This article is the entry for day 17 in the KINTO Technologies Advent Calendar 2024 🎅🎄

Hi, I’m Nakanishi from the Manabi-No-Michi-No-Eki (Learning Roadside Station) team. This year, the Learning Roadside Station project was officially launched and later established as a team. As part of this initiative, we also run an in-house podcast, and for this year's Advent Calendar, we’re excited to share some of its episodes with you.

What is Manabi-No-Michi-No-Eki (Learning Roadside Station)

The Learning Roadside Station is a project launched to enhance accessibility and effectiveness of the study sessions that are frequently held within the company. The aim is to promote knowledge sharing by supporting study sessions led by volunteers within the company.

Security & Privacy Study Session

In our Podcast, we interview team members who hold in-house study sessions. It´s called “A Peek into the Study Session Next Door”. Today, we welcome Kuwahara-san, Morino-san, and Kasai-san, who are leading the Security and Privacy Study Sessions. Thank you all for joining us today. Could you start by introducing yourselves?

Interview

Morino-san: I’m Morino from the Security & Privacy Group. It’s a pleasure to be here.

Kasai-san: My name is Kasai, and I’m part of the Data & Privacy Governance Team. Thank you for having me.

Kuwahara-san: I’m Kuwahara from the Security CoE Group. Pleasure to meet you.

HOKA-san: First, could you tell us about your daily work and responsibilities?

Morino-san: Our team is divided into three sub-teams. The Data & Privacy Governance Team, the Information Security Team, and the Cybersecurity Defense Team. The Data & Privacy Governance Team is responsible for establishing rules and implementing governance regarding data and privacy. The Information Security Team conducts assessments based on information security standards. The Cybersecurity Defense Team manages vulnerabilities and investigates threat intelligence.

Kasai-san: My team, the Data & Privacy Governance Team, establishes rules regarding data security management and personal information governance, conducts risk assessments, and reports the results to management.

Kuwahara-san: The Security CoE Group is responsible for the security of cloud environments such as AWS, Azure, and Google Cloud. We set up guardrails to ensure safe cloud usage, monitor security risks, and provide support against potential threats.

HOKA-san: Next, could you tell us more about the Security & Privacy Study Session? What kind of study session is it?

Kuwahara-san: We started this study session to spread security-related knowledge among employees. Last year, we created detailed security guidelines, and to ensure awareness and adoption, we began hosting these study sessions.

Morino-san: Our goal is to establish Security by Design and Privacy by Design as standard considerations in all projects.

Kasai-san: Ultimately, we want engineers to be able to focus on development, while we support them with privacy and security risk management.

HOKA-san: How has the response been so far?

Kuwahara-san: So far, we have hosted four sessions, and the response has been very positive. Many attendees have shared that they found the sessions informative, and we’ve also received valuable feedback for improvements.

Morino-san: Some participants have mentioned that our explanations have become clearer, and we continue to refine our approach.

HOKA-san: What changes do you hope to see at KTC through these study sessions?

Morino-san: We aim to have security and privacy features implemented as standard practices.

Kuwahara-san: Ideally, security should become so natural and ingrained that our roles become unnecessary.

Kasai-san: I want to create an environment where engineers can focus on development with confidence, knowing that security is taken care of.

HOKA-san: Finally, what inspired each of you to pursue this field?

Morino-san: I started in software development and gradually developed a deep interest in security.

Kasai-san: Initially, I wasn't particularly interested in security or privacy, but I became fascinated by governance and its impact.

Kuwahara-san: I began my career as an infrastructure engineer, but after experiencing a security breach on a mail server I was managing, I shifted my focus to security.

HOKA-san: Thank you all for your time today. We hope the Security and Privacy Study Session continues to be a valuable resource for everyone at KTC. Thank you everyone.

This time, we provided details about the Security and Privacy Study Session, the background to its operation, and future prospects. Please look forward to the next study session!