TSI Employee Spotlight: John Bermingham

John Bermingham joined the team in 2020 as TSI’s resident cybersecurity and compliance expert. Throughout his twenty-five years in the IT and cybersecurity industry as a US Airman and later on as a contractor, John has worked with a wide variety of government agencies and companies to include ACS Defense Inc., Lockheed Martin Corp., Northrop Grumman Corp., and several Federally Funded Research and Development Centers (FFRDCs).

We connected with John to learn more about him and what he brings to the TSI team.

1. Tell us what inspired you to get into the IT compliance and cyber-security industry? Where there any events that lead you to that point?

My initial brush with compliance was while working in the Office of Inspector General at the Electronic Systems Center (ESC) in 1999.  The “Y2K” issue was brewing and I was asked to join a team that assessed ESC’s progress of preparing the network by installing patches to systems.  This impressed upon me how important computers and networks were becoming to the mission and piqued my interest.

2. You’re a 20-year veteran of the USAF; what were some of the most important things that you learned throughout your time in the service?

The Core Values of the United States Air Force:  Integrity first, Service before self, and Excellence in all that we do!  I believe these values are critical components to the stability and growth of any organization and are important to me as an individual.

3. To add to the previous question, what are some of the biggest industry changes or developments you’ve identified over the last 20 + years

We have seen many advances of course, but I would say the most consequential have been in the areas of network-perimeter security, malware detection, and Multi-Factor Authentication.  Two decades ago, network perimeter devices, while improving, were comparatively basic gatekeepers and not very sophisticated.  Today, next-generation firewalls combine the functionality of their predecessors with advanced functions such as deep packet inspection, TLS/SSL encrypted traffic inspection, intrusion prevention, website filtering, and many other features; all working in concert protect the perimeter.

Malware protection has leaped light years from the first antivirus program call “Reaper,” which develop in response to “Creeper,” the first know computer virus, that was detected on ARPANET, the predecessor to the Internet.  Modern versions have moved beyond alerting to signatures of known malware to behavior and AI based detection which alerts to and quarantines unusual or suspect files and code.  Additionally, these detection capabilities are deployed across network devices and computer systems, providing robust detection and protection against malware.

Finally, the advent and implementation of Multi-Factor Authentication (MFA) has been a significant improvement over using just passwords for authentication.  While not perfect, Microsoft asserts that according to its studies, that one’s account is 99% less likely to be compromised if MFA is implemented.

4. Where do you see the IT compliance and cyber-security going in the next few years?

Compliance mandates continue to proliferate globally and in the United States.  We should expect to see industry react in several ways to this, however, at some point we are likely to see specialized versions of operating systems, devices and software pre-configured out of the box to be compliant with various sets of common controls from across different compliance frameworks.  We will likely see this at some future point at which compliance requirements become so ubiquitous that an economy of scale is reached.

Zero Trust Architecture is quickly being adopted.  Its growth is largely predicated on two factors.  The first is the capability to move resources to the cloud with confidence that data will be safe residing there; and the second being MFA, which provides that confidence. In general, the concept of zero trust is that “the network” is not considered secure and that all resources must be protected at a more granular level.  This includes devices, applications and endpoint. Beyond the cloud this architecture can be integration with traditional on-premise networks and resources.

5. You’ve been with TSI for just under 6 months now; What drove your decision to work at TSI? What do you like most about your experience thus far?

TSI is a growing company with a vision to help SMBs become more secure, which helps our country become more secure.  This is especially true regarding Defense Industrial Base (DIB) contractors and the relatively new Cybersecurity Certification Maturity Model (CCMC) requirements that DoD requires of them.

Leadership at TSI has a sincere passion for the mission and the TSI family.  I sensed this during my initial conversation with Chis and Brian, and this has not changed.

6. How do you gauge success? What is your favorite part of working within the SMB space?

Working within the MSP space, success can only be gauged by client satisfaction, and it bring me great joy to be able to helps our clients.

7. What are some of your hobbies outside of work?

Hiking, biking, racquetball and reading.

8. What’s your favorite food?

My wife’s.

9. What is your favorite quote and why?

Luck is where preparation meets opportunity.  Because it is true.

10. What celebrity or historical figure- past or present- would you like to meet over a cup of coffee and why?

Ronald Regan.  He is one of my heroes and played a major role in freeing millions of people, providing them an opportunity for a better life.

11. What is something that most people don’t know about you?

That is a secret.