Security Project
Resume:
Resume: Brad Moldenhauer, CISSP, CISA, PMP
Page 1 B ***.***********@********.***
Brad Moldenhauer, CISSP, CISA, PMP
Alexandria, VA 22304
Phone: 703-***-****
E-mail: ********@*****.***
Experience
Di rector Data Security & P r ivacy (April 2010-Pres.)
MAXIMUS (Reston, VA)
Provides MAXIMUS Federal segment senior management in the areas of cyber security risk
management, compliance, disaster recovery, auditing, and other facets of information assurance.
Responsible for establishing an effective continuous monitoring capability for all federal contracts.
T his methodology provides all federal projects with a continuous r isk assessment facility that includes
activities in the areas of ongoing security control testing, configuration management monitoring,
security impact analyses, and status reporting. Ensuring all federal projects are in compliance with
F ISMA, H IPAA, and other legislative and agency-specific policy requirements in the areas of data
security and privacy is always a high-level goal. Other responsibilities included:
• Oversaw a network of security officers and vendors who safeguard the company's assets,
i ntellectual property and computer systems, as well as the physical safety of employees and
v isitors.
• Identified protection goals, objectives and metrics consistent with corporate strategic plan.
• Managed the development and implementation of global security policy, standards, guidelines
and procedures to ensure ongoing maintenance of security. Physical protection responsibilities
i nclude asset protection, workplace violence prevention, access control systems, and v ideo
surveillance. Information protection responsibilities include network security a rchitecture,
network access and monitoring policies, and employee education and awareness.
• Composition of all data security and privacy sections of any proposals in relation to federal
RFIs and RFPs.
• Collaborated with other executives to prioritize security initiatives and spending based on
appropriate risk management and/or financial methodology.
• Maintained relationships with local, state and federal law enforcement and other related
government agencies.
• Oversaw i ncident response planning as well as the investigation of security breaches, and
assist with disciplinary and legal matters associated with such breaches as necessary.
• Worked with outside consultants as appropriate for independent security audits.
I nformation Assurance M anager (April 2007-April 2010)
eManagement (Silver Spring, MD)
Performed as a senior team lead by providing IA solutions to a government agency within the civil
sector. Leads the integration of security practices and principles by applying security in creative ways
Resume: Brad Moldenhauer, CISSP, CISA, PMP
to meet mission-oriented client needs. Performs various project-oriented roles as needed, including
t ask management, security requirements analysis, security architecture development, documentation
development in support of certification and accreditation activities, FISMA reporting, and
i mplementation support. Provides input to staff development, continuous security monitoring metrics,
and strategic planning. Assists with the continuing growth of the team by identifying and developing
new converged security capabilities and security control augmentation. Develops related intellectual
capital, including whitepapers and presentations focused on the civil agencies and the security market.
O ther responsibilities include leading an assessment team comprised of penetration testers and
compliance analysts on independent assessments of remote field sites across the country for a federal
client. Was a key member in the development of CMMI level process areas and these efforts resulted in
t he corporate office receiving a CMMI Level 2 certification
I nformation Security Lead/Engineer (April 2005-March 2007)
CACI(Arlington, VA)
Manager of a team of security engineers for an Information Systems Security division of a Federal law
enforcement agency. Engineers all Certification and Accreditation (C&A) documentation (NIST SP
800-18, SP 800-34, and SP 800-30). Serves as senior advisor in terms of interpreting National Level
Security Policy, i.e., DITSCAP, FISMA, NIST, DCID etc. Designed work breakdown structures for
Security staff based upon differing project requirements to ensure timely delivery. Involved in
Department of State programs which center on HSPD 12, HSPD 7, and FIPS 199 & 200 compliance. I
a lso assisted external auditing agencies with OMB Circular A-123 auditing of the clients C&A efforts.
Working within a centralized Technology Office specializing in Operations, served as the project
manager of the agency’s Certification and Accreditation (C&A) initiative of all GOTS & COTS
applications and networks. This responsibility encompassed ensuring all application servers and
network components were configured to Department baselines. I composed all subsequent System
Security Planning, IT Contingency Planning, Privacy Impact Assessments, and Risk Assessments for
t hese applications and networks. I was also able to integrate any new NIST SP guidance and FIPS
standards into the current C&A process as it was mandated by the Office of Management and Budget
(OMB). This process also mandated quarterly vulnerability assessments, which I conducted with an
a rray of differing tools. I also conducted internal audits of the office's SDLC controls, OS
configurations, router ACLs, firewall rule sets, Oracle schemas, and user profiles. I t was also another
major duty to conduct site audits for the customer’s local annexes and remote field offices. I also
designed the checklists used for these audits, which have since become the division standard for all
postliminary audits. Other duties included that as the primary antivirus custodian for all major
networks, including two WANS. Also served as a key member of the Incident Response team where I
responded to primarily virus incidents and information decontamination incidents. Other operational
duties included serving as an alternate Information System Security Officer. In this capacity I was
responsible for answering questions and making decisions based upon high-level technical policy,
approved software/hardware, and enforcing access management policy. Exchange and Active directory
administration and analysis were other operational responsibilities.
I nformation Security Analyst (April 2003-April 2005)
Page 3 B ***.***********@********.***
Resume: Brad Moldenhauer, CISSP, CISA, PMP
STG Inc.(Arlington, VA)
Hired as a consultant for a Software branch within a centralized IT office in a Federal law enforcement
agency. Primary responsibility was preparing all GOTS and COTS applications for Certification and
Accreditation (C&A). This was primarily an Oracle and J2EE environment. This entailed ensuring
secure application server configurations through vulnerability assessments and quality assurance
testing of applications prior to certification by the Designated Accrediting Authority (DAA). I prepared
a ll System Security Plans, IT Contingency Plans, Privacy Impact Assessments, and internal Risk
Assessments for all applications. During the two years of employment here the customer recognized
t hat over 30 applications were granted an authority to operate after stringent analysis by the DAA,
w hich culminated in a letter of appreciation from the Assistant Secretary of the agency. I was also
called upon to assist in Business Development opportunities with the corporate headquarters. These
efforts included working on contract proposals for Data Center and Information Security bids. I also
served as the primary data custodian for the customer’s Time and Attendance client/server application
during the beginning of my employment.
Systems Analyst (February 2001-April 2003)
Anteon(Fairfax, VA)
• Worked on the technical drafting of the System Security Authorization Agreement (SSAA) for
t he Joint Logistics Warfighting Initiative (JLWI), a $15 million project to improve military
readiness by enhancing logistics responsiveness through process improvements to the
requisitioning, distribution, asset visibility and retrograde functions on a national strategic
level system, which was based on the DITSCAP.
• Duties on this project revolved around system administration for all team members, which
i ncluded t roubleshooting desktop issues, software installations, and pc configurations.
• Drafted many SOPs and Q&A documents that were germane to the project.
• Assisted in the composition of system requirements specifications.
• Served primary data custodian for the project web site.
Education
George Mason University
MA Telecommunications Management, 2004
Old Dominion University
BS Communications Theory & Research, 2000
Professional Certifications
I SC - Certified Information Systems Security Professional (CISSP)
I SACA – Certified Information Systems Auditor (CISA)
I SACA – Certified in the Governance of Enterprise IT (CGEIT)
P MI – Project Management Professional (PMP)
SANS – GIAC Security Essentials Certification (GSEC)
Page 4-703-***-****
Resume: Brad Moldenhauer, CISSP, CISA, PMP
SANS – GIAC System and Network Auditor (GSNA)
E XIN – IT I L Foundations Certification
NSA – Infosec Assessment Methodology/Infosec Evaluation Methodology (NSA IAM/IEM)
SonicWALL – Certified SonicWALL Security Administrator (CSSA)
Clearances
Public Trust – granted by OPM 6/2010 (Active)
TS/SSBI – granted by DSS 11/2005 (Inactive)
TS/SCI – indoctrinated by Department of State 1/2006 (Inactive)
Q Clearance – granted by Department of Energy 4/2007 (Inactive)
Page 5 B ***.***********@********.***
Contact this candidate