This month’s member spotlight, Tae Kim of Albertsons Companies, has an impressive resume of cybersecurity experience, despite not starting his career in the cybersecurity field. In 2006, Tae was working for the United States government when he was asked to be a senior cyber intelligence analyst. Prior to this, he had been primarily involved in enabling human intelligence collection and did not have any formal cybersecurity training. He did, however, have the language skills and knowledge of the geopolitical region he was being asked to cover, as well as the intelligence operations experience, so he accepted the position.
This experience with the human element of intelligence would come in handy as he worked to understand the adversaries behind cyberattacks. He quickly started to enhance cyber intelligence collection efforts with the support of colleagues who helped make the change throughout various levels of the organization. Soon Tae was well versed in the cyber world, helping to build the first-ever cyber case-study for new intelligence analyst training, writing chapters for national cyber intelligence estimates, and taking part in high-profile domestic and international investigations. He continued to utilize his geopolitical experience in his cyber role as well, participating in official delegations to discuss cybersecurity abroad.
After leaving the government, Tae stayed in the cybersecurity field, moving to a financial institution. He quickly realized he had a lot to learn about security in the private sector and earned his CISSP and CCSP certifications. This additional training allowed him to become an advisor at a well-known security vendor after leaving the financial sector. While a lot of this work was focused on U.S. public entities, he was also responsible for discussions with foreign governments, providing an opportunity for him to broaden and build upon his previous experience navigating global security challenges.
Today, Tae is head of cyber threat intelligence & hunt at Albertsons Companies, which has allowed him to re-engage with the RH-ISAC. He describes the RH-ISAC community as being an extra set of eyes and ears, working together to protect the retail and hospitality industry. From his human intelligence collection days, Tae has unique insight into the behavioral patterns of attackers and understands that though attacks are sometimes company-specific, often they are directed broadly, and what is impacting one member very likely may be impacting others. Companies are more dependent on each other now than ever before. Not only do they rely on the same technology and supply chain vendors, but they also share the same customers. If a customer is breached, that entry point can be leveraged for additional attacks sending a ripple effect through the industry.
Tae is no stranger to the importance of intelligence sharing. Early in his cybersecurity career, he started a working group with various agencies to share information and coordinate initiatives. It took a lot of effort because, in the beginning, people at other agencies were suspicious of his intentions. Fighting over turf and claiming primacy was the name of the game. The deep-rooted “zero-sum” mentality was hard to break, and it took some time to get people to understand that winning together was possible. As people started sharing more, it fostered more trust within the group and led to agencies proactively trying to help each other.
He continues to apply this mentality to the private sector, but he still has not lost his interest in geopolitics. He says that he is an avid news reader outside of work, staying on top of current events in and out of cybersecurity to stay informed. Cybersecurity isn’t his only computer interest either. As an avid gamer, his computer experience goes back to high school, when he would build gaming computers long before he knew he would wind up working to protect computer security.
Visit the RH-ISAC website to learn more about how your organization can benefit from RH-ISAC’s sharing community.