Tsubasa Umeuchi

🗾 Tokyo, Japan.

💼 Security engineer

☎️ Contact

📧 tsubasa.umeuchi [at] gmail.com

🐦 Twitter: https://twitter.com/Sz4rny

🔗 Facebook: https://www.facebook.com/tsubasa.umeuchi

🔗 GitHub: https://github.com/Szarny

🔗 LinkedIn: https://www.linkedin.com/in/tsubasa-umeuchi-a3791013b/

🎓 Education

Master of Science in Information Science

JAIST: Japan Advanced Institute of Science and Technology (Apr 2020 - Mar 2022)

Research on Cyber Range and Incident Response.

Bachelor of Software and Information Science

Iwate Prefectural University (Apr 2016 - Mar 2020)

Research on Web Browser Security, especially CSP (Content Security Policy).

🏢 Work experience

Security Engineer

Flatt Security Inc. (Jan 2020 - Now)

• Standardization of security assessment
• security assessment for web applications and cloud services
• Development of security assessment platform
• Writing some technical articles

Platform Engineer

CyberAgent Inc. (Mar 2021 - Apr 2023)

• Operation of Kubernetes cluster
• Contributing to PipeCD project
• Building a unified Policy as Code infrastructure

Web Application Developer

National Institute of Informatics (Feb 2020 - Mar 2020)

Engaged in the development of an online academic conference system in response to the expansion of COVID-19.

Trainee

SecHack365 (May 2019 - Feb 2020)

Developed a framework for human vulnerability countermeasures in Philosophy Driven Course.

R&D Engineer

CyberAgent Inc. (Feb 2019 - Mar 2019)

Engaged in the verification of distributed database OSS and the construction of APIs and container environments to link with existing data analysis infrastructure.

Web Application Developer

Avalon Inc. (Aug 2016 - Dec 2019)

Engaged in the development of server-less web applications using AngularJS and AWS.

📜 Publications & Contributions

📚 Books

🗣 Talks

📝 Posts

🎓 Papers

• 梅内 翼, 小倉 加奈代, Bhed Bahadur Bista, 高田 豊雄: コードインジェクション攻撃対策のためのCSP構成自動化についての提案, 情報処理学会第81回全国大会, Vol.2019, No.1, pp.451-452 (2019)./
• 梅内 翼, 篠田 陽一: A Study on Advanced Analysis of Participants' Behavior in Cyber Defense Exercise Using State Transition Model, コンピュータセキュリティシンポジウム2021論文集, Vol.2021, pp.462-469 (2021).

🔒 Security Contributions

• CVE-2024-29217: Apache Answer: XSS vulnerability when changing personal website
• CVE-2020-35305: Discovered and fixed a Reflected XSS in gollum (< 5.1.1)
• Atlassian SourceTree: Arbitrary command execution originating from Terminal function for directories with malformed names [SRCTREE-8628]

🏆 Accomplishments

📰 Qualifications

• TOEIC L/R 930
• ネットワークスペシャリスト
• 情報セキュリティスペシャリスト
• 情報処理安全確保支援士 (未登録)
• AWS Certified Solutions Architect - Associate
• AWS Certified Security - Specialty
• ISC2 Associate (CISSP)

🎖️ Awards

• 奨励賞 - 平成26年度 全国高等学校 情報処理競技大会
• 優秀学生賞 - 岩手県立大学 ソフトウェア情報学部 1年次, 2年次, 3年次
• 学長奨励賞 - 岩手県立大学 令和元年度
• 学長賞 - 岩手県立大学 令和元年度
• 学生奨励賞 - 情報処理学会 第81回全国大会 サイバー攻撃と防御セッション
• 特別採用 - 北陸先端科学技術大学院大学学生給付奨学金
• 経済産業大臣賞 - 第25回サイバー犯罪に関する白浜シンポジウム, 第16回情報危機管理コンテスト
• Misc.

🏃 Activities

• CODE BLUE: Student Staff ('18, '19)
• SECCON Beginners: Staff ('20-), Leader ('21-)
• Security Camp: Attendee ('19), Tutor ('21), Lecturer ('21-mini, ‘22-mini)
• SecHack365: Philosophy Driven Course Trainee ('19)