IT Specialist (InfoSec)
Resume:
Sec+. CAP. CGRC. IT Security. Cybersecurity. Change Management. Risk Management. Cross-functional. Vulnerability Management. Information Security. InfoSec. Security Assessment. Angela Bui, MBA, SEC+, CGRC
CAREER SUMMARY
Ms. Bui is an experienced IT Cybersecurity Specialist with 8+ years in the IT field, specializing in cybersecurity practices and project management. She is a self-starter with strong communication, collaboration, and cross-functional teamwork skills, with the ability to manage complex tasks and deliver results. She is well-versed in Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology (NIST), and Office of Management and Budget (OMB) mandates/requirements, with a solid understanding of Security Authorization and Assessment (SA&A), Governance, Risk, and Compliance (GRC), vulnerability management, and incident response. Ms. Bui has a proven track record of driving projects forward and ensuring security compliance in dynamic environments. EDUCATION & CERTIFICATIONS
Master of Business Administration James Madison University Dec 2015 Bachelor of Science in Business Administration University of Mary Washington May 2013 Google Project Management: Professional Certificate Coursera March 2025 Palo Alto Networks Cybersecurity Professional Certificate Coursera February 2025 Management Essentials Harvard Business School Online August 2023 Power and Influence for Positive Impact Harvard Business School Online June 2023 ISC2 Cybersecurity Governance, Risk, and Compliance (CGRC) April 2022 CompTIA Security+ Certification (SY0-601) May 2021 Information Systems Security (INFOSEC) Professionals (NSTISSI No. 4011) Dec 2015 SECURITY CLEARANCE
Secret – Active (Tier 5 – Issued August 2020)
PROFESSIONAL EXPERIENCE
IT Specialist (InfoSec), United States Agency for International Development (USAID) Aug 2024 – Present
• Manages and oversees the migration of 11 agency systems (ranging from an HR system to partnership systems to a GIS, etc.) from a Legacy Azure subscription to the new subscription
• Facilitates and runs daily working sessions with 30+ attendees; coordinating with subject matter experts
(SMEs) from 11 application teams, two firewall teams and the network team, the Akamai and DNS teams, etc.
• Tracks, routes and expedites 400 ServiceNow service request tickets to ensure changes are implemented in a timely manner by the proper team(s)
• Administers information technology (IT) principles, methods, and security products to protect and maintain the availability, integrity, confidentiality, and accountability of information system resources
• Identifies threats and vulnerabilities of the Agency’s 1,600 computer system(s) and tracks timely remediations of vulnerabilities before they become Plans of Action and Milestones (POA&Ms)
• Addresses Plans of Action and Milestones (POA&Ms) vulnerabilities identified in system security plans and vulnerability scans with the necessary system ISSO/SO and application team(s)
• Documents findings and communicates recommendations based on the vulnerability assessment, security assessment, and security plans
• Promotes awareness of security issues among management, ensuring sound security principles are reflected in organizations’ visions and goal
• Identifies rogue and unapproved software/applications on the Agency’s 1,600 Government Furnished Equipment (GFEs) utilizing security reports/tools (e.g. Tanium and ServiceNow) and submitting for removal from said devices
• Validates that configuration changes follow the Agency process appropriately by reviewing Net LineDancer reports with tool SMEs
IT Project Manager, USAID OIG Aug 2023 – Aug 2024
• Managed and oversaw OIG’s IT Modernization effort (going from on-premises to a hybrid solution) that impacted OIG’s 400+ users
• Facilitated and ran daily update meetings of 20+ staffers between OIG IT and vendor (Microsoft) support staff
• Communicated relevant information to those affected by the associated projects in collaboration with internal and external stakeholders when necessary
• Oversaw and monitored project activities, resources, and contractor progress to mitigate risk DC Metro Area **********@*******.*** 804-***-**** www.linkedin.com/in/angelambui Sec+. CAP. CGRC. IT Security. Cybersecurity. Change Management. Risk Management. Cross-functional. Vulnerability Management. Information Security. InfoSec. Security Assessment.
• Provided information technology expertise and guidance to enable the organization to perform its mission
• Ensured that the reliability, maintainability, cyber security, and related factors are incorporated throughout the project lifecycle in compliance with established policies, procedures, and standards
• Performed enterprise or program management duties as required, while being responsible for customer relationship building and problem resolution management
• Provided day-to-day support across M/CIO and OIG/M staff (totaling 10+ teams) for a variety of Information Technology (IT) projects, systems, and programs and assisting in the overall planning, direction, and execution of tasks
• Met with management, user personnel, and others across organizational lines (totaling 30+ staff/users) as needed to discuss issues surrounding projects
IT Specialist (INFOSEC), USAID Aug 2020 – Aug 2023
• Prepared, reviewed, and presented weekly Cyber Security Threat Brief for M/CIO senior leadership, including the CIO, CISO, and Branch Chiefs, covering key topics such as significant cybersecurity incidents within the Agency, CISA's Weekly Cyber Hygiene Report, exposure to Known Exploited Vulnerabilities (KEV), and other relevant issues as required
• Served as Agency’s programmatic and technical liaison for CISA for Binding Operational Directives (BODs), Cyber Coordination and Action Responses (C-CARs), and Emergency Directives (EDs), as well as Cyber Hygiene
(CyHy) program and CISA’s HVA (High Value Assest) assessments
• Ensured the Agency’s three HVA systems were compliant with DHS’ regulations and reportings, per DHS BODs
• Implemented and managed USAID’s Vulnerability Disclosure Policy ensuring researchers’ reports are acknowledged and addressed in a timely manner, per USAID VDP Policy, for the Agency’s 35 systems under scope
• Reformed and enhanced Agency’s Incident Response Plan (IRP) documentation creation, review, and approval process of the Agency’s 95 systems to ensure Agency Computer Security Incident Response Team (CSIRT) has adequate information to address system incidents should they occur
• Analyzed, maintained and enhanced policies, processes, procedures, and tools to ensure appropriate lnfoSec best practices are implemented within IT systems at the agency
• Planned, scheduled, and conducted evaluations of project operations, procedures, and organizational structures, identifying problems or deficiencies and recommending ways to improve the effectiveness and efficiency of operations in a program or support setting
• Assisted in planning, directing and coordinating the implementation and execution of approved policies, programs, and services related to Information technology (IT) systems; as well as reviewed, evaluated, documented and reported recommendations for possible improvements and upgrades, as applicable Information Systems Security Officer (/Deputy PM), MindPoint Group, LLC Jan 2019 – Jul 2020
• Assisted contract project manager by overseeing a contract staff of 10 Information System Security Officers
(ISSOs) to ensure they met the contract requirements of 11 different system task orders under the Blank Purchase Agreement (BPA) umbrella
• Monitored and tracked the status of Authority to Operate (ATO) documentation for 40 USAID systems to ensure no system lapsed on its required documents and received a ‘finding’
• Ensured systems are operating and maintained in accordance with federally mandated lnfoSec laws, regulations, policies, and procedures; such as NIST, OMB, and DHS requirements
• Developed and prepared required system documentation including, but not limited to: FIPS-199 Security Categorization, System Security Plan (SSP), Privacy Impact Assessment (PIA), Business Impact Analysis (BIA)
• Coordinated activities designed to ensure and protect IT systems, services, and capabilities through the completion of requested deliverables, and controls activities by constantly monitoring, evaluating, and correcting daily, routine, and emerging activities
• Prepared written communications, reports, briefings and background materials for the client’s executive management teams, on a weekly and monthly basis
• Prepared project plans, including estimates of schedule and resources, while overseeing contract administration activities for accuracy, quality, and timely delivery of required contract deliverables
• Assisted in planning, directing and coordinating the implementation and execution of approved programs and services related to Information technology (IT) systems
• Coordinated and managed the overall service provided to a customer end-to-end in order to monitor and provide analysis on gathered feedback on customer satisfaction and performance Sec+. CAP. CGRC. IT Security. Cybersecurity. Change Management. Risk Management. Cross-functional. Vulnerability Management. Information Security. InfoSec. Security Assessment.
• Planned and developed long-range objectives and milestones projects that involve mission-oriented programs, projects, and/or changes to IT infrastructure to meet an agency's requirements Analyst, SIE Consulting Group Feb 2017 – Dec 2018
• Performed technical evaluations of cloud vendor proposals for Schedule 70 Cloud SIN 132-40, ensuring compliance with NIST SP 800-145, and passed 85+ evaluations within 12 months
• Provided guidance to vendors seeking to sell cloud products through GSA Schedule 70 and responded to vendor and sales inquiries from Cloud Service Providers (CSPs) and Federal Agencies via Salesforce
• Led the Cloud Information Center (CIC) project, coordinating with multiple GSA offices to prepare executive briefings and develop a business case for additional funding
• Acted as the primary vendor liaison for the CIC, coordinating with 75+ CSPs to gather materials and manage vendor outreach, reporting progress to management
• Assisted with financial analysis and market research using FPDS data to prepare for upcoming software contract expirations
• Delivered quarterly reports to the Cloud Computing Acquisition Forum, analyzing Cloud SIN 132-40 solicitations, IT spend, and solicitation distribution by agency using GSA eBuy data
• Supported monthly Cloud IaaS webinars for Federal Agency POCs and prepared technical, management, and key personnel sections for various ID/IQs, BPAs, and Sole-Source awards
• Contributed to cloud advisory, IT strategy, and project management services across multiple contracts, ensuring all technical and personnel documentation was up to date Executive Assistant to the President & CEO, Leading Authorities, Inc. Mar 2016 – Feb 2017
• Designed CRM queries to analyze and compare sales and revenue data monthly, quarterly, and yearly
• Managed incoming correspondence, prioritized requests, and followed through on behalf of executives
• Scheduled and organized meetings, including in-person, phone, and video conferences, for internal and external personnel
• Handled confidential information, coordinated travel logistics, and assisted with special projects and expense report compilation
Inside Sales Coordinator, International Communications Group (ICG) Mar 2014 – July 2015
• Generated P&L reports for the $12-15M Commercial Aviation Sales (CAS) and $8-10M Business Aviation Sales
(BAS) divisions by manipulating data in Excel
• Supported the sales team by providing quotes/pricing and processed purchase orders worth approximately
$1M each for aviation supplies
• Coordinated shipments between third parties and ICG, managing production and shipment delays to ensure timely delivery
• Secured travel arrangements for executives and sales team, including flights, hotels, and car rentals, while providing project oversight and coordination
Contact this candidate