Speaking quickly but concisely and occasionally cracking a witty one-liner, Poly senior Kevin Chung gives a presentation on Physical Security to the Cyber Security Club. He explains that to improve security, one needs to understand its flaws as well as its strengths.
“Knowing how to pick a lock doesn’t make you a thief,” Chung insisted.
In fact, he continued, a lock-picker is more likely to fully understand a lock than a locksmith. The same can be said of computer security.
Chung’s presentation took place in the Information Systems and Internet Security laboratory, which he has run for the past two years. The lab is a cyber security hub at the Polytechnic School of Engineering. There are about 15 to 20 student-regulars, but they are not the only people who walk into the ISIS lab on a daily basis.
“People have told me that they’ll poke their heads into the lab, and if I’m not there, they won’t go in,” Chung said.
Chung quickly added that this is unfortunate, as there are often others in the lab who can help. Most of these students will ask questions about how to make sure their phone, website or computer is secure.
The lab hosts weekly, informal workshops called Hack Nights. Chung personally leads the web Hack Nights, where students come in and learn how to identify vulnerabilities in websites and, of course, hack into them.
“Some people … liken computer security to computer mastery,” Chung said. “We’ll help you identify bad coding practices and help you take advantage of them.”
This November, Chung and the rest of the lab once again managed Poly’s annual Cyber Security Awareness Week, welcoming schools from all over the nation. During the week, Brooklyn Athletic Facility was converted into a competition floor, and the Cyber Security Club hosted the world’s largest Capture the Flag hacking competition, along with competitions for local high schoolers.
Chung, a Brooklyn native, won the high school forensics competition as a senior in high school, making this technically his fifth year of involvement with CSAW.
During CSAW, the rules of Capture the Flag are as follows: Chung and others write up intentionally vulnerable code, called challenges, and upload them onto a server while teams attempt to hack them. This year’s theme was “programmable logic controllers,” similar to the ones involved with the Stuxnet virus that attacked Iranian nuclear facilities. While the challenges use relevant topics, they are never from real websites or official programs due to an industry code of honor known as responsible disclosure, which discourages revealing real vulnerabilities until the error has been fixed.
The previous head of the ISIS lab, Poly alumnus Julian Cohen, said Chung has been fulfilling his responsibilities excellently.
“Kevin has been doing a great job motivating students and running lab activities,” Cohen said. “The ISIS lab has large public presence and influences many other student organizations around the world. Running the lab on a volunteer schedule is not an easy task.”
The cyber security program at Poly is a Master’s program, meaning the classes are composed of mostly graduate students. Chung, however, has been taking these courses since his freshman year. In fact, Chung now works as an undergraduate teaching assistant for the graduate Network Security course that he took as a freshman. He grades assignments for the online version of the class taught by Keith O’Brien.
“Kevin has a very bright future ahead of him in the information security field,” O’Brien said. “He not only has a mastery of the subject, but can lead. This is a rare and valuable combination.”
When he is away from coding, Chung has a number of hobbies, most notably strategy games such as chess and locksport, the art of competitive lock-picking. Chung can quickly tell people how strong the lock on their door is. Off the top of his head, he identified the locks in Lafayette residence hall as medium-strength. He is an avid video gamer who owns a number of consoles, almost all of which he can hack into.
“I’ve picked up lots of hobbies,” Chung said. “I really think people shouldn’t be so focused on finding a career because when you do that, you get tired.”
Email Jonathan Keshishoglou at firstname.lastname@example.org. A version of this article appeared in the 2014 Influential print edition.