Mercari’s Approach to Modern Day Threats #2
Organizing : 株式会社メルカリ
Registration not needed, or register on another site.
申込方法 / How to Sign Up
Applications are now closed. Thank you for your application.
イベント概要 / Event Summary
Mercariではサービス、会社組織全体の安全性を維持・向上するため、常に情報セキュリティへの取り組みを強化しています。 本イベントではセキュリティチームが取り組んでいる活動や、実際の業務内で取り組んでいる課題の一部を2つのEventに別けてLighting Talkを通して紹介します。現在募集しているセキュリティのポジションも紹介します。
* English with Japanese Interpretation
At Mercari, we are always working on new initiatives to maintain and improve the security of our product and services. Over this two event series we will be introducing the work of the security team at Mercari, the kinds of challenges we face, and the kind of people who are looking for to help us further grow our team in a round of lightning talks.
参加方法 / How to join
The event will be held online.
We will inform you of the details of how to participate by e-mail at a later date.
タイムテーブル / Schedule
|19:00-19:15||オープニング＆セキュリティチームのご紹介 / Opening and Introduction to the Security Team|
|19:15-19:45||Sec talk #1: Building a Secure Software Development Lifecycle at Mercari|
|19:45-20:00||Sec talk #2: Diving into Threat Modeling at Mercari|
|20:00-20:15||Sec talk #3: Gamifying Security Education: Mercari’s Security Champion Programme|
|20:15-20:30||クローズ＆募集職種紹介 / Closing and Hiring Positions @ Mercari|
|20:30-20:45||Q&A Session (Japanese + English with interpretation)|
※内容、タイムテーブルは変更になる可能性がございます。 / Contents and timetable can be changed.
登壇者紹介 / Speakers
Keisuke Sogawa (@sowawa)
Mercari Group CISO. Keisuke Sogawa completed his studies at the Graduate School of Informatics at Kyoto University, and joined an IPA Mitou Youth company in 2011. He went on to launch WebPay at FluxFlex in Silicon Valley. As the Chief Technology Officer of WebPay, he developed the service infrastructure for credit card payment services. He also worked on the LINE Pay business as part of the LINE Group. He joined Mercari Group in June 2017.
Director of Security Engineering and Strategy. Joined Mercari in July 2020. Currently working on SDLC, automation, security consulting, and expanding Mercari’s security team.
After starting his career as a PKI, smart card and enterprise developer, switched focus to mobile and Web security. Author of ‘Android Security Internals’. Android Security Symposium, HITCON, Qualcomm Product Security symposium speaker. Led LINE’s Application Security and Security Development teams, helped start and operate LINE Security Bug Bounty and the Becks security meetup
Gloria Chow (@gloria)
Product Security Engineer. Joined Mercari in November 2017 initially as a Software Engineer in Test, transferred to the Security Team in 2019. Leading threat modeling efforts at Mercari. Also involved in the security design review and penetration testing of new features, and advocating security awareness through organizing and creating content for the Mercari Security Champions program.
Azeem Ilyas (@Azeem)
Product Security Engineer. Joined Mercari’s Security team in October of 2018, and part of the security team for around 3½ years. Previously worked as a Mobile Security Engineer for Samsung in the UK, discovering vulnerabilities in Android and Samsung's Galaxy range of devices (full stack bootloader->app level). Involved in implementing SAST and DAST tools, reviewing design docs, performing penetration tests and helping to build content for the Security Champion programme at Mercari. Also a part of Mercari’s Open Source program office, helping to support Mercari’s OSS internal projects to achieve open source status and ensuring Mercari complies with 3rd party licenses.
Product Security Engineer. Joined Mercari since August, 2018. Worked mainly on security penetration tests and security design reviews on the entire Mercari & Merpay ecosystem for the past years and tried to implement various automated security solutions into the SDLC. Helped implementing and tweaking WAF to protect web and API assets. Also involved in Security Champion program to give speeches and workshops internally to raise company's interest and security awareness.
Jason Fernandes (@json)
Security Strategy Team Manager. Joined Mercari in May 2018. After working as a dedicated interpreter for the security team for 1 year as part of the Global Operations Team, learned the fundamentals of software development and cybersecurity through working with the Security Engineering and Product Security teams and officially joined as a member of these teams, working as a Technical Program Manager for 2.5 years. Established Mercari’s Security Champion Programme, and worked on various other initiatives including making improvements to secure the software development lifecycle, improving the process for vulnerability management, and incident response. Took on the role of manager for the Security Strategy team as of January 2022, and now working on improving the overall project management of security initiatives and building Mercari’s mid-long term roadmap for security together with other teams.
行動規範について / Event Code of Conduct
This event is a forum for sharing information with participants. Therefore, all participants, including the organizer, are required to agree to the Code of Conduct as described in the following pages. We appreciate your understanding and cooperation.
参加目的が不適切だと判断される場合には、運営側でキャンセルさせていただく場合がございます。ご了承ください。 会場内だけでなく、ブログやSNSなどでの発信、コメントをされる際にも、行動規範への違反がないかご留意ください。営業活動目的の方はご遠慮ください。 ご協力のほどよろしくお願いいたします。
Any participants in violation of our code of conduct may be removed from the event and banned from future events. These guidelines apply to posting to social media / comments sections of the event too.
Please make sure to read our event code of conduct before joining
会社&採用ページ / Company + Careers Page
●Security Engineer – Mercari
●Security Specialist (CSIRT) – Mercari
●Security Engineer (Product Security) – Mercari
●Security Engineer (Monitoring and Automation, SOAR/SOC) – Mercari
●Privacy Specialist – Mercari
●IT Security Specialist – Mercari
●Security Engineer (CryptoCurrency) – Mercoin
●Technical Program Manager, Security - Mercari
Media View all Media
If you add event media, up to 3 items will be shown here.