Kana Shinoda is a well known persona in the security field, she is the organizer of Code Blue and APWG, a review board of HITB, and was a coordinator of Black Hat Japan, Conference Coordinator and CTF Interpreter of AVTOKYO and the list can go on and on. We had the honor to interview her =]
Q: How many years are you in the security field and what was your motivation to get into it the first place?
A: I have been in the security field since 1998 – So it would be about 18 years!!! Wao!!!
I joined a Japanese company and they placed me at the “security and system administration division“, since I knew English, Japanese and Computer Science. Back than, most of the security products, services, information was in English (I think still it is).
Q: What is your field of expertise?
A: Networking technology, cryptography, etc. But to people here I am mostly known as an event organizer, a coordinator and for networking.
Q: Could you please tell us about the Japanese security community? how big was it when you joined them?
A: In the beginning I didn’t know anyone from the Japanese security community, so I didn’t join them. I joined the community through different events that the community organized, there weren’t that many events, but when one of those communities had one, I heard there were 300 security researchers gathered.
Q: How big is the Japanese security community at the moment?
A: Today I am trying to grow the community through security conferences like AVTOKYO, CODE BLUE, SECCON, and people trying also and through CSIRT םr any kinds of security theme related events… But there is no one “counting” the people, so it is hard to tell…
Q: How has the security community changed in Japan in the past 5 years?
A: CTF competitions and IoT security research have increased the number of students and youth in security related studies. Corporations and private people are participating the security activities. More business people, government and investment companies are taking part in the community.
Q: Are there special programs for students that want to get into the security research field?
A: There are several programs:
- Security Camp by IPA (METI)
- CTF4Girls (SECCON at JNSA)
- Study groups in local area (Volunteer/Maccha)
And there are more schools that have the security courses (University/Special High School etc.,)
Q: Why did you decide to get involved in the security community (both the international and local community)?
A: Because I liked it. I was away from security for a couple of years and focused on the business development consulting as my job. I quit that job, the Black Hat conference brought me back into the security community.
In your opinion, does the security community in Japan is open to the international community?
A: Not really, To me, it looks like they are afraid of the language barrier. I have been trying to change that. I think that if we offer translation, without worry about the travel cost to invite, the Japanese security researchers may feel more comfortable and willing to open to the international community perhaps.
Q: You are the Code Blue security conference organizer, why did you decide to organize Code Blue in the first place?
A: For a many reasons… The main reason being that we (Japan security community) didn’t have a good conference like Black Hat Japan, so I decided to make one.
In the beginning I was afraid of being the founder of security conference. I was looking for a male “hacker” who is well known and skilled security researcher in the security community, that I can assist him in organizing the international conference. I knew that the hacker world is male society and the founders of the conferences are one of the main reasons security researchers come and take part in them. AVTOKYO conference is was created with this logic, but I understood that nobody is as capable and as passionate enough about security conferences than myself, and I was told I should do it. So I did it.
Q: Do you remember the first conference? ( How many people attend? / How many talks / topic etc)
A: In the first Code Blue conference there were 400 attendees, and 12 talks. Topics were car hacking / SCADA hacking / CTF education etc. Jeff Moss and Chris Eagle were the keynote.
I remember some organizations were worried about the Chris Valasek talk (“The Current State of Automotive Security”). So I explained so many times to so many people that they don’t need to be worry. I was determined to have Chris have his talk in the conference even if anybody tried to stop us.
Q: Did you ever thought that Code Blue will be the conference it is today?
A: Yes I did.
Q: How complex is it to organize a hackers conference? – and do you have any funny stories?
A: A lot of funny stories. Speaker not showing up is a common one… Sponsor don’t like the talks… Government being very worried…
Controversial between sponsors and talks are always issue. It is understandable that some sponsor don’t like their products vulnerabilities to be presented in public. So we all should keep trying hard to coordinate well and balance.
Q: How do you choose lecture topics?
A: Our review board selects them from the CFP, in addition to our committee the keynote speakers provide their insight and suggestions.
We always try to pick some futuristic topic, such as something the audience will see in the future, and that engineers can prepare for and learn the skills before it becomes the “present”.
Q: What is you favorite security conference?
A: Good question, but hard to answer. I like security conferences where hackers feel freedom and professional organizer.
Q: What kind lecture you like to attend? listen to?
A: Many kinds actually. It is always changing, but usually, I go to lectures about new concepts, something drastically changing our world in a good way.
Q: What do you love the most in conferences? (conference events – CTF / hacking village / Hack the badge, drinking parties etc)
A: Some kind of competitions always brings enthusiasm. Parties are also good – I love to see people bonding together, and making friends.
Q: What you don’t like in today’s international security community?
A: In my opinion, there are more and more involvement from shady companies, government organizations and militaries. That makes things smokey – not a pure technology, maybe there is no more such a pure place.
Q: What’s the single piece of advice you would give to someone seeking out a career in the security filed?
A: I don’t know… maybe “do not isolate yourself”. In addition, I hope they get a job in the security field because they like it, not because of the money.
It was a pleasure, Kana, to talk to you
You’re welcome. 🙂