Maxwell Achu Mofor
Bowie,Maryland
Summary
Results-driven cybersecurity professional with 7+ years of experience in assessing, managing, and securing IT systems and infrastructures. Expertise in risk management, compliance, vulnerability assessments, and implementing security controls to protect organizations from cyber threats. Adept at developing, reviewing, and enforcing cybersecurity policies and procedures to meet regulatory compliance requirements. Proven track record in managing enterprise-wide security frameworks and performing detailed risk analyses for multiple industries.
Overview
8
8
years of professional experience
Work History
Security Control Assessor
COGNOSANTE
Virginia
04.2022 - Current
- Conducted comprehensive security assessments for federal clients, identifying control deficiencies and recommending corrective actions based on NIST SP 800 rev 5
- Managed end-to-end Assessment & Authorization (A&A) activities, ensuring that systems met FISMA, FedRAMP, and other regulatory requirements
- Collaborated with system owners, ISSOs, and developers to review security documentation, including System Security Plans (SSPs), Plan of Actions & Milestones (POA&Ms), and Security Assessment Reports (SARs)
- Performed continuous monitoring (ConMon) assessments to ensure security controls remained effective and compliant throughout the system's lifecycle
- Evaluated third-party vendor risk assessments, ensuring adherence to security policies and mitigating potential threats
- Scheduled assessment meetings to facilitate and enhance the assessment process
- Led vulnerability scanning using tools like Nessus, OpenVAS, and Qualys to identify and remediate critical security vulnerabilities
- Create the security assessment report for systems documenting the failed controls and tracking control remediation
- Participated in penetration testing activities, documenting findings and working with teams to implement mitigation strategies
- Provided subject matter expertise during security audits and reviews, leading efforts to address audit findings in a timely manner
- Conducted risk analysis and security control evaluations to determine system impact levels and security posture
- Facilitated security awareness and training programs for system users and technical staff, enhancing the organization’s security culture
- Developed and maintained security policies, procedures, and guidelines to ensure compliance with federal security standards
- Coordinated incident response efforts, documenting security incidents and performing root-cause analysis to prevent future occurrences
- Plan and conduct security authorization reviews and assurance case development for the initial installation of systems and networks
- Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network
- Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations
- Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers)
- Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials)
- Verify and update security documentation reflecting the application/system security design features
- Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary
- Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals
Cyber Security Control Assessor/ISSO
Cornerstone Defense
Washington DC
03.2020 - 04.2022
- Assessed the effectiveness of security controls across multiple information systems, ensuring compliance with NIST RMF, FISMA, and other applicable federal regulations
- Reviewed and analyzed vulnerability assessments, security documentation, and evidence to identify weaknesses in the security posture of client systems
- Led the preparation and execution of security control assessments (SCA) for federal information systems, ensuring timely and accurate evaluations
- Demonstrated experience developing risk assessment reports based on review of security plans and interviews with developer/customer assess systems against information assurance policies, regulations and instructions
- Demonstrated experience providing threat analysis based on identified security vulnerabilities
- Developed and documented security evaluation test plans and procedures
- Demonstrated experience testing security architectures of cloud-based systems and applications, identifying vulnerabilities and providing security remediation
- 2+ years of technical related experience
- Required Skills: Collaborated with stakeholders to develop detailed Security Assessment Reports (SARs) and recommend security improvements
- Conducted continuous monitoring of authorized systems, ensuring controls remained effective and reporting any changes to system risk levels
- Utilized security tools such as Nessus, Splunk, and SIEM platforms to monitor for potential security incidents and respond to identified threats
- Provided advisory support for system categorization, risk assessment, and compliance efforts based on the Risk Management Framework (RMF)
- Supported the remediation of audit findings by providing detailed analysis and recommendations for improving the security posture
- Worked with system owners to develop and track Plan of Action & Milestones (POA&M) to ensure timely remediation of vulnerabilities
- Conducted periodic security awareness training and delivered presentations to improve staff understanding of cybersecurity threats and mitigation techniques
- Developed system-specific security policies and procedures to ensure alignment with organizational objectives and federal guidelines
- Led efforts in preparing systems for external audits, ensuring all security documentation and controls were in compliance with federal standards
Information System Security Officer (ISSO)
Cyber centurion
10.2016 - 03.2020
- Acted as the primary security point of contact for multiple information systems, overseeing the implementation of security controls in alignment with NIST SP 800-53
- Managed system security plans (SSP), ensuring accurate documentation of system security architecture and control implementations
- Provided leadership in the development and execution of the Assessment & Authorization (A&A) process for new and existing systems
- Conducted regular risk assessments to identify potential vulnerabilities and develop mitigation strategies
- Reviewed security audit logs, conducting forensic analysis where necessary, and coordinated incident response efforts to resolve security incidents
- Worked with system administrators and engineers to ensure the secure configuration of operating systems, applications, and network devices
- Monitored system compliance with federal security standards such as FISMA, HIPAA, and FedRAMP, ensuring systems were consistently maintained and updated
- Developed and updated security policies, guidelines, and procedures in alignment with industry best practices and organizational needs
- Managed user access controls, performing periodic reviews to ensure least privilege and role-based access controls were enforced
- Coordinated with auditors and external assessors during security audits, providing documentation and supporting evidence as needed
- Delivered security briefings and training to system users, reinforcing the importance of adhering to security policies and best practices
- Implemented security patches and system updates, ensuring timely remediation of vulnerabilities in accordance with organizational SLAs
- Worked closely with the IT department to establish disaster recovery and business continuity plans, ensuring systems could recover quickly from outages or attacks
- Collaborated in compliance and vulnerability scanning using tools like (XACTA, RedSeal, Nessus, Splunk, McAfee ePO, and/or other vulnerability scanners)
- Strong understanding of the Assessment and Authorization (A&A) process
- Excellent oral and technical writing skills
Education
Bachelor’s Degree - Cybersecurity
Skills
- Risk Management Framework (RMF)
- Cybersecurity Assessment & Authorization (A&A)
- NIST SP 800-53 & 800-37 Compliance
- FISMA, FedRAMP, and HIPAA Compliance
- Vulnerability Management & Penetration Testing
- Information Security Risk Assessments
- Security Control Assessment (SCA)
- Incident Response & Disaster Recovery
- Continuous Monitoring (ConMon)
- Security Awareness Training
- Access Control Management
- Security Auditing and Reporting
- Policy Development & Governance
- Cloud Security (AWS, Azure)
- Endpoint Security & Encryption
- NIST Special Publications
- FISMA Compliance
- FedRAMP
- System Security Plan (SSP) Review
- Plan of Action & Milestones (POA&M)
- Vulnerability Scanning & Management
- Security Information and Event Management (SIEM)
- Penetration Testing & Assessment
- Security Frameworks
Educationandcertifications
- Bachelor’s Degree in Cybersecurity
- CompTIA Security Plus
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
Timeline
Security Control Assessor
COGNOSANTE
04.2022 - Current
Cyber Security Control Assessor/ISSO
Cornerstone Defense
03.2020 - 04.2022
Information System Security Officer (ISSO)
Cyber centurion
10.2016 - 03.2020