Getting More People to Enjoy Working on Product Security

──First, can you tell us about your current work?

My main job is to assess and check the security quality of our company’s automotive and other products from a third-party perspective before they are shipped in the product security department of the information security promotion division. I make sure the designers have followed the security rules properly.

Automobile security is relatively new and difficult to verify in terms of quality. After extensive discussions among experts worldwide, guidelines were established to ensure proper implementation from the design stage. Subsequently, ISO (International Organization for Standardization) standards were created, and legal frameworks were developed in various countries.

──Besides automobiles, what other products do you handle?

For example, we work on a variety of products, like predictive maintenance systems for car air conditioners and agricultural robots.With agricultural robots, we need to ensure security on both the robot side and the server side.

One of the challenges in this work is constantly being aware of the presence of malicious third parties. In regular quality control, the task is complete once we achieve a perfect state. But, in security, there are always individuals attempting to breach our defenses. So, we must proactively develop mechanisms to prevent these breaches.

──With this in mind, are you focusing on internal education and awareness activities?

Yes, educating designers is especially crucial. We give lectures on the concepts and procedures of security, as well as internal rules, as part of company-wide education, and regularly update the training content. We also emphasize the importance of security in our daily work while communicating with designers.

Meanwhile, drafting the security strategy for products in the DENSO Group is also an important part of my job. I drafted a new policy a few years ago stating, “While automobile security has been improved, there are still issues to be solved in new business areas.” It is indispensable to continuously gather security-related cases from around the world and always stay updated on the trends.

──When did you start taking a security interest?

Around 2003, when I was working at my first IT company, primarily involved in designing and developing enterprise systems.

Back then, people were just starting to use web systems, and usability was often prioritized over security. I felt that “perhaps web systems are vulnerable and could be easily exploited.” So I continuously tested my own developed systems by attacking them to identify weaknesses and determine what needed to be strengthened.

”Defend before being attacked.” I am the type who enjoys thinking about how to achieve something, especially when it is technically challenging to realize.

──You mentioned a turning point at your second IT company after enhancing your skills. What happened?

Yes, while managing a large-scale IT infrastructure application at a global data center, I received an urgent call in the early hours about a system outage.

Despite rushing to the site and using all my knowledge for about an hour, I couldn’t restart the system. However, a consultant I was working with solved it effortlessly.

At that time, I was confident due to my experience in dealing with various obstacles and believed I could solve most problems.

However, I realized that “there are still many things I don’t know”.

──What actions did you take following this realization?

I devised a “Five-Year Skill Improvement Plan” with a vision of myself at 40. Typically, 40 is the age to become a manager or a seasoned engineer. I aimed to overcome my weaknesses and fully express my value and abilities by then, so I decided to acquire various certifications in stages.

In addition to certifications in information processing and security (Registered Information Security Specialist, CISSP, CEH, CHFI), I also passed the Registered Management Consultant exam to address my business knowledge gaps. Now, I hold over 50 certifications.

──Why did you consider joining DENSO during your growth journey?

I met a DENSO associate at a private security study group. I learned that DENSO had just established an automotive security division as part of its company policy. I felt that I could leverage my skills and continue to grow there.

──What stands out to you from your consistent involvement in product security at DENSO?

I am always impressed by DENSO's collective drive to instill the importance of product security within the company.

A senior executive once said, "Security is quality itself." DENSO has always focused on ensuring quality, and I find it ideal how the company is effectively integrating security into this focus and rapidly embedding it within the organization.

──Can you tell us about the SOMRIE certification program? What capabilities and levels do you currently hold?

I am a Level 5 security specialist, which is the third highest level, making me as a leading figure within the company.

──Why did you aim for SOMRIE certification?

I want to instill the importance of product security throughout DENSO. In this context, I felt that the SOMRIE Certification System is highly compatible from a human resource development perspective, and I wanted to take the lead.

Security has traditionally been seen as “something only for a few experts,” but now everyone needs to be involved to make progress. Therefore, it is necessary to elevate the overall level within the company.

──Have you noticed any changes since obtaining SOMRIE certification?

I feel that I have been recognized as an expert in this field, and my credibility with those around me has increased. Additionally, more people have shown interest in security activities and have reached out to me.

──It seems like a positive trend. What do you find appealing about this system?

It seems that the ideal image of an engineer is well-formed, and the recognition of the certified individual increases, making it easier for them to find opportunities to excel. It’s also a good system in the sense that when someone faces a challenge, they can find people to consult with or look up to within the SOMRIE community.

──While striving for excellence in your field, how do you balance your private life?

If work isn’t fulfilling, then my private life won’t be either. With this mindset, I put some effort into my work and skill improvement while also enjoying my personal life.

Through obtaining certifications, I have made more friends in my private life and feel that my career possibilities have expanded. By participating in study groups, I have met people from various industries such as trading companies, advertising agencies, city offices, and financial institutions. I have learned knowledge, business know-how, and career tips from them, which have been beneficial to me.

──What capabilities and levels do you want to achieve as a SOMRIE in the future?

As a Security Specialist, I want to move beyond my current Level 5. My goal is to create security solutions that are well-known and used across the country, which would take me to Level 6. If these solutions become popular worldwide, that would be Level 7.

Security isn’t about creating tangible products, so it’s hard to demonstrate its value, but it’s now a crucial part of society. That’s why I’m committed to directly facing the challenge of creating value in this field.

──What do you hope to achieve in the future?

I want to get more colleagues interested in security and create a world where it’s naturally realized without conscious effort.

When it comes to security, many people imagine a scenario where each task requires meticulous attention and thorough learning. However, my goal is to create a world where security is ingrained in everyone’s mind and practiced as naturally as quality control. Although it may take time, this is precisely why I want to take action now and make steady progress.

──You seem to really enjoy mastering security technologies. Is there a particular reason or inspiration behind this passion?

Maybe I can explain by sharing a childhood story.

I was captivated by computers when I was five. The inspiration came from an anime called “Plawres Sanshiro.” The story revolves around controlling plastic models to wrestle, and I found the scenes where the boy skillfully manipulates the models using a computer keyboard incredibly cool. It made me dream of owning a real computer someday, and I even made my own out of paper, imagining it was real (laughs).

I have been guided by the fascination I felt for computers back then, and it has brought me to where I am today. The key to mastering technology is to enjoy the process of learning it. Moreover, sharing that enjoyment with others not only spreads the enthusiasm but also positively impacts one’s own skill development.

──Finally, do you have a message for those aspiring to become specialists in various fields?

I’ve found that diving deep into one area of expertise can actually open up more career options. Specializing in security has brought me opportunities from different industries, including automotive. Plus, learning about diverse fields to enhance my security knowledge has broadened my understanding of societal challenges.

Let’s work together to become specialists who contribute to society with our expertise, while enjoying the journey and keeping a broad perspective. I look forward to your challenges and endeavors.

* This contents presented in this article are as of August 2024.