Professional Summary
Seasoned cybersecurity leader with
deep expertise in threat intelligence, incident response,
and security operations management. Currently managing
cross-functional security teams at a Big 4 firm,
implementing advanced XMDR platforms and security
technologies. Bringing unique combination of technical
depth, strategic leadership, and Japanese language
capabilities to drive security innovation in Japan's
evolving cybersecurity landscape.
🛡️ Offensive Security
Advanced red team operations, EDR bypass techniques, MITRE ATT&CK assessments
🔍 Incident Response
Led major ransomware, BEC, and APT investigations across multiple sectors
📊 SOC/MDR Leadership
Built and managed hybrid teams, developed detection engineering frameworks
2025 Conference Presentations in Japan
Reclaiming Cyber Sovereignty
TenguCon 2025 (CFP - Submited)
Why Governments and
Sensitive Industries Must Build Their Own Security Data
Lakes
In an era of escalating cyber threats and geopolitical
complexities, the strategic imperative for governments and
sensitive industries to establish independent
cybersecurity capabilities has never been more critical.
This talk challenges the conventional reliance on
third-party vendors for core security monitoring, arguing
that true cyber sovereignty and enhanced assurance stem
from owning and controlling one's security data.
We will explore how building an in-house security data
lake enables organizations to "watch the watchers,"
ensuring that security controls like EDRs are not bypassed
or abused, potentially by foreign entities. With the
advent of AI, the capacity for internal teams to construct
sophisticated, custom-made cybersecurity stacks is more
accessible than ever, leading to significant long-term
cost reductions, undeniable data ownership, and freedom
from vendor lock-in.
Drawing on over a decade of experience building security
platforms from the ground up, from a startup acquired by a
consulting giant, to a modern iteration at another
consulting firm, this session will dissect the strategic
benefits, common pitfalls, and best practices for
cultivating a nimble, highly capable internal security
engineering team. I will also present a practical mindmap
outlining the technological, human resource, and cost
considerations for such an undertaking.
Breaking Enterprise Security
Coming Soon in 2026
A Systematic Purple
Team Evaluation of Modern Defense Controls
This presentation reveals critical vulnerabilities
discovered during a comprehensive evaluation of three
major categories of enterprise security controls:
Application Control, Endpoint Detection and Response
(EDR), and Next-Generation Firewalls with Zero Trust Edge
Agents. Through systematic offensive testing followed by
defensive analysis, this research demonstrates how
attackers can systematically bypass leading security
solutions and provides actionable guidance for security
teams to detect, prevent, and respond to these techniques.
Application Control Bypass: Attendees
will learn how to analyze enforcement mechanisms in
application control software to identify systematic
bypasses that enable command and control (C2)
establishment. We'll demonstrate techniques to tamper with
self-protection mechanisms and achieve complete security
software removal.
EDR Evasion: Discover how forgotten
techniques can be modernized to achieve C2 execution while
evading current detection capabilities. Learn specific
threat hunting methodologies to identify these techniques
in your environment.
NGFW & Zero Trust Edge Evasion: See
how two different C2 frameworks can be configured to
communicate seamlessly through enterprise network security
controls, and understand the detection opportunities
defenders are missing.
Third Conference Talk
Coming Soon in 2026
SOC/XMDR Platform Development
SOC Alert and Threat Hunt Management System
The SOC Alert and Threat Hunt Management System is a
performance-first security operations platform that
demonstrates why governments and sensitive industries must
maintain sovereignty over their security data
infrastructure. This proof-of-concept, built in my spare
time, addresses critical gaps in existing security tools:
the inability to handle millions of alerts without
performance degradation, inadequate customer and internal
stake holder communication workflows, and the
over-complexity that plagues enterprise SOAR solutions.
Built by SOC practitioners for SOC practitioners, it
showcases how organizations can achieve sub-second
response times even under extreme load while maintaining
complete control over their sensitive security telemetry.
Currently, the project has completed Phase 1 of
development with core MVP functionality including alert
management, case creation workflows, user authentication,
and Docker containerization. The system successfully
demonstrates sub-second performance with 10,000+ alerts,
proper data segregation, and a working analyst interface.
Key Features: Sub-second alert processing at scale • Hybrid database architecture for optimized performance • Dual-interface system with analyst dashboard and customer portal • Role-based access control with complete data isolation • MITRE ATT&CK framework integration for threat hunting • Real-time collaboration via WebSocket updates • JWT-based authentication with MFA support • Docker containerized microservices architecture • Automated case escalation workflows • Customer communication management with SLA tracking • Full-text search across millions of alerts • Audit logging for compliance requirements • Redis-powered caching for instant response times • RESTful API with OpenAPI documentation • Traefik load balancing for high availability
Core Expertise
Technical Leadership
- Security Data Lake Architecture
- MITRE ATT&CK Framework
- Detection Engineering
- Cloud Security (AWS, Azure)
- Threat Intelligence Platforms
Offensive Security
- Red Team Operations
- EDR Bypass Techniques
- Social Engineering
- IoT/Hardware Security
- Purple Team Exercises
Management Excellence
- 20+ Team Leadership
- Strategic Planning
- Process Optimization
- Stakeholder Management
- Cross-cultural Teams