Masayoshi Mizutani

masayoshi-mizutani-bio.md

Masayoshi Mizutani

Overview

Masayoshi Mizutani is a security engineer. In university, he was studying and researching about network-based intrusion detection system and malware analysis. After graduation, he worked for various projects, e.g. SIEM (Security Information & Event Manager) integration, SOC (Security Operation Centor) Analyst, building visualization system of security data and so on.

Interests

• Engineering for Information Security
• Network Security for Defence, Detection and Security Forensics
• Data Visualization and Analysis

Experience

Skill

• Good in ...
  • Development of backend system (from architecture design to code implementation)
    • e.g. Security log management system, continuous security scanning for container image
    • Prefer serverless architecture
  • Security analyst works for Security Operation Center
  • Reading and writing academic paper
• Have experinces of ...
  • Risk management of information security
  • Develop web service
• Not good in ... (sometime mistaken that I'm good in)
  • Penetration testing
  • CTF

Career

Security Engineer in Cookpad Inc. (2017.11 - present)

• Design & Implementation of Security Monitoring System on AWS
  • Security log collection
    • gsuite-log-exporter: Export G Suite audit logs and save them to AWS S3
    • guardduty-log-forwarder: Serverless Application of AWS GuardDuty Log Uploader to S3
    • flowlogconf: Enable AWS flow logs for your all vpc
    • aws-vpcflowlogs-parquet: AWS Lambda based VPC Flow Logs converter to Parquet format
  • Security log search engine with Amazon Athena ( detail )
    • minerva: Security Log Search Engine
    • strix: Web UI of minerva
  • Security alert detection
    • rlogs: A framework to load remote log files in Go
• Deploy monitoring software and integration (e.g. Endpoint Detection & Response tool)
  • falconstream: Event forwarder for CrowdStrike Falcon via API
  • gofalcon: CrowdStrike Falcon API client in Go
  • aws-falcon-data-forwarder: CrowdStrike Falcon log forwarder from falcon S3 bucket to your S3 bucket

Research Staff / Security Analyst in IBM Japan (2011.4 - 2017.10)

• Research Tokyo (2011.4-2015.3, 2016.10-2017.10)
  • Design and implementation of audit log management system
  • Develop extention and solution of integration for Security Information & Event Manager (QRadar)
  • Deploy Security Information & Event Manager into cloud environment
  • Develop system to collect security information of container system
• Security Operation Centor (2015.4-2016.9)
  • Detect and analyze security alerts and report to customer
  • Write biannual SOC trend analysis reports
  • Security operation improvement by automation and tool development

Engineer (Internship) in Internet Systems Consortium (2010.12-2011.3)

• Develop monitoring dashboard for Security Information Exchange

Education

• Ph.D. in Media and Governance, 2010, Keio University
• Master of Media and Governance, 2008, Keio University
• Bachelor of Arts in Environment and Information Studies, 2006, Keio University

Presentations

• 2020.7 Trivy + AWSによるコンテナイメージ脆弱性検査パイプラインの構築
• 2020.1 Amazon Athena を使った セキュリティログ検索基盤の構築 in ログ分析勉強会 vol.2
• 2019.7 AWS re:Inforce recap 2019 in AWS re:Inforce 2019 re:Cap Seminar
• 2019.2 スケーラブルなセキュリティ監視基盤の作り方 in Cookpad TechConf 2019
• 2018.12 Webサービス事業会社におけるEDRの検討と導入の事例 in 第4回 Falcon DAY
• 2018.12 クックパッドのセキュリティログ検索基盤の紹介 in Scramble! #2 Security
• 2018.7 オフィス・AWS環境をセキュリティ監視するためのログ収集
• 2018.5 セキュリティログ分析基盤の構築 on AWS in Security JAWS 【第9回】

Publications

• サーバーレスで作るセキュリティアラート自動対応フレームワーク, 2020.3, Cookpad Developers' Blog
• Amazon Athena を使ったセキュリティログ検索基盤の構築, 2019.11, Cookpad Developers' Blog
• オフィス・AWS環境をセキュリティ監視するためのログ収集, 2018.5, Cookpad Developers' Blog
• Masayoshi Mizutani. システムログ書式の構造に着目したシステム異常検出手法の検討. IPSJ Computer Security Symposium 2018, 2018.
• Masayoshi Mizutani. Method for estimating format of log message and computer and computer program therefor. US9858168B2, 2018.
• IBM Tokyo SOC. IBM Tokyo SOC 情報分析レポート 2016年下半期. [Column4] コマンド&コントロールサーバーのドメイン名は いかにして悪用されるか, 2017.
• IBM Tokyo SOC. IBM Tokyo SOC 情報分析レポート 2016年上半期. [Column2] 2016年上半期におけるメールを利用した攻撃の変遷, 2016.
• IBM Tokyo SOC. IBM Tokyo SOC 情報分析レポート 2015年下半期. 2.3.2 今期確認された不特定多数を 狙ったメールを悪用する攻撃の検知状況, 3.2 Joomlaに対する攻撃, 2016.
• IBM Tokyo SOC. IBM Tokyo SOC 情報分析レポート 2015年上半期. [Column3] 攻撃元 IP アドレスからみる ShellShock 脆弱性を利用した攻撃の分析, 2015.
• IBM Tokyo SOC. IBM Tokyo SOC 情報分析レポート 2014年下半期. [Column3] ドメイン名ブラックリストの有効性, 2015.
• Masayoshi Mizutani. Incremental Mining of System Log Format. SCC ‘13 Proceedings of the 2013 IEEE International Conference on Services, 2013.
• Masayoshi Mizutani, Keiji Takeda, Jun Murai. An Analysis of Web Distributed Malwares and A Proposal of Their Detection Method. IEICE TRANSACTIONS Volume J92-B No.10, pp.1631-1642, 2009.
• Masayoshi Mizutani, Akira Kanai, Keiji Takeda, Jun Murai. A Malware Detection Method based on Communication Commonality – Implementation and Evaluation. IPSJ 2009. Vol.50 No.9, 2009.
• Masayoshi Mizutani, Shin Shirahata, Masaki Minami, Jun Murai. The Design and Implementation of Session Based IDS. IEICE Transactions on Communications (Japanese Edition), IEICE, Vol.89, No.3, pp.46-58, 2005.

Contacts and Social Services

• Mail: mizutani@sfc.wide.ad.jp
• Github: https://github.com/m-mizutani
• Dev: https://dev.to/mizutani
• Twitter: https://twitter.com/m_mizutani
• Blog: https://mztn.hatenablog.com
• Google Scholar: https://scholar.google.co.uk/citations?user=pX7ttVoAAAAJ