a record of success in information security, risk management, and life cycle management. He possesses experience in multiple disciplines of cybersecurity and information systems management. His experience supporting both the private sector and DoD has provided him with a broad knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.
Alphonso currently supports the Space and Naval Warfare Systems Command (SPAWAR), Program Executive Office for Command, Control, Communications, Computers and Intelligence (PEO C4I), Shore and Expeditionary Integration Program Office (PMW 790).  It is his responsibility to ensure information assurance controls (IAC) and network security policies are enforced in the systems that make up the outermost layers of the Navy’s Defense-in-Depth (DiD) to include screening, analysis, and protective services for the navy networks across the globe. This is accomplished by facilitating the development of documentation in support of DoD RMF/DIACAP accreditations, performing vulnerability management activities, and overseeing the creation and submission of DoD (RMF/DIACAP) packages across multiple Programs of Record (PORs).

Leighton Johnson, CISA, CISM, CISSP-ISSEP, CAP, RDRP, CRISC

Security Controls Assessor (SCA) Workshop Instructor

Leighton Johnson, the CTO of ISFMT (Information Security Forensics Management Team), a provider of computer security & forensics consulting and certification training, has presented computer security, cyber security and forensics lectures, conference presentations and seminars all across the United States, Asia and Europe. He is also the founder and CEO of Chimera Security, a research and development company delving into the realms of cryptography, mobile technology and cloud computing to create better and more secure solutions for today’s advanced users and providers. He has over 40 years’ experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, incident response & forensics investigations,  software system development life cycle focused on testing of systems, systems engineering and integration activities, database administration and cyber defense & offense activities. He retains many professional security certifications, including CISA, CISM, CISSP-ISSEP, CAP, RDRP and CRISC and has taught certification, risk management, forensics and auditing courses all around the world over the past 15 years. He wrote “Security Controls Evaluation, Testing, and Assessment Handbook” book published December 2015 by Syngress Press. He has conducted incident response and digital forensics investigations for both public and private clients for the past 20 years. He has also contributed a bi-monthly column to the ISACA online Journal on Incident Response, Risk Management and Forensics continuously since 2009.

Marilyn Fritz (CISSP, CISA, PMP, ITIL-F

Instructor/Instructional Designer

Marilyn Fritz is an information security professional with 35 years of experience in large multi-national corporate environments. She has expertise in conducting compliance, regulatory, and assurance assessments based on industry standards such as HIPAA, ISO 27001 and PCI DSS. Her expertise also includes the NIST Cybersecurity Framework (CSF), the NIST Risk Management Framework (RMF), the U. S. Department of Defense (DoD) Defense Information Assurance Certification and Accreditation Process (DIACAP), and the NIST risk management approach to information security continuous monitoring. She has information security controls expertise in NIST SP 800-53, NERC CIP, HIPAA, PCI DSS, and ISO 27001, and has worked extensively with CMMI metrics.
Marilyn is a seasoned veteran in leading cross-functional teams, portfolio and project management, as well as performance improvement and instructional design initiatives. She has also created security policies, standards, and procedures, and is an expert trainer and facilitator. Her education includes doctoral work at Harvard University, a Master’s degree from Columbia University, and Bachelor’s degrees from Rutgers University and Memorial University of Newfoundland.