Mercari’s Approach to Modern Day Threats #2

⭐Please register via our Google form below to participate: You can sign up for the event from this Google Form.
https://merc.li/fBPSZrfCa

The schedule for the application deadline is as follows.

• Application deadline: 4/19 (Tuesday)
• We will inform you of the details of how to participate by e-mail at a later date.

📌What we'll do
At Mercari, we are always working on new initiatives to maintain and improve the security of our product and services. Over this two event series we will be introducing the work of the security team at Mercari, the kinds of challenges we face, and the kind of people who are looking for to help us further grow our team in a round of lightning talks.

📌How to join
The event will be held online.
We will inform you of the details of how to participate by e-mail at a later date.

📌 EVENT SCHEDULE (※English with Japanese Interpretation)
19:00-19:15 Opening and Introduction to the Security Team
19:15-19:45 Sec talk #1: Building a Secure Software Development
19:45-20:00 Sec talk #2: Diving into Threat Modeling at Mercari
20:00-20:15 Sec talk #3: Gamifying Security Education: Mercari’s Security Champion Programme
20:15-20:30 Closing and Hiring Positions @ Mercari
20:30-20:45 Q&A Session (Japanese + English with interpretation)
*Contents and timetable may be subject to change

📌 SPEAKER DETAILS
Keisuke Sogawa (@sowawa)
Mercari Group CISO. Keisuke Sogawa completed his studies at the Graduate School of Informatics at Kyoto University, and joined an IPA Mitou Youth company in 2011. He went on to launch WebPay at FluxFlex in Silicon Valley. As the Chief Technology Officer of WebPay, he developed the service infrastructure for credit card payment services. He also worked on the LINE Pay business as part of the LINE Group. He joined Mercari Group in June 2017.

Nikolay Elenkov（@nikolay）
Director of Security Engineering and Strategy. Joined Mercari in July 2020. Currently working on SDLC, automation, security consulting, and expanding Mercari’s security team. After starting his career as a PKI, smart card and enterprise developer, switched focus to mobile and Web security. Author of ‘Android Security Internals’. Android Security Symposium, HITCON, Qualcomm Product Security symposium speaker. Led LINE’s Application Security and Security Development teams, helped start and operate LINE Security Bug Bounty and the Becks security meetup

Gloria Chow (@gloria)
Product Security Engineer. Joined Mercari in November 2017 initially as a Software Engineer in Test, transferred to the Security Team in 2019. Leading threat modeling efforts at Mercari. Also involved in the security design review and penetration testing of new features, and advocating security awareness through organizing and creating content for the Mercari Security Champions program.

Azeem Ilyas (@Azeem)
Product Security Engineer. Joined Mercari’s Security team in October of 2018, and part of the security team for around 3½ years. Previously worked as a Mobile Security Engineer for Samsung in the UK, discovering vulnerabilities in Android and Samsung's Galaxy range of devices (full stack bootloader->app level). Involved in implementing SAST and DAST tools, reviewing design docs, performing penetration tests and helping to build content for the Security Champion programme at Mercari. Also a part of Mercari’s Open Source program office, helping to support Mercari’s OSS internal projects to achieve open source status and ensuring Mercari complies with 3rd party licenses.

Shaokang Sun（@Eli）
Product Security Engineer. Joined Mercari since August, 2018. Worked mainly on security penetration tests and security design reviews on the entire Mercari & Merpay ecosystem for the past years and tried to implement various automated security solutions into the SDLC. Helped implementing and tweaking WAF to protect web and API assets. Also involved in Security Champion program to give speeches and workshops internally to raise company's interest and security awareness.

Jason Fernandes (@json)
Security Strategy Team Manager. Joined Mercari in May 2018. After working as a dedicated interpreter for the security team for 1 year as part of the Global Operations Team, learned the fundamentals of software development and cybersecurity through working with the Security Engineering and Product Security teams and officially joined as a member of these teams, working as a Technical Program Manager for 2.5 years. Established Mercari’s Security Champion Programme, and worked on various other initiatives including making improvements to secure the software development lifecycle, improving the process for vulnerability management, and incident response. Took on the role of manager for the Security Strategy team as of January 2022, and now working on improving the overall project management of security initiatives and building Mercari’s mid-long term roadmap for security together with other teams.