Hi Anna, okay, gonna try to do this again, sorry for the unclear post, was doing it from my note. Hopefully this will be better.
My reply was for the final kernel you would be using and not the one you will use to attain root access. Sorry if my post was unclear. One caveat though, I am no where near dev level skills, i have just rooted and flashed roms on my devices and some for phones of my friends. My experience is from Galaxy S, Note, Galaxy Nexus, Kindle Fire and the Transformer Prime. No experience with the GSII although the process is the same for the Samsung Devices.
To gain initial root, yes, you need to use a pre-rooted kernel that matches your build number. But it does not refer to the Siyah kernel, it refers to a stock pre rooted kernel. Look for it in this thread
http://forum.xda-developers.com/showthread.php?t=1103399. (The instructions for rooting are there as well.)
The build numbers are actually version numbers with very minor changes between kernels that are release close to each other - read the version numbers as 1 to Z it's like A being equal to 10, so the numbering system is something like 1, 2, 3... 8, 9, A, B, C and so on. And only worry about the last numbers/letters, LQB in your case.
After rooting, you may now flash CyanogenMod, this is where my previous post applies. When you already have root access and plan to flash a ROM, you no longer have to flash and use a kernel with the same build version as your original kernel or stock rom. When you follow the instructions to flash CM9 on their Wiki, that will flash a new kernel on your device (the CM9 Kernel). This is where Siyah Kernel will come in, if you want to replace the "stock" CM9 kernel with it. That is if you want to do performance tweaks such as overclocking, undervolting etc. But for as a daily driver, the kernel CyanogenMod comes with is very stable and should be more than sufficient.
As to secure and insecure kernels, I THINK (i am not sure) it refers to simply having the latest version with the security issues from the last version patched relating to the networking functions. Or it could be a reference to the super brick bug which exists on the GNote and GSII stock kernels.
One last warning though, rooting and flashing may require you to do data wipes (data, cache and dalvik cache wipes) and as far as I know there is what is known as a super brick bug in the Note and the GSII (i think) that can brick your device if you do a wipe on a stock or an unsafe kernel. I bricked my note a while back flashing an ICS leak. Although the devs have come up with safe kernels and instructions, so if you take the plunge, follow their instructions to the letter. (if it says perform a "reboot to recovery" function, don't skip it)

good luck rooting and happy flashing.
In case, you have anymore questions, I'll try my best to help.