Hiroki (rung) Suezawa- Security Engineer at GitLab
- Trainer of Japan Security Camp (2022-2024) / セキュリティキャンプ全国大会講師(2022-2024)
- Pronunciation: Hiro(HEE-roh), Suezawa-san or rung
- Pronouns: he/him
- Location: Tokyo, Japan
- Black Tea lover (My Japanese Article about tea: 自宅で美味しい紅茶を飲む)
- Email: suezawa[at]gmail.com
Interest
- Programming
- Go
- Protocol
- TLS, HTTP, HTTP2, SMTP, DNS
- Security
- Linux, Network, Container, Kubernetes, Cloud(GCP), Malware
- DevSecOps and Supply-chain
- IaC(Terraform), SAST, CI/CD Pipeline, Supply-chain Security
I’ve contributed to Gosec, Falco, etc.
Slides/Blogs
2023
- June 28: How OIDC can simplify authentication of GitLab CI/CD pipelines with Google Cloud (GitLab Blog)
2022
- Aug 10: Dangerous attack paths: Modern Development Environment Security - Devices and CI/CD pipelines (Security Camp 2022)
2021
- Oct 20: Attacking and Securing CI/CD Pipeline - CODE BLUE 2021 Opentalks
- Oct 14: How to secure your Kubernetes cluster on Google Cloud - セキュアなGKEクラスタのつくりかた (Google Cloud とmercari に学ぶ!Kubernetes の活用法とセキュリティ)
- Jul 7: Achieving Security Compliance Monitoring with Open Policy Agent and Rego (Open Policy Agent Rego Knowledge Sharing Meetup)
- Apr 23: Phishing Detection and Automation For Customers -フィッシング対策自動化について (Council of Anti-Phishing Japan(フィッシング対策協議会) 第2回フィッシング対策勉強会)
- Overview and References
- The slide is not published
2020
- Oct 17: The State of Messaging Security 2020: メールおよびメッセージングアプリのセキュリティプロトコルの現在
- Apr 23: Kubernetes Security For Microservices (Kubernetes Meetup Tokyo #30)
- Jan 22: Exploitation Fundamentals (Mercari Internal Training)
2018
- Dec 28: Protocol for Web 2018 (Internal Presentation)
Reviews
- OWASP Top 10 CI/CD Security Risks (Created by Cider Security)
- Restructuring the Kubernetes Threat Matrix and Evaluating Attack Detection by Falco - Sep 2022
- Supply-Chain Security: Evaluation of Threats and Mitigations - Dec 2022
Talks
2021
- Nov 15: DevOps時代のセキュリティ事情
- Video Archive (日本語/Japanese) * Findy’s account is required.
2021
- Jul 13: Container Security with rung (e34.fm)
2020
- Nov 2: Gophers Office Hours #14 Goとセキュリティ vol.2
- Oct 19: Gophers Office Hours #13 〜セキュリティ回〜
- (Guest Commenter) Sep 8: Gophers Office Hours #10 〜コンパイラ、低レイヤ回 vol.2〜
- (Guest Commenter) Aug 18: Gophers Office Hours #8 〜自作コンパイラ、低レイヤ回〜
Interviews
2022
- Sep 21th: Mercari’s Security Engineering Team: Taking on New Challenges and Supporting a Broad Scope of Functions Across a Flat Team Structure (English / Japanese) - mercan
- Sep 16th: セキュリティって本当におもしろい!──「セキュリティ・キャンプ」で講師を務めた二人による“セキュリティよもやま話” (Japanese) - mercan
2020
- Oct 19th: Protecting Mercari from Cyberattacks! The Security Team Discusses Who Makes A Good Candidate for the New CSIRT/SOC #WorkWithMercari - mercan
Career
- Details are here (Linkedin)
- Jan 2023 -: GitLab
- Feb 2019 - Jan 2023: Mercari, Inc.
- Apr 204 - Jan 2019: Nomura Research Institute, Ltd.
- July 2015 - Jan 2019: Security Engineer - NRI SecureTechnologies, Ltd.
- Apr 2014 - June 2015: Application Engineer
- (Education) Keio University, Tokyo, Japan.
- Faculty of Environment and Information Studies
- Apr 2010 - Mar 2014
Certifications
- GEIR (GIAC Enterprise Incident Response) Nov, 2024
- OSEP (Offensive Security Experienced Penetration Tester) Sep, 2021
- GDAT (GIAC Defending Advanced Threats) Jul, 2021
- OSCP (Offensive Security Certified Professional) Mar, 2021
- CKS (Certified Kubernetes Security Specialist) Jan, 2021
- CKA (Certified Kubernetes Administrator) Aug, 2020
- CISSP (Certified Information Systems Security Professional) Jul, 2020
- GXPN (GIAC Exploit Researcher and Advanced Penetration Tester) Jul, 2018
- GCFA (GIAC Certified Forensic Analyst) Mar, 2018
- GREM (GIAC Reverse Enginnering Malware) Mar, 2017
- 情報セキュリティスペシャリスト (Information Security Specialist, issued by IPA) Dec, 2014
- 応用情報技術者 (Applied Information Technology Engineer, issued by IPA) Jun, 2014