Fred Kwong: The Psychology of Being a CISOSecurity Pro File: Fred Kwong learned people skills in the classroom and technical skills on the job. The former psychology major, now CISO at Delta Dental, shares his path to cybersecurity and how he applies his liberal arts background to his current role.
When Fred Kwong's friends had Nintendo game systems, his home had a PC. The household computer sparked an early interest in technology, which persisted throughout the long, winding, sometimes blocked road that eventually led to his role as CISO of Delta Dental.
"My educational background and my IT background are completely separate," Kwong notes. While he wanted to explore technology, finding an educational path was difficult. At the University of Madison he encountered a choice between two majors: computer science and computer engineering. "Neither was what I actually wanted to do," he adds.
As a student, Kwong learned programming languages like C++ and Fortran before deciding he was on the wrong track. "It drove me nuts," he says. "I did not want to spend the next 30 years of my life programming." He decided to take his tech education outside the classroom.
"All my IT leaning has pretty much been the 'school of hard knocks,' or learning in the workplace," he explains, and he continued to take part-time classes at a technical college while supplementing them with various tech-focused roles.
Kwong got his start in IT at Sitel, a help desk outsourcing company where he answered about 80 calls per day for the AOL help desk. There, he learned about modems and discovered he enjoyed helping people get online. But after a couple of years, he once again felt he was in the wrong place. His self-guided education continued at Zurich Insurance, where he worked as a "cable monkey," learning networking and routing as part of the network team.
Zurich continued to be Kwong's main source of IT education as he resumed full-time classes at Roosevelt University, where his studies fell far outside the technology field.
An Unconventional Path
"I went back to school for things that interested me," says Kwong of his decision to double major in psychology and professional communications, partly inspired by his time in congressional debate as a high school student. "I wanted to learn about people — and what better way to learn about people than to study psychology?"
Kwong's first foray into technical education was an MBA with a concentration in MIS. It didn't take long for him to switch gears back into the psychology field. As he was finishing his MBA, a class in executive leadership inspired him to pursue his PhD in organizational development, where he found himself surrounded by a non-technical crowd.
"I was, quite honestly, a little bit intimidated at the time because I was in a room full of COOs and VPs of human resources, people who have pretty established careers," he recalls. "And there's me, this network engineer, in the PhD program, in a field that's completely unrelated to my work."
Kwong, sticking with the belief that effective communication would prove handy in any role, went on to complete his doctorate. A role as the network manager at Benedictine University introduced him to security. In addition to working on servers and telecommunications, he learned the ins and outs of firewalls and access control.
Source: Fred Kwong
He worked his way up the security ladder first through Zurich, then CSC where he was a network and data center manager, then US Cellular, where he was the senior infrastructure manager, and Farmers Insurance, where he built a privileged access management program and insider threat program. It was his last role before he had the opportunity to build security at Delta Dental.
Kwong's psychology background has, as expected, proven handy in his security roles.
"I would say that I have a heightened sense of awareness of folks I deal with," he says. "A lot of times in the CISO role, it really is about building relationships and ensuring how to shift the culture or the organizations from one that's not necessarily security-minded to one that becomes security-minded."
This is especially difficult at Delta, which has 39 member organizations and a large board of directors. Kwong says getting everyone on board with security can be a challenge; after all, security isn't necessarily viewed as a revenue generator but often as a cost. All members have their own agenda, and he has to ensure security is part of each person's mission and objective.
It's a mindset he emphasizes across the company. Most breaches initially involve the human factor, he points out, and he has to change the mindset of employees to be security conscious.
"We do that via phishing campaigns, lunch and learns, having direct messaging that appeals to employees to secure themselves not only in the business but also at home," Kwong explains. "It's an emotional tie. We tie [security] to something that's tangible to them, not just in the business but for personal use … that really shifts the change in the culture."
When there is space open on his team, Kwong looks within the business. He built an internal program at US Cellular to help aspiring security professionals starting in low-level tech roles.
"We built a program where — and this is near and dear to my heart — help desk and desktop folks can intern with security folks to learn about security and see if it's a good career path for them," explains, adding that many successful security pros come from different parts of IT.
For a month, interns learn about security tools and complete projects. If they are still interested in security at the end of the program, they can continue learning about it. When there is an opening in security, Kwong says, he can pull from an internal group of employees he knows has an interest in joining the team.
The internship program has since grown outside security to educate future employees for high-level IT roles in database management and networking, he adds.
Off the Clock
It's hard to believe Kwong has any free time outside his roles as CISO and adjunct professor at Roosevelt University, where he now teaches organizational behavior and organizational development. But when he does, he uses it for volunteer work — and occasional photo shoots.
"There are a couple of organizations I really like to work with," he says. Feed My Starving Children, which ships nutritional food to parts of the world without it, is one of them. Kwong says he puts together bundles of food, donates, and recruits people to help out.
Habitat for Humanity is another: Kwong enjoys volunteering with the organization and building homes in the Chicago area. "I like working with my hands," he continues. "Plumbing, dry walling, all that fun stuff."
Wedding photography is another favorite hobby and he enjoys snapping photos at occasional events for family and friends. Photography is fun, he says, but not always simple. It's easy to take pictures of stuff when you have time to set it up. It's harder at a wedding, when things are moving and you need to snap the right shot at the right time.
Kwong is modest about his work — "I don't consider myself that good, quite honestly, and I feel like it's a really hard craft," he says — but his subjects seem to be big fans.
"I guess the best compliment I've gotten is, there have been times when people said 'I wish we just hired you to be our photographer!'" he says. "It's nice to hear."
Worst day ever at work: 9/11/01 — my parents were both on separate planes that day, unsure of their fate.
First hack: Turned an old office chair into a swiveling TV stand
What your coworkers don't know about you that would surprise them: Used to be an avid poker player
Security must-haves: Security awareness training, access control governance, vulnerability management
Business hours: Don't apply in security
What keeps you up at night: Becoming the fall guy for a breach
Fun fact: Birds don't urinate
Favorite hangout: Home
Comfort food: Ground beef and rice bowl
What's in your music playlist right now: Billy Joel
What kind of car do you drive: Lexus RX 350
Favorite thing to do after a long day: Netflix binge watching
Actor who would play you in a film: Stephen Chow
Next career after security: Professor
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.
Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio