Tsubasa Umeuchi

🗾 Tokyo, Japan.

💼 Security engineer

☎️ Contact

📧 tsubasa.umeuchi [at] gmail.com

🐦 Twitter: https://twitter.com/Sz4rny

🔗 Facebook: https://www.facebook.com/tsubasa.umeuchi

🔗 GitHub: https://github.com/Szarny

🔗 LinkedIn: https://www.linkedin.com/in/tsubasa-umeuchi-a3791013b/

🎓 Education

Master of Science in Information Science

*JAIST: Japan Advanced Institute of Science and Technology (Apr 2020 - Mar 2022)*

Research on Cyber Range and Incident Response.

Bachelor of Software and Information Science

*Iwate Prefectural University (Apr 2016 - Mar 2020)*

Research on Web Browser Security, especially CSP (Content Security Policy).

🏢 Work experience

Security Engineer

*Flatt Security Inc. (Jan 2020 - Now)*

• Standardization of security assessment
• security assessment for web applications and cloud services
• Development of security assessment platform
• Writing some technical articles

Platform Engineer

*CyberAgent Inc. (Mar 2021 - Apr 2023)*

• Operation of Kubernetes cluster
• Contributing to PipeCD project
• Building a unified Policy as Code infrastructure

Web Application Developer

*National Institute of Informatics (Feb 2020 - Mar 2020)*

Engaged in the development of an online academic conference system in response to the expansion of COVID-19.

Trainee

*SecHack365 (May 2019 - Feb 2020)*

Developed a framework for human vulnerability countermeasures in Philosophy Driven Course.

R&D Engineer

*CyberAgent Inc. (Feb 2019 - Mar 2019)*

Engaged in the verification of distributed database OSS and the construction of APIs and container environments to link with existing data analysis infrastructure.

Web Application Developer

Avalon Inc. (Aug 2016 - Dec 2019)

Engaged in the development of server-less web applications using AngularJS and AWS.

📜 Publications & Contributions

📚 Books

🗣 Talks / Events

📝 Posts

🎓 Papers

• 梅内 翼, 小倉 加奈代, Bhed Bahadur Bista, 高田 豊雄: コードインジェクション攻撃対策のためのCSP構成自動化についての提案, 情報処理学会第81回全国大会, Vol.2019, No.1, pp.451-452 (2019)./
• 梅内 翼, 篠田 陽一: A Study on Advanced Analysis of Participants' Behavior in Cyber Defense Exercise Using State Transition Model, コンピュータセキュリティシンポジウム2021論文集, Vol.2021, pp.462-469 (2021).

🔒 Security Contributions

• CVE-2024-29217: Apache Answer: XSS vulnerability when changing personal website
• CVE-2024-1968
• CVE-2020-35305: Discovered and fixed a Reflected XSS in gollum (< 5.1.1)
• Atlassian SourceTree: Arbitrary command execution originating from Terminal function for directories with malformed names [SRCTREE-8628]

🏆 Accomplishments

📰 Qualifications

• TOEIC L/R 930
• ネットワークスペシャリスト
• 情報セキュリティスペシャリスト
• 情報処理安全確保支援士 (未登録)
• AWS Certified Solutions Architect - Associate
• AWS Certified Security - Specialty
• ISC2 Associate

🎖️ Awards

• 奨励賞 - 平成26年度 全国高等学校 情報処理競技大会
• 優秀学生賞 - 岩手県立大学 ソフトウェア情報学部 1年次, 2年次, 3年次
• 学長奨励賞 - 岩手県立大学 令和元年度
• 学長賞 - 岩手県立大学 令和元年度
• 学生奨励賞 - 情報処理学会 第81回全国大会 サイバー攻撃と防御セッション
• 特別採用 - 北陸先端科学技術大学院大学学生給付奨学金
• 経済産業大臣賞 - 第25回サイバー犯罪に関する白浜シンポジウム, 第16回情報危機管理コンテスト
• Misc.

🏃 Activities

• CODE BLUE: Student Staff ('18, '19)
• SECCON Beginners: Staff ('20-), Leader ('21-)
• Security Camp: Attendee ('19), Tutor ('21), Lecturer ('21-mini, ‘22-mini)
• SecHack365: Philosophy Driven Course Trainee ('19)