Kysan Simms Email & Phone Number

Crystal City, VA

• Identifies and documents all vulnerabilities requiring awareness or action by VM Program personnel, JSP enterprise, and Subscribers, and ensures close coordination with all entities having vulnerability identification.
• Maintains awareness of network and host scanning efforts, and verifies that scan data meets all VM Program requirements and objectives, including but not limited to DoD and USCYBERCOM guidance.
• Analyses vulnerability assessment results, including but not limited to analyzing network and host vulnerability scan data; identifying vulnerable software and misconfigured services; tracking subscriber network.
• Coordinates and communicates with JSP and Subscriber entities, System Owners, System Administrators, Application Developers and other IT support groups to facilitate implementation of all information system security.
• Generates vulnerability trending, analysis, and compliance reports and present results to JSP senior leaders and appropriate governance forums.

Fredericksburg, VA

• Worked directly with the customer to perform cyber risk assessment analysis and risk mitigation plans for combat systems (US Navy).
• Performed analysis of cyber security, intelligence, and IT policy gaps for combat systems (USMC)
• Developed formal deliverables for the customer of requirements, gap analysis, threat analysis, systems engineering, risk assessment, and mitigation for combat systems (USMC).
• Evaluated certification documentation and provide written recommendations for accreditation to government customers (USMC)

Arlington, VA

• Lead and directly participated in activities traditionally associated with the DoD Information Assurance Vulnerability Management (IAVM) program. Was primarily responsible for reviewing Retina and ACAS results.
• Managed, disseminated, interpreted, and tracked compliance with IAVM associated messages including Alerts (IAVA), Bulletins (IAVB), and (IAVT) Technical Bulletins for impact on United States Information Technology.
• Interpreted and analyzed results from periodic vulnerability scans and DISA Security Technical Implementation Guide (STIG) compliance validation activities.
• Ensured engineers were aware of all actionable alerts and notices issued by the US Cyber Command, Defense Information System Agency (DISA) IASE, and/or O&M Agency; collaborated with engineers to develop Plan of Action.
• Maintained awareness of CM changes to all USITA-serviced systems. Assessed all CM changes for security-relevant impacts on security posture and/or compliance reporting guidelines.
• Maintained a complete and accurate identification of all USITA information systems hosted in the Pentagon.

Quantico, VA

• Site lead in the absence of Government personnel for the security of seven Training & Education Command (TECOM) networks.
• Responded to Marine Corps Computer Security Emergency Response Team (CERT) Database (MCD) that related to malicious activity on the network.
• Maintained Cyber compliance throughout TECOM units by ensuring ## units are reporting that status in a timely manner and all security updates are fielded for approximately 485 annual USMC Operational Directives as.
• Coordinated, reviewed, and conducted official monthly Retina vulnerability scans for subordinate TECOM command’s networks as required monthly.
• Provided vulnerability assessments, mitigation strategies, and fixed to obtain an acceptable level of compliance to operate on the MCEN. Tracked weaknesses in POA&M.
• Performed security impact analysis—annually reviews approximately 200 IT Procurement packages and verified the impact of the requested products by ensure the product met the Common Criteria evaluation levels, on.

• Tracks and maintains Information Assurance Vulnerability Alerts (IAVA) released weekly through US Cybercom, as well as determines risk impact on overall systems
• Develops Plan of Action & Milestones (POA&M) within Vulnerability Management System (VMS) to mitigate vulnerabilities affecting production systems
• Provides weekly reports to the Client (Defense Information System Agency (DISA) Anti-Drug Network (ADNET)) informing of new IAVA affecting their systems
• Test and deploy System and Application Patches/Security Technical Implementation Guidance (STIG) across the Client’s classified and unclassified environments consisting of an estimated 350 systems
• Perform monthly Retina vulnerability scans on classified and unclassified environments in an effort to verify that System and Application Patches/STIGs are applied. The results obtained are validated, and disseminated.
• Assist in the development of Connection Approval Process (CAP) packages for the ADNET Client to ensure that all remote sites receive an Authority to Operate (ATO)

• Analyzed vulnerabilities discovered from scans by conducting vulnerability/risk assessments, determining impact and likelihood, overall risk levels, and work with the vendor to provide appropriate risk mitigation.
• Executed preliminary tests to verify approved security requirements, which includes vulnerability scans and lock down procedures using the Retina and Gold Disk test tools
• Worked with developers to conduct manual software testing on Marine Corp systems based on test scripts for the system
• Assisted in effort of ensuring Marine Corp Systems are in compliance with DoD standards by working with developers and reviewing system documentation
• Assisted in the effort developing documentation for Marine Corp weapon systems to ensure the systems receives an ATO
• Developed test plans documenting test cases and test procedures and test reports documenting any issues or discrepancies from the expected outcomes

Master'S Degree, Management Information Systems, General

Bachelor'S Degree, Computer Science