Maxwell Aburam
Glen Burnie,MD
Summary
Accomplished Senior Information System Security Officer with over 7 years of experience implementing security controls and conducting IT system assessments and audits. Expertise in developing implementation statements and ensuring compliance with NIST standards, including SP 800-37 and SP 800-53. Skilled in identifying and mitigating vulnerabilities through effective Plans of Action and Milestones, with substantial knowledge of cloud environments to enhance security measures.
Overview
10
10
years of professional experience
Work History
Information System Security Officer
The Informatics Application Group (TIAG)
Reston, Virginia
01.2022 - Current
- Conducted SA&A kick-off meetings with System Owner (SO) and technical team to establish SA&A deadlines, perform initial risk assessment, and initiate information systems categorization framework through collection of documentation based on FIPS 199, NIST SP 800-60, NIST 800-53 Rev 5, and DHS 4300A Policy Directive.
- Perform security categorization using NIST SP 800-60 and FIPS 199 and review Privacy Threshold Analysis (PTA), and E-Authentication with system stakeholders
- Reviewed Cloud Service Provider (CSP) documentation for compliance, collaborating with stakeholders to ensure adherence to FedRAMP A&A requirements.
- Validate and verify system security requirements definitions and analysis to establish system security designs
- Review assessment and authorization (A&A) documentation, providing feedback on the completeness and compliance of its content
- Assess and mitigate system security threats/risks throughout the program life cycle
- Contribute to the security planning, assessment, risk analysis, risk management, certification, and awareness activities for system and networking operations
- Perform continuous monitoring on various systems and remediate all vulnerabilities as well as closing all open POA&Ms
- Created remediation actions to address assessment findings, developed supporting POA&M, and updated System Security Plan.
Sr. Information System Security Officer
TCOM LP
Columbia, MD
03.2021 - 01.2022
- Developed the System Security Plans (SSP), Security Assessment Report (SAR), Plan of Actions and Milestones (POAM), Incident Report Plans, and all other documents referenced in the SSP
- Performed continuous monitoring of various systems, remediating all vulnerabilities, and closing all open POA&Ms.
- Created remediation actions to correct assessment findings, develop supporting POA&M, and update the System Security Plan
- Reviewed test results, provided independent Q&A and validated results, and facilitated management of plans of action and milestones (POA&M).
- Prepared assessment reports detailing findings and recommendations from Security and Privacy Control Assessment to guide remediation efforts.
- Validated respective information system security plans to ensure NIST control requirements are met
- Communicated schedule, scope, required documentation, security objectives, risks, and remediation actions to stakeholders to ensure alignment and understanding.
- Author recommendations associated with your findings on how to improve the customer's security posture in accordance with NIST controls
- Prepared for and conducted compliance activities in compliance with Federal Guidelines (NIST 800-53, 800-53A, 800-37, etc.) and client requirements
- Developed resultant SCA documentation, including but not limited to the Security Assessment Report
- Performed security categorization using NIST SP 800-60 and FIPS 199 and reviewed Privacy Threshold Analysis (PTA), and E-Authentication with system stakeholders
Information System Security Officer
1st American Systems and Services
Suitland, Maryland
02.2019 - 03.2021
- Developed the System Security Plans (SSP), Security Assessment Report (SAR), Plan of Actions and Milestones (POAM), Incident Report Plans, and all other documents referenced in the SSP
- Conducted security categorization using NIST SP 800-60 and FIPS 199; collaborated with system stakeholders to review Privacy Threshold Analysis (PTA) and E-Authentication processes
- Conducted risk assessment interviews to determine the Security posture of the System; used NIST SP 800-39 and NIST SP 800-30 as a guideline to identify system threats, vulnerabilities, and impact level
- Validated system requirements and security policies, ensuring compliance with contingency, incident response, personnel security, access control, and identification and authentication mechanisms
- Ensured the implemented security safeguards were adequate to assure the integrity, availability, and confidentiality of the information being processed, transmitted, or stored consistently with the level of sensitivity of that information
- Monitored various systems continuously and remediated identified vulnerabilities.
- Managed vulnerability assessments to identify security gaps
- Developed and implemented remediation actions to address assessment findings, supported creation of POA&M, and updated System Security Plan accordingly
- Review weekly scan reports and work with engineers to create a remediation plan to resolve findings discovered.
Cyber Security Analyst
Triple Point Security
Bethesda, Maryland
02.2016 - 02.2019
- Supported NIH in preparing Security Assessment and Authorization (SA&A) packages for information systems by developing security control statements, creating artifacts (Initial Risk Assessment, Business Impact Analysis, System Security Plans, PTA/PIA, Configuration Management Plan, Contingency Plans, Tests), managing POA&M lifecycle, and conducting Continuous Monitoring assessment audits.
- Conducted SA&A kick-off meetings with System Owner (SO) and technical team to establish deadlines, perform initial risk assessment, and initiate categorization framework for information systems by collecting required documentation based on FIPS 199 and NIST SP 800-60 criteria.
- Reviewed Nessus and WebInspect vulnerability scan results for mitigation actions and assisted the SOs in creating and maintaining POA&Ms for the deficiencies identified in the scan results.
- Provided Continuous Monitoring activities after authorization to ensure control effectiveness and continuous compliance with the system security requirements by evaluating threats and vulnerabilities through Nessus/WebInspect scan results and worked with the NIH IT staff for mitigation actions
- During the Continuous Monitoring phase of NIH information systems conduct FISMA-based Security Control Assessments (SCA) and Audits by including interviews, examining and testing; produce assessment reports and recommendations following NIST 800 53/53A guidelines
- Managed controls identified as “other than satisfied” in the Plan of Action and Milestone (POA&M)
- Reviewed Cloud Service Provider (CSP) documentation for compliance, collaborating with stakeholders to ensure alignment with FedRAMP A&A requirements.
Education
Master of Science - Information Assurance
University of Maryland Global Campus
Adelphi, MD01-2021
Graduate Certificate - Information Assurance
University of Maryland Global Campus
01-2020
Master of Business Administration -
Bowie State University
01-2018
Skills
- Security Governance Framework
- Risk Management Framework
- Incident Response Management
- Security Risk Assessment
- Compliance Automation
- CompTIA Advanced Security Practitioner (CASP)
- Certified Information System Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Certified Cloud Security Professional (CCSP)
- Cloud Security Architecture
- PaaS
- Vulnerability Assessment Tools
- Tenable Nessus
- Web Inspect
- Virtualization
- VMware
Clearance
Top Secret/SCI Eligible Clearance
Timeline
Information System Security Officer
The Informatics Application Group (TIAG)
01.2022 - Current
Sr. Information System Security Officer
TCOM LP
03.2021 - 01.2022
Information System Security Officer
1st American Systems and Services
02.2019 - 03.2021
Cyber Security Analyst
Triple Point Security
02.2016 - 02.2019
Master of Science - Information Assurance
University of Maryland Global Campus
Graduate Certificate - Information Assurance
University of Maryland Global Campus
Master of Business Administration -
Bowie State University