Header start
Content start
Asuka Nakajima
Graduate of the Faculty of Environment and Information Studies
Sept. 30, 2024
- I understand you lived abroad as a child.
My father's work took my family to the United States when I was between two and seven years old, and again from fourteen to sixteen. At fourteen, I still had quite a bit of trouble communicating in English. At the time, I was a bookworm and probably read about two or three hundred books a year. All the while, I constantly wondered about what it was that I wanted to do and what it was that I should do. The one thing I was sure of was that you only live once, so I wanted to live in a way that would make the world a better place. Back then, I was into fantasy and sci-fi and didn't know much about IT. But one day, I came across a book that changed my life: Project SEVEN, a cyber science fiction novel that started as an online series before being published in print.
- What was the story about?
It revolves around a high school girl hacker, about the same age as I was then, who, with the help of a genius programmer, prevents a global cyber-terror attack. The author, Hikaru Nanase, was working as a system engineer when she wrote the novel. I was amazed by the way she depicted cyberspace in such an incredibly realistic way and the fact that you could save the world with just a computer! After reading it, I felt that I was getting closer to understanding my dream of making the world better. From then on, I aspired to be a hacker and improve society through security technology. Many people associate the word "hacker" with criminals who illegally infiltrate computers or networks, but that's a misinterpretation. The term "hacker" was originally used in a positive sense to refer to someone with profound technical skills, but has since become synonymous with cybercriminals in the media, giving the word a negative connotation. For this reason, in Japan, those who use security technology for good are now called "white hackers" ― more commonly known as "white hats" in English ― which is precisely what I aspire to be.
- You returned to Japan just before the age of 17, just in time to prepare for your university entrance exams.
Yes, I transferred to a Japanese high school in the summer of my junior year. That was also around the time I began seriously studying to become a whitehat hacker. That said, I still had no idea how to actually become one. So, I started out by studying for the Systems Administrator Examination (now known as the IT Passport exam). I was completely self-taught. And with my university exams the following year, I had to prepare for those, too. As I began searching for universities that offered programming and information security research, I discovered Keio University's Faculty of Environment and Information Studies. The fact that I could apply by taking an English proficiency test and writing an essay was a huge advantage, given my upbringing in the United States. The curriculum's flexibility and the ability to join a lab from year one were also major attractions. Just four days after enrollment, I emailed Professor Keiji Takeda, a leading expert in intrusion detection systems, to ask if I could join his research lab, and he readily agreed. Prof. Takeda's lab attracts many fascinating and talented students and was a stimulating environment to be in for four years. I started by observing and learning from the techniques of more experienced students. In addition, the Dean of the Faculty of Environment and Information Studies was Prof. Jun Murai, who is known as the "Father of the Internet" in Japan. Prof. Murai believed that every student had potential and treated them as such, and hearing this directly from him left a significant impact on me. Later, when I published my first book, I was very happy to receive a positive review from Prof. Murai.
- You seem to have done plenty of internships and other extracurricular activities while you were at Keio.
Thanks to introductions from my classmates in my lab, I was able to intern at the Japanese offices of Google and Microsoft and at the JPCERT Coordination Center, a non-profit focused on spreading information on computer security. Other experiences included a special class that led to my involvement in a project at what was then Fuji Xerox, where I worked part-time on launching a new cloud service. This helped me reflect on what kind of work suited me best.
- You also participated in security competitions both in Japan and abroad.
I earned the Information Security Specialist certification in my second year at Keio. To further hone my skills, I thought it would be a good idea to participate in security contests like Capture the Flag (CTF). I joined the Japanese team and competed in CTFs against others with similar skills. I also competed at DEF CON CTF, which is considered the world's top competition, held in the United States. It was a humbling experience that reminded me just how formidable the competition is on the global stage.
- After graduating from Keio, you worked at NTT's Service Innovation Laboratory Group.
I chose to work at Nippon Telegraph and Telephone (NTT) Corporation because it is one of Japan's leading information infrastructure companies, and I thought I could quickly translate my research findings into something of use to the world. At NTT, my research primarily focused on detecting and mitigating software vulnerabilities. For instance, if the original software code in a program contains a vulnerability, it can be replicated in other software through copy and paste, leading to what's known as code clone vulnerability. I developed a unique method to detect such vulnerabilities and presented it at an international conference in Russia. When I applied this method in my research, I discovered vulnerabilities within Windows, the world's leading OS, which was a surprising find for me.
At NTT, I also researched the discovery and mitigation of vulnerabilities in OEM-manufactured IoT devices. This research was presented at BlackHat Europe, a major international conference in the field of information security, giving me a valuable opportunity to showcase my work to global media and research institutions.
- You founded CTF for GIRLS in 2014 as Japan's first community for female security engineers while continuing your research at NTT.
The initiative stemmed from my awareness of the lack of women in the field of information security. Ever since I was a student, whenever I attended information security study sessions, the venue was almost always filled with men. Sometimes, I was the only female participant. For many women, an environment like that can be a psychological barrier. So, I thought, why not create a community and workshops exclusively for women? I had just begun my career at the time and had no experience in community management or organizing events. However, with support from the executive committee of SECCON―an information security contest organizer―and with permission from my company, I was able to get the organization up and running. At first, I was worried about how many people would show up for events. But when the doors opened, I was astonished by the large turnout. I thought to myself, "Where have all these female security engineers been?" It was then I realized that so many other women were seeking opportunities like this, just as I had. Since then, each workshop and event has been well attended by many female engineers.
As the representative of CTF for GIRLS, I established three goals: to make the organization sustainable, to broaden the target audience to include students and working mothers, and to produce role models. A decade after its founding, I felt that we had accomplished each of these goals at a certain level, so I decided to step down as representative at the end of 2023. The new representative, Haruka Nakashima, is actually my junior from the same SFC lab, and I intend to keep supporting the organization from behind the scenes.
- In November 2022, you moved from NTT to Elastic, famous for its high-speed search engines.
At NTT, I was able to pursue everything I wanted, and I remain grateful for that. However, I transitioned to Elastic to take the next step in my career. I wanted to gain more experience in the actual development of products and services. In addition to having some of the world's top security engineers, Elastic itself grew out of a culture of open-source software (OSS), where software is made available to the public for free. I hadn't had many opportunities to delve into OSS before, despite being one of the areas I wanted to explore next, so I'm really enjoying my work there now.
- Could you share your future goals and aspirations?
In my twenties, I immersed myself in the world of information security technology, but as I entered my thirties, I started wanting to broaden my horizons. One of the catalysts was the Russian invasion of Ukraine, where cyberspace and reality became deeply intertwined. I realized that in order to prepare for cyberattacks, we must consider not only cyberspace but also the social and cultural backgrounds of the real world. This sparked a desire to learn more about the world. In my twenties, I was focused on achieving my immediate goals, but since entering my thirties, I've aimed to study in ways that will sustain my professional career over the long term. There are still so many things I want to do.
My personal conviction is that you only live once, so you should follow your passion. Of course, there will be times when you can't do what you want or when obstacles block your path. But I urge you not to give up so easily. If you hit a wall, don't focus on the reasons you can't do something―instead, think of the ways you can. This is advice I got from Prof. Takeda. You might also wonder if the choices you’ve made are the right ones or question whether you made the best decision. These aren't my words either, but there's another piece of advice that I hold dear: "Rather than worry about making the right choices, act in ways that make your choices right." My advice to students is to exploit―for lack of a better word―everything during your time at university: classes, labs, and contacts. Use these opportunities to pursue your passions to the fullest.
- Thank you for your time.
Asuka Nakajima
Security Research Engineer at Elastic.
Asuka Nakajima graduated from the Faculty of Environment and Information Studies in 2013. After entering university, she began researching information security with a yearning to become a whitehat hacker who could protect society from cybercrime. Following graduation, she worked at Nippon Telegraph and Telephone (NTT) Corporation's Service Innovation Laboratory Group, where she conducted research on vulnerabilities in software and IoT devices. In 2014, she founded CTF for GIRLS, Japan's first community for female security engineers in Japan and served as its representative until 2023. In November 2022, she joined Elastic, where she is primarily involved in endpoint security research and development.
*This article originally appeared in the 2024 spring edition (No. 322) of Juku.
Footer start
Navigation start