このエントリーをはてなブックマークに追加

Apr

20

Mercari’s Approach to Modern Day Threats #2

メルカリのセキュリティチームとその活動を知る機会!一緒に働く仲間も募集中!

Organizing : 株式会社メルカリ

Hashtag :#mercari_security
Registration info

Description

申込方法 / How to Sign Up

申込は締め切りました。ご応募ありがとうございました。
Applications are now closed. Thank you for your application.

イベント概要 / Event Summary

※ 英語(日本語同時通訳)
Mercariではサービス、会社組織全体の安全性を維持・向上するため、常に情報セキュリティへの取り組みを強化しています。 本イベントではセキュリティチームが取り組んでいる活動や、実際の業務内で取り組んでいる課題の一部を2つのEventに別けてLighting Talkを通して紹介します。現在募集しているセキュリティのポジションも紹介します。

* English with Japanese Interpretation
At Mercari, we are always working on new initiatives to maintain and improve the security of our product and services. Over this two event series we will be introducing the work of the security team at Mercari, the kinds of challenges we face, and the kind of people who are looking for to help us further grow our team in a round of lightning talks.

参加方法 / How to join

オンライン開催です。
後日メールにて参加方法の詳細を案内差しあげます。

The event will be held online.
We will inform you of the details of how to participate by e-mail at a later date.

タイムテーブル / Schedule

Time Contents
19:00-19:15 オープニング&セキュリティチームのご紹介 / Opening and Introduction to the Security Team
19:15-19:45 Sec talk #1: Building a Secure Software Development Lifecycle at Mercari
19:45-20:00 Sec talk #2: Diving into Threat Modeling at Mercari
20:00-20:15 Sec talk #3: Gamifying Security Education: Mercari’s Security Champion Programme
20:15-20:30 クローズ&募集職種紹介 / Closing and Hiring Positions @ Mercari
20:30-20:45 Q&A Session (Japanese + English with interpretation)


※内容、タイムテーブルは変更になる可能性がございます。 / Contents and timetable can be changed.

登壇者紹介 / Speakers

Keisuke Sogawa (@sowawa)

Mercari Group CISO. Keisuke Sogawa completed his studies at the Graduate School of Informatics at Kyoto University, and joined an IPA Mitou Youth company in 2011. He went on to launch WebPay at FluxFlex in Silicon Valley. As the Chief Technology Officer of WebPay, he developed the service infrastructure for credit card payment services. He also worked on the LINE Pay business as part of the LINE Group. He joined Mercari Group in June 2017.

Nikolay Elenkov(@nikolay)

Director of Security Engineering and Strategy. Joined Mercari in July 2020. Currently working on SDLC, automation, security consulting, and expanding Mercari’s security team. After starting his career as a PKI, smart card and enterprise developer, switched focus to mobile and Web security. Author of ‘Android Security Internals’. Android Security Symposium, HITCON, Qualcomm Product Security symposium speaker. Led LINE’s Application Security and Security Development teams, helped start and operate LINE Security Bug Bounty and the Becks security meetup

Gloria Chow (@gloria)

Product Security Engineer. Joined Mercari in November 2017 initially as a Software Engineer in Test, transferred to the Security Team in 2019. Leading threat modeling efforts at Mercari. Also involved in the security design review and penetration testing of new features, and advocating security awareness through organizing and creating content for the Mercari Security Champions program.

Azeem Ilyas (@Azeem)

Product Security Engineer. Joined Mercari’s Security team in October of 2018, and part of the security team for around 3½ years. Previously worked as a Mobile Security Engineer for Samsung in the UK, discovering vulnerabilities in Android and Samsung's Galaxy range of devices (full stack bootloader->app level). Involved in implementing SAST and DAST tools, reviewing design docs, performing penetration tests and helping to build content for the Security Champion programme at Mercari. Also a part of Mercari’s Open Source program office, helping to support Mercari’s OSS internal projects to achieve open source status and ensuring Mercari complies with 3rd party licenses.

Shaokang Sun(@Eli)

Product Security Engineer. Joined Mercari since August, 2018. Worked mainly on security penetration tests and security design reviews on the entire Mercari & Merpay ecosystem for the past years and tried to implement various automated security solutions into the SDLC. Helped implementing and tweaking WAF to protect web and API assets. Also involved in Security Champion program to give speeches and workshops internally to raise company's interest and security awareness.

Jason Fernandes (@json)

Security Strategy Team Manager. Joined Mercari in May 2018. After working as a dedicated interpreter for the security team for 1 year as part of the Global Operations Team, learned the fundamentals of software development and cybersecurity through working with the Security Engineering and Product Security teams and officially joined as a member of these teams, working as a Technical Program Manager for 2.5 years. Established Mercari’s Security Champion Programme, and worked on various other initiatives including making improvements to secure the software development lifecycle, improving the process for vulnerability management, and incident response. Took on the role of manager for the Security Strategy team as of January 2022, and now working on improving the overall project management of security initiatives and building Mercari’s mid-long term roadmap for security together with other teams.


行動規範について / Event Code of Conduct

当イベントは、参加者と情報を共有するための場です。そのため、主催者を含む全ての参加者は下記ページに記載される行動規範に同意していただく必要があります。ご理解ご協力をお願いいたします。
This event is a forum for sharing information with participants. Therefore, all participants, including the organizer, are required to agree to the Code of Conduct as described in the following pages. We appreciate your understanding and cooperation.
https://about.mercari.com/event-code-of-conduct/

参加目的が不適切だと判断される場合には、運営側でキャンセルさせていただく場合がございます。ご了承ください。 会場内だけでなく、ブログやSNSなどでの発信、コメントをされる際にも、行動規範への違反がないかご留意ください。営業活動目的の方はご遠慮ください。 ご協力のほどよろしくお願いいたします。
Any participants in violation of our code of conduct may be removed from the event and banned from future events. These guidelines apply to posting to social media / comments sections of the event too.

Please make sure to read our event code of conduct before joining
https://about.mercari.com/en/event-code-of-conduct/

会社&採用ページ / Company + Careers Page

Security / Privacy | Mercari Careers


Mercari Japan
Security Engineer – Mercari
Security Specialist (CSIRT) – Mercari
Security Engineer (Product Security) – Mercari
Security Engineer (Monitoring and Automation, SOAR/SOC) – Mercari
Privacy Specialist – Mercari
IT Security Specialist – Mercari
Security Engineer (CryptoCurrency) – Mercoin
Technical Program Manager, Security - Mercari


Media View all Media

If you add event media, up to 3 items will be shown here.

Feed

mercari_event

mercari_event published Mercari’s Approach to Modern Day Threats #2.

04/07/2022 12:33

Mercari’s Approach to Modern Day Threats #2 を公開しました!