TL;DR

Work Experience

Flatt Security Inc.

Chief Technology Officer (CTO)

June, 2021 - PRESENT

Security Engineer

May, 2019 - May, 2021
  • Developing Shisho Cloud, an enabler of Policy as Code concept. In my capacity as a proactive 'doer' during the launch phase, I steered the company through over four significant product pivots within a span of two years. This role encompassed comprehensive responsibilities in Product Management, Business Development, and Product Engineering. My efforts were particularly focused on conducting in-depth user interviews — over 50 in just three months — to accurately identify and address the key challenges in the product security sector. This endeavor required a seamless integration of business insight with technical expertise. Following the initial success and traction of our product, I have transitioned into a role focused on expanding and cultivating our team, rich in international diversity, and leading the company's business strategy through adept product management.
  • Developed KENRO, an e-learning system on secure web application development. In my role as the lead of product engineering for the KENRO project, I was responsible for designing and developing the majority of the initial codebase. A distinctive challenge we tackled was creating a sandbox environment capable of running user-supplied code. This feature, designed to verify users' ability to fix vulnerabilities in the code, is currently undergoing patent review in Japan. During the intensive launch phase of KENRO, my focus was widespread, spanning from hands-on development to strategic business development and sales. Subsequently, I delegated these business and sales responsibilities to our team, a move that has proven successful in establishing KENRO as a sustainable business, now highly regarded by numerous Japanese technology companies.

Lecturer at Web System Design Program (WEBSYS)

November, 2018 - March, 2024

Student Researcher at IBM Research - Tokyo

March, 2018 - Feburary, 2019
  • Worked on DNS Security and contributed to invent a method to detect homograph attacks.

Part-Time Security Engineer at IERAE Security Inc.

September, 2017 - April, 2019
  • Did vulnerability testing of Web applications.

Education & Certifications

Faculty of Science, the University of Tokyo

April, 2017 - March, 2021
  • Received B.Sc. in Information Science, as a student of Hagiya Laboratory.
  • The reference GPA is about 3.82/4.0; the value is based on Japan-U.S. Educational Commission since the University of Tokyo does not provide the official GPA.
  • 93 credits in Senior Devision (Department of Information Science): 42 A+ (優上; 100-90), 30 A (優; 89-80), 7 B (良; 79-65), 8 C (可; 64-50), 6 Pass (for pass-or-fail basis credits)
  • 69 credits in Junior Devision (College of Arts and Sciences): 37 A+ (優上; 100-90), 23 A (優; 89-80), 3 B (良; 79-65), 0 C (可; 64-50), 6 Pass (for pass-or-fail basis credits)

TOEFL iBT

February, 2021
  • Score: 91/120 (Reading: 27/30, Listening: 23/30, Speaking: 17/30, Writing: 24/30)
  • I've experienced 1-2 years of of working with English-speaking colleagues after this test ― I believe my English skills have improved since then :-)

Publications

ハンズオンWebAssembly

2022, オライリージャパン
  • ISBN: 978-4-8144-0010-2
  • Author: Gerard Gallant
  • Translator: 北原 憲, 洲崎 俊, 西谷 完太, 磯野 亘平, 米内 貴志 (me)
  • See this page for further information of this book.

詳解セキュリティコンテスト

2021, 株式会社マイナビ出版
  • ISBN: 978-4-839973-49-0
  • Author: 梅内 翼, 清水 祐太郎, 藤原 裕大, 前田 優人, 米内 貴志 (me), 渡部 裕
  • See this page for further information of this book.

Webブラウザセキュリティ

2021, ラムダノート株式会社
  • ISBN: 978-4-908686-10-8
  • Author: 米内 貴志 (me)
  • See this page for further information of this book.

Verification of Microservices Using Sidecar Proxy and Distributed Traces

2021, Bachelor Thesis
  • Here is an abstract of the paper.
  • Please email me to get the full version.

Comprehensive homographic string detection

2018, US Patent
  • Inventor: Takashi Yoneuchi (me), Yuji Watanabe, Fumiko Akiyama
  • Patent ID: US20200134102A1
  • Invented with my colleagues at IBM Research - Tokyo.

R&D Projects

Research and Development of Next-Gen Quantum-Classical Programming Language

June, 2021 - February, 2022
  • Developping Qitten, a next-gen quantum-classical programming language.
  • This project was supported by MITOU Target Program, a research grant for quantum projects.
  • Reference: a project summary page
  • Reference: slides

Development of a Tiny Web browser with V8 JS engine

May, 2021 - August, 2021
  • Developed puppy, a tiny Web browser written in Rust for educational purposes.
  • It's about 4k lines of code including tests.
  • it can parse HTML/CSS, render it in your terminal, and even execute JavaScript with the v8 engine!
  • Reference: the GitHub repository for this project.

Development of Linux-compatible RISC-V CPU on FPGA from scratch

December, 2019 - March, 2020

Research on Blind Regular Expression Attack

September, 2019 - February, 2020

Volunteer Experience

Security Camp Committee

全国大会専門コースプロデューサ

2022 - 2023

講師グループ

2019 - 2023

企画推進グループ

2018 - 2021
  • Provided some training courses on Web/product security.
  • Supported trainers technically and mentally.

SECCON Commitee

Leader of CTF WG

April, 2021 - March, 2022

Leader/Staff of Beginners WG

April, 2017 - March, 2021
  • Organized CTFs and trainings for beginners.

Vulnerability Research on Popular Products

  • Finding vulnerabilities of widely-used applications to make the world more secure!
  • See this page to check a full list of CVEs.

Honors and Awards

3rd place as Head Captain of Team Asia, International Cybersecurity Challenge 2023 (ICC)

2023

Bachelor Degree Scholarship, 一般財団法人知可子育英支援財団

2017 - 2020

1st place as team dodododo, SECCON CTF 2019 Finals (Domestic)

2019

1st place as team dodododo, SECCON CTF 2018 Finals (Domestic)

2018

3rd place as team dodododo, SECCON CTF 2017 Finals (International)

2017

1st place as team dodododo, SECCON CTF 2013 Hokkaido

2013

Other Activities

For further information about me (e.g. contributed articles, talks, projects, ...), you can check a full list of them at this page.

Presentations

プロダクトセキュリティの「共通言語」を作る ― 技術教育と Policy as Code を例に / Language for Product Security

プロダクトセキュリティの「共通言語」を作る ― 技術教育と Policy as Code を例に / "Language" for Product Security (2023/10)

SREを以てセキュリティエンジニアリングを制す / SRE, Security Engineering, and You

SREを以てセキュリティエンジニアリングを制す / SRE, Security Engineering, and You (2023/09)

AWSのセキュリティ管理をPolicy as Codeで加速する ― 最高のCSPM体験を目指して

AWSのセキュリティ管理を Policy as Code で加速する ― 最高のCSPM体験を目指して (2023/09)

開発者体験をむしろ向上させるセキュリティ施策のイロハ | Policy as Code の理論と実践 (2023/06)

開発者体験をむしろ向上させるセキュリティ施策のイロハ ― Policy as Code の理論と実践 (2023/06)

Eliminating ReDoS with Ruby 3.2

Eliminating ReDoS with Ruby 3.2 ― #RubyKaigiC (2023/05)

実践 SpiceDB - クラウドネイティブ時代をサバイブできるパーミッション管理の実装を目指して / Practical SpiceDB

実践 SpiceDB - クラウドネイティブ時代をサバイブできるパーミッション管理の実装を目指して (2022/08)

ソフトウェアサプライチェーンセキュリティのこれから

ソフトウェアサプライチェーンセキュリティのこれから (2022/08)

古典・量子ハイブリッドな高機能プログラミング言語の設計及び処理系の開発

古典・量子ハイブリッドな高機能プログラミング言語の設計及び処理系の開発 (2022/02)

Developer-First Security という考え方

Developer-First Security という考え方 (2021/09)

ちいさな Web ブラウザを作ってみよう(オンライン講義版)

ちいさな Web ブラウザを作ってみよう オンライン講義版 (2021/08)

Go をセキュアに書き進めるための「ガードレール」を整備しよう

Go をセキュアに書き進めるための「ガードレール」を整備しよう (2021/04)

すこしだけマクロな視点から捉える Web セキュリティ

すこしだけマクロな視点から捉える Web セキュリティ (2021/03)

マクロな視点から捉える Web セキュリティ

マクロな視点から捉える Web セキュリティ (2020/11)

Web クライアントサイドの攻防

Web クライアントサイドの攻防 (2021/05)

正規表現とセキュリティ / Regular Expressions and Their Security-Related Aspects

正規表現とセキュリティ (2020/03)

2019 年度 CPU 実験 余興: Linux が動く RISC-V CPU を作る

2019 年度 CPU 実験 余興: Linux が動く RISC-V CPU を作る (2020/02)

Revisiting ReDoS: A Rough Idea of Data Exfiltration by ReDoS and Side-channel Techniques

Revisiting ReDoS: A Rough Idea of Data Exfiltration by ReDoS and Side-channel Techniques (2020/02)

体系的に学ぶモダン Web セキュリティ (#seccamp 全国大会 2019 B5)

体系的に学ぶモダン Web セキュリティ (#seccamp 全国大会 2019 B5) (2019/08)

Gimme a bit! - Exploring Attacks in the Post-XSS World

"Gimme a bit!" - Exploring Attacks in the "Post-XSS" World (2019/05)

あなたの履歴を狙う攻撃たち / Eyes on Your Browsing History

あなたの履歴を狙う攻撃たち / Eyes on Your Browsing History (2018/11)

Web セキュリティ入門 - 攻撃者の狙いを先読みする

Web セキュリティ入門 - 攻撃者の狙いを先読みする (2018/11)

CSS Injection ++ - 既存手法の概観と対策

CSS Injection ++ - 既存手法の概観と対策 (2018/08)

Tangled World of Web Technology

Tangled World of Web Technology ― Are we safe? (2018/08)

XSS in the era of *.js

XSS in the era of *.js - JS ライブラリ時代の XSS (ゼロから始めるセキュリティ入門 勉強会 #14) (2018/04)

CSP_akiba

Introduction: Content Security Policy (ゼロから始めるセキュリティ入門 勉強会 #14) (2018/03)