“The window of time we had to stop the leveraging of known vulnerabilities, has now seemingly turned into an advantage for the advanced threat actors.,” writes Tae Kim, Senior Manager, Cyber Intelligence at Capital One Financial Corporation —and speaker at the 2018 Retail Cyber Intelligence Summit. As part of our series from speakers and sponsors of this year’s Summit, we recently asked Tae to respond to a few questions about retail cybersecurity.
What developments does Tae see in cybersecurity? Read on.
RH-ISAC: Did you experience a personal, “game on” moment in cyber security?
Kim: In my previous position, a day after a major attack against the United States, there was a late-night meeting between various organizations, including the White House. This meeting was being held to form an initial consensus to determine the direction of the collective investigation efforts. There was strong skepticism against what seemed to be an obvious perpetrator. However, when it was my turn to speak, I laid out my initial assessment and convinced others to focus their efforts against one target. Within days, there was sufficient evidence to prove who was behind the attack.
RH-ISAC: What is the most exciting (or frightening) development you’ve seen lately in your field?
Kim: As an observer of the cyber landscape since 2006, it is definitely exciting to see the heightened cyber security awareness beyond government or major business entities. However, the speed of how fast things are advancing is definitely frightening. Just a few years ago, it was surprising to see threat actors weaponizing a published vulnerability within a few months, but now we are seeing them turn it around in a matter of weeks if not days. The window of time we had to stop the leveraging of known vulnerabilities, has now seemingly turned into an advantage for the advanced threat actors.
RH-ISAC: What skills or characteristics do you think are most important for your job or the retail cyber security sector?
Kim: My job in the retail cyber security sector is probably not any different, in terms of what skills or characteristics would make a person or team successful, compared to other sectors. A strong willingness to learn a new topic or technology, even from mistakes or successes, helps a person or team grow stronger. And learning is only possible if someone is willing to listen to different opinions and help, by providing constructive feedback when appropriate. You need to have a mindset to take the job more seriously than yourself and be humble to be able to admit your mistakes. When you say that you were wrong about something, it means that you have already learned something.