Threat Intelligence
11/2/2017
05:30 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Mischel Kwon Unplugged

Security Pro File: Kwon talks about her tenure at DOJ and US-CERT, winning a WiFi antenna contest at DEF CON, voice lessons - and her brief stint as an industry 'float princess.'

She was craving a soda, but each time Mischel Kwon aced a logic problem the Computer Learning Center representatives put in front of her, they fed her yet another test question.

"They gave me more and more problems, and all I wanted was to go get a soda," Kwon recalls of her 19-year-old self that day at a Northern Virginia suburban shopping mall in the early 1980s. A CLC rep there had stopped her and asked if she wanted to take one of their tests. "I said, sure, I'll take it," not knowing what it was, recalls the former federal government cybersecurity executive.  

Kwon never got her Coca-Cola that day at the mall, but her high score on the test won her a full scholarship to attend CLC's computer training program, where she ended up graduating at the top of her class. She later landed her first job in technology, as an Assembler programmer for retail giant Woodward & Lothrop, where she wrote code for the very first automated cash-register system in the Washington, DC, area.

Like most pioneers in the security industry, Kwon, the former director of the US-CERT and former deputy CISO at the US Department of Justice, landed in security by chance. But along the way, she says her work in IT in the pre-security industry days was also unknowingly honing her security skills. She worked on IBM mainframes while at Woodward & Lothrop, coding and developing patch management systems for the big iron. "I started at the base of the system and learned everything about it, and the network, too, and that translates to a good understanding of the technology" of security, she says.

"I did security all along the way, and had no idea I was doing security," Kwon recalls. "I was so wrapped up with IT."

It's that epiphany that has helped shape Kwon's view that one of the biggest missteps in IT history was separating IT and IT security into separate departments and sectors. It was mistake, she says, to decouple the two worlds. "Melding of IT and the security operations center is absolutely required. We tore them apart with separation of duties years ago," she says. "But adversaries don't separate duties."

Today's gaps among IT, the SOC, and security teams, basically give the bad guys an edge, Kwon explains. "Security should get its data from the SOC and how they protect the network. These days, it's being based on security controls and compliance, but we need to move to an operational security model."

Filling those gaps is at the heart of the strategy of the security consulting and SOC managed services security company Kwon launched in 2010, MKACyber. "I was wanting to get back to my tech roots and wanting to make a difference," she says of her decision to start the firm, where she serves as president and CEO.

Firsts

Born to a Korean father and an American mother from North Carolina, Kwon grew up in a diverse yet traditional household that emphasized education. In the early 1960's when she was born, it was illegal for her parents to be married in North Carolina. The family later moved around the US for her father's career as a toxicologist.

"As a Korean man, it was never his intention for me to work. I was raised to be a mom and a very traditional woman," she says. "My mom had other ideas, though. She thought I was going to be a singer."

Kwon's parents both were opera singers, and her mom put her in voice lessons mainly to deprogram her native North Carolina accent. "I had a very big southern drawl, and it comes back when I go back to Shelby, North Carolina," my hometown, she says.

Math was always fun for Kwon. Because she grew up before the age of personal computers, she wasn't exposed to coding until later. The closest thing she had to a computer growing up was a Nintendo. "We played Pong," she says. She met her first computer in high school in Fairfax, Va.

After her mainframe stint with the now-defunct Woodward & Lothrop, she realized she needed a college degree to further her career. So Kwon applied for and won a Clare Boothe Luce scholarship, and in 2002, she went back to school to get her undergraduate degree in computer science at Marymount University, and then her Master's Degree in information assurance at George Washington University. At the time she was also a mother of four kids between the ages of 4 and 12. "I was working" then as well as taking classes, she says.

While still a grad student in 2004 doing research on wireless technology and hacking, Kwon got her first real taste of the hacker scene at the DEF CON hacker convention in Las Vegas. She won "Most Innovative" in the WiFi Shootout contest for her handmade antenna made out of a cardboard box. "I read the instructions wrong that you couldn't use any antenna parts," she recalls, so she built it from scratch. "I had it engineered to go one mile," she recalls, and it got close, reaching .8 miles.

Her career was refreshed after getting her Masters. "Security was a big open space that I was just curious about, how to break everything, how to hack into everything, and how to protect everything. I had a big love for wireless."

Source: MKACyber
Source: MKACyber

Kwon's first big security job was as deputy CISO for the Department of Justice, where she built out the Justice Security Operations Center, after an initial gig as director of wireless security for the agency. While that's where Kwon first made a big name for herself in security, it was a lesser-known project she worked on there that she says she's most proud of during her tenure. While performing a penetration test on Motorola's mobile radio system, she and her team "owned the whole system within a couple of hours," she recalls.

Motorola then worked, with the help of Kwon's DOJ team, on re-engineering the radio systems to become secure. "Land mobile radio so strategic for them," she says, and they continued to work with Kwon after she left DOJ to continue locking down that wireless product. "That was the best work I've ever done in the security field," she says.

During her 18-month gig as director of the US-CERT, where in 2008 she was the first woman named to the post as well as the first director with technical expertise, Kwon got a reality-check about the state of security in the federal government: "I was shocked to find out they [civilian agencies] didn't know what attacks were about," she says. "My main mission was to help agencies. There was a large need to educate federal SOCs and give them guidance and information," she recalls.

So she launched so-called Joint Agency Cyber Knowledge Exchange meetings to help spread the word and educate agencies. "They were so popular that there was not a large enough SKIF area for us to hold a secret-level meeting," she says.

While head of the US-CERT was one of her favorite jobs, the politics of the newbie DHS began to wear on Kwon. "The job itself was awesome. But DHS was a political nightmare. It was like running down the hall juggling scissors," Kwon says. "It was a fairly new agency. Mature agencies have decorum, a culture, a way of behaving, sound hiring practices and rules of behavior. DHS was missing all of that."

That made it a difficult culture for success, causing problems with contracts and "unhealthy behavior," as Kwon describes it. "It made it difficult to do any work. I didn't have the patience for that."

She then returned to the private sector as vice president for public sector security solutions at RSA. Kwon quips that that job ended up as more of a "float princess" role where she was paraded out as a former government cybersecurity executive. "It was an interim gig," she says of her one year at RSA.

#MeToo

Like many professional women, Kwon has experienced her share of sexual harassment during her career. "No question: Me, too," she says.

Working long and late hours as a young woman, she says she always "had to worry" about her safety. And there were the questions: Did I get the job because I was a woman? "I hope I got it because I was talented," she says.

Kwon points out that sexual harassment and discrimination are not just a workplace thing. "It's our societal norm."

That's why Kwon says she created the Cybersecurity Diversity Foundation, which offers scholarship funds and promotes corporate commitments to build a more diverse workforce in the industry.

"Not just because I'm a woman, but also because my last name is Kwon and I'm half-Korean," she says of her personal experience. "I definitely found myself not being included, not being heard … and being dismissed," she says.

The good news is that a conversation has begun about implicit biases, she says. "It's not going to be something we can fix overnight," though, Kwon notes.

 

 

PERSONALITY BYTES

Worst day ever at work: Being fired. I worked for Network Solutions when I was 25 and was fired for "participating in office politics."

First Hack: Cell-phone hacking. When I went back to school, I did a lot of breaking things. Phones were pretty open [then].

What Kwon's co-workers don't know about her that would surprise them: That I’m a softie at heart. They figure it out eventually, but most people think that I'm a hard-ass.

Security must-haves: Up-to-date, non-DOS machine.

Business hours: I usually sleep between 2am & 6am, for a total of four hours a night. The rest of the time is working, either in my career or as Mom.

What keeps Kwon up at night: I'm less worried about adversaries. I'm more worried about system owners and businesses not taking care of their systems – not patching, not wiping [when swapping out old systems], and not looking at their architecture to make sure its current for today.

Fun fact: I had a Token Ring network in my house. My father was getting rid of Token Ring at work.

Favorite hangout: My bed at the beach.

Comfort food: Vegan mac and cheese or kimchi and rice.

In her music playlist right now: Beatles, Red Hot Chili Peppers, Rolling Stones, Eagles, Carly Simon, Carole King

Ride: BMW M4 convertible

After Hours: Play with my kids, yoga, play the guitar, spend time at the Outer Banks, NC.

Actress who would play Kwon in film: Catherine Zeta-Jones, specifically from the movie "Zorro" … I wish!

Next career after security: Making biscuits.

 

Hear Mischel Kwon discuss building and running an effective SOC, at Dark Reading's INsecurity conference. See the full agenda here.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Robotdon
50%
50%
Robotdon,
User Rank: Apprentice
11/4/2017 | 11:02:58 AM
Good
Interesting!
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
Kelly Sheridan, Associate Editor, Dark Reading,  11/14/2017
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.