SESP MAGAZINE SPRING 2026

THE MAGAZINE OF LEARNING, LEADERSHIP, AND POLICY

Kris Yun

Kris Yun: Training Students in Cybersecurity

A leadership model built to last

By Alina Dizik

When Kris Yun launched Northwestern's first student-led cybersecurity club in 2024, her biggest fear was that no one would show up. But when she arrived to the first meeting, the room was packed. For the first-year social policy and computer science student, it was a clear sign she was on the right track.

Today the club has evolved into the startup Locket Cybersecurity, which certifies undergraduates to provide free security audits to small businesses, hosts workshops and discussions, and maintains an online safety information hub. Since Locket was founded, 30 students have completed the quarter-long Google Cybersecurity certification and three small businesses have received audits. Students uncover a variety of vulnerabilities, from low-level technical issues (don't reuse your password!) to poor organizational security practices.

But Yun didn't just found a startup. She was a two-time director of Wildhacks, the University's annual hackathon, during which students build software projects over 24 hours, and she's twice attended the Black Hat series of global cybersecurity conferences. She also served as a computer science peer mentor. "I love sharing the joy of learning," she says.

The daughter of two educators, Yun grew up in Northbrook, Illinois, and went to schools that emphasized digital privacy and literacy. "We had lessons about our digital footprint, catfishing, and cyberbullying," she says. When her grandparents, who owned a laundromat, began receiving threats in the mail, she started to think about how to help small businesses stay safe—online and off.

"Kris has a rare combination of intellectual curiosity, discipline, and moral seriousness," says Camille Stewart Gloster, founder of the CAS Strategies cybersecurity advisory firm. "In our field, those qualities matter more than raw technical skills."

Yun completed an internship with Stewart Gloster, who was deputy national cyber director in the Biden administration, and has continued to work with her as an undergraduate. She also worked as a software analyst with Shostack + Associates, helping improve the company's internal tools.

The idea for Locket grew from McCormick professor Sruti Bhagavatula's Security and Privacy Education class. Classmate Theo Maurino approached Yun with the idea of creating a cyber clinic; they later shifted the organization's focus to security audits and certification for small businesses.

The audits themselves take about 10 weeks. Students discuss "worst nightmare" scenarios with clients and interview tech support, human resources, and other team members to get more information about workflows and security. Locket then outlines vulnerabilities and recommends mitigation strategies.

"A client may have multiple employees who have equal access to sensitive materials across the organization," Yun says. Locket recommends the principle of least privilege, so that employees have what's necessary to complete their work without excessive access capabilities. Students also provide tips to help organizations stay aware of social engineering and spoofing attacks.

Yun, who is also pursuing a concentration in security and privacy in the McCormick School of Engineering, chose Northwestern for SESP's interdisciplinary approach and the ability to pursue a second major in another school. She's especially interested in policy that affects vulnerable communities and critical public infrastructure.

Yun believes tech policy is increasingly important, because the most pressing social issues of the moment—housing, healthcare, labor, civil rights—now have a digital layer that traditional policy thinking wasn't built to handle. "When people think of policy, they think of social issues or the environment, but as tech is evolving, we need to bring that technical angle into the social policy arena."

And while she remains more invested than ever in Locket's mission to give students the technical skills to help small and medium businesses remain digitally safe, Yun has come full circle: She is onboarding the next class of student leaders to ensure Locket Cybersecurity continues long after she graduates.

"It's important to know when you should take a step back," she says. "It's time to let other people dream, ideate, and see what the future will look like."