Frank began his career as a developer in the early days of the Internet building applications and systems. When incidents would occur and vulnerabilities were discovered, Frank became the default point person for managing them. Though he did not realize it at the time, this was the beginning of his professional career in security. As his career progressed, he built teams both large and small to solve some interesting problems. This included forming a multi-million dollar security program at Kaiser Permanente as the Executive Director of Cybersecurity where he built an innovative security program to meet the unique needs of the nation's largest not-for-profit health plan and integrated health care provider with annual revenue of $60 billion, 10 million members, and 175,000 employees.
As a developer at heart, Frank is able to see first-hand how the Web has transformed society. There is a clear through line from the early days of the Web to how cloud is now transforming the way organizations operate. Knowing how to code and understand technology has been a huge benefit to Frank when building security capabilities and leading security teams. This background is even more helpful with the move to cloud where "everything" is code, automation is expected, and application security is even more important. Like most leaders, Frank has made a few mistakes along the way. Because of this, Frank is able to share a depth of knowledge from direct experience with building security programs, interacting with business leaders, and communicating with stakeholders.
Frank claims to have become a SANS instructor by accident. After taking a number of SANS courses over a few years, one day someone from SANS emailed the alumni list asking for help from professionals with application security experience, of which Frank had plenty. This led to Frank’s first authoring experience; creating some modules and labs for a new course. The authorship led to instructor work. Frank has now been authoring and teaching for SANS for more than a dozen years.
It's been said that change is the hardest thing for a person to do. Frank loves when his students have that "ah ha" moment and realize that they just did something new or amazing. Frank strives to make his approach to teaching like a memorable book or movie, which takes you on journey. He believes learning should be a personal quest where you, the hero, overcome your obstacles to achieve something greater. As an instructor, Frank strives to show students "how" to get things done when they go back to work. In technical classes this includes hands-on labs where students practice with the tools they will use in the real world. In management courses this includes leadership simulations, games, and case studies where students deal with real-life scenarios, discuss trade-offs, and use management tools to analyze the situation at hand.
The highlight of his work is receiving feedback from students after class; sharing that they used a technique from class at work, how something covered in the course helped them in their career, or that they are now dealing with exactly the same scenario covered in class and therefore feel more prepared.
Frank holds degrees from the University of California at Berkeley in both Business and Ethnic Studies, is a frequent speaker at the annual RSA Conference, and has earned a number of professional certifications over the years including: CISSP, GSLC, GCIH, GCIA, GCFA, GPEN, and GSSP. Formerly, Frank was also the Board President of Habitot Children’s Museum in Berkeley, CA.
When not improving courseware or teaching others, Frank enjoys practicing yoga, eating delicious food, and mixing up a quality cocktail.
Here is a SANS Summit presentation by Frank Kim:
ADDITIONAL CONTRIBUTIONS BY FRANK KIM:
Becoming a CISO: Leading Transformation, July 2020
Cybersecurity Frameworks for CISOs, June 2019
How to Make Sense of Cybersecurity Frameworks, March 2019
Ten Tenets of CISO Success, May 2018
10 Tenets of CISO Success, April 2018
CISO as Change Agent: Getting to Yes, Feb 2017
For more SANS webcasts by Frank, please review the SANS Webcast Archive.