Frank Kim

Frank Kim is a SANS Fellow where he leads the Cloud Security and Cybersecurity Leadership curricula to help shape and develop the next generation of security leaders. Previously, he served as the organization’s CISO where he led the information risk function for the most trusted source of cybersecurity training and certification in the world. Frank serves as an advisor to numerous security startups and authors and teaches courses on CISO leadership, strategic planning, DevSecOps, and cloud security. Frank is also the author and instructor of LDR512: Security Leadership Essentials for Managers, LDR514: Security Strategic Planning, Policy, and Leadership, and co-author of SEC540: Cloud Security and DevSecOps Automation.

More About Frank


Frank began his career as a developer in the early days of the Internet building applications and systems. When incidents would occur and vulnerabilities were discovered, Frank became the default point person for managing them. Though he did not realize it at the time, this was the beginning of his professional career in security. As his career progressed, he built teams both large and small to solve some interesting problems. This included forming a multi-million dollar security program at Kaiser Permanente as the Executive Director of Cybersecurity where he built an innovative security program to meet the unique needs of the nation's largest not-for-profit health plan and integrated health care provider with annual revenue of $60 billion, 10 million members, and 175,000 employees.

As a developer at heart, Frank is able to see first-hand how the Web has transformed society. There is a clear through line from the early days of the Web to how cloud is now transforming the way organizations operate. Knowing how to code and understand technology has been a huge benefit to Frank when building security capabilities and leading security teams. This background is even more helpful with the move to cloud where "everything" is code, automation is expected, and application security is even more important. Like most leaders, Frank has made a few mistakes along the way. Because of this, Frank is able to share a depth of knowledge from direct experience with building security programs, interacting with business leaders, and communicating with stakeholders.

Frank claims to have become a SANS instructor by accident. After taking a number of SANS courses over a few years, one day someone from SANS emailed the alumni list asking for help from professionals with application security experience, of which Frank had plenty. This led to Frank’s first authoring experience; creating some modules and labs for a new course. The authorship led to instructor work. Frank has now been authoring and teaching for SANS for more than a dozen years.

It's been said that change is the hardest thing for a person to do. Frank loves when his students have that "ah ha" moment and realize that they just did something new or amazing. Frank strives to make his approach to teaching like a memorable book or movie, which takes you on journey. He believes learning should be a personal quest where you, the hero, overcome your obstacles to achieve something greater. As an instructor, Frank strives to show students "how" to get things done when they go back to work. In technical classes this includes hands-on labs where students practice with the tools they will use in the real world. In management courses this includes leadership simulations, games, and case studies where students deal with real-life scenarios, discuss trade-offs, and use management tools to analyze the situation at hand.

The highlight of his work is receiving feedback from students after class; sharing that they used a technique from class at work, how something covered in the course helped them in their career, or that they are now dealing with exactly the same scenario covered in class and therefore feel more prepared.

Frank holds degrees from the University of California at Berkeley in both Business and Ethnic Studies, is a frequent speaker at the annual RSA Conference, and has earned a number of professional certifications over the years including: CISSP, GSLC, GCIH, GCIA, GCFA, GPEN, and GSSP. Frank is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. Formerly, Frank was the Board President of Habitot Children’s Museum in Berkeley, CA.

When not improving courseware or teaching others, Frank enjoys practicing yoga, eating delicious food, and mixing up a quality cocktail.

Here is a SANS Summit presentation by Frank Kim:





For more SANS webcasts by Frank, please review the SANS Webcast Archive.


Practical Guide to Security in the AWS Cloud, Nov 2020

Cybersecurity in the Age of the Cloud, Feb 2020