Maxwel Aburam
Glen Burnie,MD
Summary
Results-driven Senior Information System Security Officer with over 7 years of experience in implementing robust security controls and conducting thorough assessments and audits of IT systems. Expertise in developing comprehensive implementation statements and ensuring compliance with federal security policies, standards, and guidelines, particularly those outlined by the National Institute of Standards and Technology (NIST), including SP 800-37, SP 800-53, SP 800-171, and FIPS 199. Proficient in identifying and mitigating vulnerabilities through effective Plans of Action and Milestones, with a strong command of the NIST 800 Series. Possesses valuable knowledge of cloud environments, enhancing security measures across diverse technological landscapes.
Overview
10
10
years of professional experience
Work History
Information System Security Officer
TIAG
01.2022 - Current
- Conduct SA&A kick-off meetings with System Owner (SO), and technical team, to establish deadlines for the SA&A, conduct an initial risk assessment, and begin the framework for the categorization of the information systems through the collection of required documentation based on FIPS 199 and NIST SP 800-60 criteria
- Perform security categorization using NIST SP 800-60 and FIPS 199 and reviewed Privacy Threshold Analysis (PTA), and E-Authentication with system stakeholders
- Support the review of all Cloud Service Provider (CSP) documentation for compliance as well as work with stakeholders until the cloud system documentation meets FedRAMP A&A requirements
- Validate and verify system security requirements definitions and analysis to establish system security designs
- Review assessment and authorization (A&A) documentation, providing feedback on the completeness and compliance of its content
- Assess and mitigate system security threats/risks throughout the program life cycle
- Contribute to the security planning, assessment, risk analysis, risk management, certification, and awareness activities for system and networking operations
- Perform continuous monitoring on various systems and remediate all vulnerabilities as well as closing all open POA&Ms
- Create remediation actions to correct assessment findings, develop supporting POA&M, and update the System Security Plan
Sr. Information System Security Officer
TCOM LP
03.2021 - 01.2022
- Performed security categorization using NIST SP 800-60 and FIPS 199 and reviewed Privacy Threshold Analysis (PTA), and E-Authentication with system stakeholders
- Developed the System Security Plans (SSP), Security Assessment Report (SAR), Plan of Actions and Milestones (POAM), Incident Report Plans, and all other documents referenced in the SSP
- Performed continuous monitoring of various systems, remediating all vulnerabilities, and closing all open POA&Ms.
- Created remediation actions to correct assessment findings, develop supporting POA&M, and update the System Security Plan
- Effectively communicate to stakeholders, detailed information about the schedule, scope, required documentation, security objectives, risks/vulnerabilities, and remediation actions.
- Reviewed test results and provided independent Q&A and validation of results and facilitated plans of action and milestones (POA&M) management.
- Prepared assessment reports documenting the findings and recommendations from the Security and Privacy Control Assessment
- Documented Security and Privacy Control Assessment lessons learned and trend analyses
- Executed, examined, interviewed, and tested procedures in accordance with NIST SP 800-53A Revision 4 and Revision 5
- Ensured cybersecurity policies are adhered to and that required controls are implemented
- Validated respective information system security plans to ensure NIST control requirements are met
- Developed resultant SCA documentation, including but not limited to the Security Assessment Report
- Author recommendations associated with your findings on how to improve the customer’s security posture in accordance with NIST controls
- Prepared for and conduct compliance activities in compliance with Federal Guidelines (NIST 800-53, 800-53A, 800-37, etc) and client requirements
Information System Security Officer
US Census Bureau HQ
02.2019 - 03.2021
- Performed security categorization using NIST SP 800-60 and FIPS 199 and reviewed Privacy Threshold Analysis (PTA), and E-Authentication with system stakeholders
- Developed the System Security Plans (SSP), Security Assessment Report (SAR), Plan of Actions and Milestones (POAM), Incident Report Plans, and all other documents referenced in the SSP
- Review weekly scan reports and work with engineers to create a remediation plan to resolve findings discovered.
- Performed continuous monitoring of various systems and remediated all vulnerabilities as well as closed all open POA&Ms.
- Performed vulnerability management
- Created remediation actions to correct assessment findings, develop supporting POA&M, and update the System Security Plan
- Conducted risk assessment interviews to determine the Security posture of the System; used NIST SP 800-39 and NIST SP 800-30 as a guideline to identify system threats, vulnerabilities, and impact level
- Validated system requirements, security policies and procedures, contingency plans, incident response plans, personnel security, access control mechanisms, and identification and authentication mechanisms
- Ensured the implemented security safeguards were adequate to assure the integrity, availability, and confidentiality of the information being processed, transmitted, or stored consistent with the level of sensitivity of that information
Cyber Security Analyst
NIH
02.2016 - 02.2019
- Supported NIH with the preparation of Security Assessment and Authorization (SA&A) packages for NIH’s information systems to include, including developing security control statements, creating associated artifacts (Initial Risk Assessment, Business Impact Analysis, System Security Plans, PTA/PIA, Configuration Management Plan, Contingency Plans and Tests, etc), managing the POA&M lifecycle, conducting Continuous Monitoring annual assessment audits
- Conducted SA&A kick-off meetings with System Owner (SO), and technical team, to establish deadlines for the SA&A, conduct an initial risk assessment, and begin the framework for the categorization of the information systems through the collection of required documentation based on FIPS 199 and NIST SP 800-60 criteria
- Supported the review of all Cloud Service Provider (CSP) documentation for compliance as well as worked with stakeholders until the cloud system documentation meets FedRAMP A&A requirements
- Reviewed Nessus and WebInspect vulnerability scan results for mitigation actions and assisted the SOs in creating and maintaining POA&Ms for the deficiencies identified in the scan results.
- Managed controls identified as “other than satisfied” in the Plan of Action and Milestone (POA&M)
- Provided Continuous Monitoring activities after authorization to ensure control effectiveness and continuous compliance with the system security requirements by evaluating threats and vulnerabilities through Nessus/WebInspect scan results and worked with the NIH IT staff for mitigation actions
- During the Continuous Monitoring phase of NIH information systems conduct FISMA-based Security Control Assessments (SCA) and Audits by including interviews, examine and tests; produce assessment reports and recommendations following NIST 800 53/53A guidelines
Education
Master of Science - Information Assurance
University of Maryland Global Campus
01.2021
Graduate Certificate - Information Assurance
University of Maryland Global Campus
01.2020
Master of Business Administration - undefined
Bowie State University
01.2018
Skills
- CompTIA Advanced Security Practitioner (CASP) Active
- Certified Information System Manager (CISM) Active
- Microsoft Certified: Security, Compliance and Identity Fundamentals – Active
- Certified Information Systems Auditor (CISA) Active
- Certified Cloud Security Professional (CCSP In- Progress)
- Enterprise GRC / Security Compliance: NIH Security Authorization Tool (NSAT), CSAM, RMPS, eMASS, Xacta, Jira, Snow
- Vulnerability Assessment Tools: Tenable Nessus, Web Inspect
- Cloud Services and Security: FedRAMP, IaaS, SaaS, PaaS
- Virtualization: VMware
Timeline
Information System Security Officer
TIAG
01.2022 - Current
Sr. Information System Security Officer
TCOM LP
03.2021 - 01.2022
Information System Security Officer
US Census Bureau HQ
02.2019 - 03.2021
Cyber Security Analyst
NIH
02.2016 - 02.2019
Graduate Certificate - Information Assurance
University of Maryland Global Campus
Master of Business Administration - undefined
Bowie State University
Master of Science - Information Assurance
University of Maryland Global Campus
Similar Profiles
Olivier ZORTEAOlivier ZORTEA
operateur at TIAGoperateur at TIAG
Jeffrey S. Hahn, ITIL, CASP Ce, Security+ CeJeffrey S. Hahn, ITIL, CASP Ce, Security+ Ce
ISSE, Information Systems Security Engineer at TIAGISSE, Information Systems Security Engineer at TIAG
Cynthia IvyCynthia Ivy
Senior Software Test Engineer at General Dynamics Information Technology IncSenior Software Test Engineer at General Dynamics Information Technology Inc
Joseph BregenhornJoseph Bregenhorn
Design Consultant at West Shore HomeDesign Consultant at West Shore Home
Kyleen PlumleyKyleen Plumley
Front Desk Medical Receptionist at Endocentre Of BaltimoreFront Desk Medical Receptionist at Endocentre Of Baltimore