Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
Mischel Kwon is an IT executive with more than 29 years of experience ranging from application design and development, network architecture and deployment, Information Assurance policy, audit and management, technical defensive security, large wireless system security to building organizational and national level Computer Emergency/Incident Response/Readiness Teams. Ms. Kwon currently serves as the President of Mischel Kwon Associates, a security consulting firm specializing in Technical Defensive Security, Security Operations and Information Assurance. Most recently, as the Vice President of Public Sector Security for RSA Security, Ms. Kwon was responsible for leading RSA in assisting the public sector security solutions, strategies, technologies and policy. Ms. Kwon was named the Director for the United States Computer Emergency Readiness Team (US-CERT) in June 2008 where she spearheaded the organization responsible for analyzing and reducing cyber threats and vulnerabilities in federal networks, disseminating cyber threat warning information and coordinating national incident response activities. In addition, she previously served as the Deputy Director for IT Security Staff at the United States Department of Justice (DOJ), where she built and deployed the Justice Security Operations Center (JSOC) to monitor and defend the DOJ network against cyber threats. Ms. Kwon holds a Master of Science in Computer Science and a graduate certificate in Computer Security and Information Assurance. In addition, she serves as an adjunct professor at George Washington University in Washington, DC, where Ms. Kwon also runs the GW Cyber Defense Lab. Subscribe to Mischel's RSS feed
APT has become a buzz of security professionals for the past few years, but now has legitimate attention among all levels of the organization. Why? Because executive leadership knows that buzzword has now become a clear and present danger even among private sector organizations.
I have spent the past 6 years of my life running incidents of one flavor or another, whether it was a government or private sector system intrusion, a product vulnerability, or an infrastructure vulnerability or attack. Over the past two weeks I have participated in an incident and the response to the incident that was very different than anything I have personally dealt with before. This incident had two parts to handle: one, the protection offered by the security product RSA SecurID; two, the intrusion itself. This incident demonstrated a deliberate and responsible response by the company, RSA. RSA coordinated a collaborative effort involving the RSA customer community (both U.S. and International), the security community as a whole, law enforcement, and US-CERT.
Nothing like the big guy keeping the message alive! Joint Chiefs Chairman Admiral Michael Mullen held a news conference and once again lead the cyber battle cry. He warned that a “substantial” and complex threat to the US in way of cyber attack and the potential for devastating impact. His message was clear – the DoD is focused on these threats.
I am often amazed by the sensationalism that surrounds the words "Cyber War".
This thought struck me as I read through the results of McAfee’s survey of corporate executives in their paper "In the Crossfire: Critical Infrastructure in the Age of Cyber War". It is interesting what people "think" is happening in Cyber because as we all know, many decisions are made based on observation, not facts.
When you say M06-16 to any government IT or security professional they all know you’re talking about two-factor authentication for any remote access. When you talk passwords with any security professional, they will tell you….that’s little to no security at all.
Congrats to Howard Schmidt, our new Cyber Coordinator. The news is spreading around Washington like wild fire.
What does this mean? Does this fix Cyber?
It seems that just as we move forward in securing our networks, we take two steps back. Or do we?
In 2006, the Office of Management and Budget (OMB) required two-factor authentication and VPN technology through the M-06-16 memo. Departments and Agencies moved quickly to deploy both two-factor authentication as well as VPN technology.
October 1 the National Cyber Security Alliance, along with Department of Homeland Security and the White House will kick off National Cyber Security Awareness Month. So, what does that mean to security professionals? This is a month for you to reassess, take stock in what you are doing, share your knowledge and shine.
On Sept. 14 I had the privilege to speak on a panel at the InformationWeek 500 Conference moderated by IW Editor-in-Chief Alexander Wolfe. The panel was comprised of Eva Chen, CEO and Co-founder of Trend Micro, Renee Guttman, Vice President of Information Security and Privacy Officer for Time Warner, and Jerry Johnson, CIO of Pacific Northwest National Laboratory. The title and theme of the panel talk was…
