16 August 2017
Mischel Kwon currently serves as President and Owner of MKACyber, a cybersecurity company that focuses on assessing, repairing and building Security Operations Centers (SOC) and provides Managed Security Operations Services (MSSP) for its customers.
Starting her company while raising five children, and finishing her bachelor’s and master’s degrees while pursuing her career, Mischel is nothing short of impressive and she offers advice that will inspire professionals in all industries. She is also founder of the Cybersecurity Diversity Foundation, which supports diversity and inclusion in the field of Cybersecurity.
Tell us about your career progression into your current role.
I have been in IT for over 30 years. I have done all types of IT, from assembler programming to operating large mainframes, systems programming, large network configurations, engineering, and development. I did my life backwards; started as assembler programmer at 19 years old and went back for my degree at 40. In going backwards, when I looked across my career, I decided to focus my attention on security because I had a broad wealth of experience across all types of IT which ultimately helps to secure a network.
I went back to school as a scholarship for service scholar. I wasn’t the normal SFS scholarship student - I had an established career. I got my Bachelor’s of Science and Masters of Science in Computer Science with a certificate in information security from Marymount University. After that, I parlayed directly into security. I worked for the Department of Justice as Director of IT Security. I moved through the DOJ from Wireless, to the CISO’s office, where I became Deputy CISO and built the first justice Security Operations Center. I then moved to US-CERT at the Department of Homeland Security and served as Director.
From there, I left the government and went on to be the VP of Federal at RSA Security. I decided I would prefer to work on Security Operations - I had spent 10 years of my life doing it, but I wanted to do it my way. In order to do that, I had to start my own company. That’s how I started MKACyber.
What was it like raising five children while pursuing you own career?
A lot of people ask me that - they say, “that’s a lot of children!” For me, raising children and having a family is just part of life. It brings its challenges, and at times was hard, but for the most part it was wonderful. There are lots of positives that come out of working while raising children. My daughters feel empowered to do anything they set their minds to. It’s important to empower our girls to know they are smart, and have the ability to do anything they want.
Have you always wanted to own your own business? What motivated you to take that step?
I didn’t always want to have my own business. It was a desire that grew organically throughout my career. I’ve pretty much been a geek my entire adult life, but, I always strived to try new things and not be fearful of them. I’ve learned so much in starting my own business and I truly enjoy it. After leaving the government and going into private sector, I basically realised I needed to use my own name and reputation for myself. That empowered me to create MKACyber.
Aside from that, I also wanted to focus on what I wanted to do: Security Operations work. I had a vision of a methodology that I felt would help a lot of entities and I wanted to make that happen. The best way for me to focus on Security Operations work and the methodology was to go out on my own. I had to break away and do that for myself.
Tell me about some of the hiring strategies you've implemented at MKACyber to increase diversity?
The biggest issue in hiring - regardless of the industry - is making sure that you don’t allow your unconscious bias to affect your hiring. It’s interesting how most people don’t know they have an unconscious bias. Taking steps to ensure that unconscious bias doesn’t creep up and affect you is so important.
Firstly, talking about unconscious bias - educating your staff and making sure they know what it is. Have them look at their decisions and selections, and contemplate “am I employing a bias here?” The education piece in itself is a very strong tool. Another thing we’ve done at MKACyber is nameless resumes - sanitising resumes so hiring managers can’t recognise who the applicants are. That’s important for at least the first screening steps. They can judge the candidate solely by the resume.
When a hiring manager identifies a candidate that they would like to speak to, the first interaction is a chat or email (if their email doesn’t give away their name). That can help determine some of the candidate’s capability without giving away any personally identifying factors. We also find that hiring in groups, not single-threaded hiring helps with a diverse and more competent hire. Our goal is to get the best people - the broadest, richest ideal base that you can get. You get that by hiring people with different thought processes.
We’ve found the more diverse our environment has become, the more diverse people we attract. It starts with a more concerted effort, and gets easier as you go along.
What are the keys to leading a diverse and inclusive organisation?
It’s such a natural thing for us - it’s not much a thought process anymore. I think our culture is what brings us to be able to do that. We work in teams - although we have a hierarchy, we are a relatively flat organisation. Our culture encourages collaboration on different types of work and learning in new areas, binding us to a team working environment.
What steps can women in Cybersecurity take to advance their careers?
The same steps anyone else takes! Get training, find a good mentor. Try new things and don’t be afraid to fail. If you fall down pick yourself up, dust yourself off, ask for help, move forward again. The advice is really the same for anyone. Succeeding is a matter of continuing to reach - not being afraid of failure, because out of failure will eventually come success.
What is the Cybersecurity Diversity Foundation, and what is its mission?
The Cybersecurity Diversity Foundation is a non-profit organisation that’s full intent is to create more diversity in the cybersecurity field, and the inclusion of that diversity. Our vision is a career field that welcomes, supports and provides opportunity and access to all, from entry level to executive and board positions.
We promote action that will make a marked difference – from providing scholarship funds to championing corporate pledges to foster workforce diversity. Through lots of differences, new ideas, and different ways of working, diversity is what brings us richness.