$30 off During Our Annual Pro Sale. View Details »

KRAF Impact Report 2024(English)

KRAF Impact Report 2024(English)

宮崎発のサイバーセキュリティ企業である株式会社クラフ(本社:宮崎県宮崎市、代表取締役:藤崎 将嗣、以下クラフ)は、おかげさまで2024年11月、創業から7年を迎えました。この度当社が注力してきた人材育成の取り組みや社会課題に対する取り組み、成果を「KRAF Impact Report 2024」として公開しました。

株式会社クラフ

November 29, 2024
Tweet

More Decks by 株式会社クラフ

Other Decks in Business

Transcript

  1. Impact Report 2024 Delivering lasting peace of mind to society,

    communities, and people through cybersecurity
  2. PURPOSE To Continue to be a company that provides peace

    of mind In a highly competitive market, we aim to provide peace of mind to society through our cybersecurity business. By cultivating careers that are in high demand, fostering continuous growth, instilling confidence and pride in our employees, we can ensure their peace of mind as well. We aspire to be the No. 1 cybersecurity company from Miyazaki, creating 1,000 jobs, and fostering a sustainable environment where both society, community, and employees feel peace of mind. VISION From Miyazaki, to be the No. 1 cybersecurity company MISSION Creation of 1,000 jobs CORE VALUE Turning IT novices into professionals
  3. Urban-Rural Divide Shortage of Cybersecurity Workforce Cybersecurity Gap KRAF was

    founded by the president Fujisaki, who experienced firsthand the difficulties of breaking into the IT industry from a rural area. By accepting and nurturing individuals who aspire to join the IT industry, we aim to create jobs in Miyazaki and cultivate IT professionals to provide cybersecurity to society. Through our daily business activities, we are committed to addressing social issues such as the urban-rural divide, the shortage of cybersecurity workforce and the cybersecurity gap. 01 The Social Issues We Aim to Resolve
  4. Social Issues Changes in industrial structure, particularly since the high-growth

    period of the 1960s in Japan, have widened a gap between urban and rural areas. Through historical turning points such as the Industrial Revolution and high economic growth, advanced countries have witnessed a shift in industrial structure from agricultural to industry and then to the service sector. As a result, urban areas have become hubs for corporate headquarters, manufacturing, and high-paying jobs. The emergence of new industries, such as IT, has created a wide variety of career options. These factors have led to a migration of young people to urban areas in search of career opportunities. The growing urban workforce has spurred investments in urban infrastructure, such as transportation, healthcare, and education, further accelerated the migration of people from rural to urban areas. Meanwhile, rural areas have faced a declining workforce and economic stagnation. This has led to disparities not only in wages but also essential services, creating a cycle of intergenerational inequality. This trend is not unique to Japan. Globally, both developing and emerging countries are experiencing growing disparities. Urban-Rural Divide of high school graduates find jobs out of prefecture 40% Approx. (※2) of university students go to universities out of prefecture 75% Approx. Population Outflow Wage Gap The average wags is 70% (※1) approx. of Tokyo’s Tokyo Miyazaki Gap ※1 Ministry of Health, Labour and Welfare | Basic Survey on Wage Structures, 2023 https://www.mhlw.go.jp/toukei/itiran/roudou/chingin/kouzou/z2023/index.html The current trends of wages and population outflow in Miyazaki Prefecture ※2 Miyazaki Prefecture | Summary of the FY2023 School Basic Survey (Miyazaki Prefecture) (as of May 1, 2023) https://www.pref.miyazaki.lg.jp/tokeichosa/press/2024/02/20240123113015.html
  5. The demand for cybersecurity workforce has surged due to the

    digitalization of society and the escalating threat of cyberattacks. However there is a significant gap between supply and demand. According to a 2023 survey conducted by ISC2 , while the number of cybersecurity workforce has grown to about 5.5 million, there is still a shortage of about 4 million, indicating a widening gap between supply and demand. In Japan alone, there is an estimated shortage of 110,000 cybersecurity workforce. We believe that the primary reason for this shortage is the high skill set required for cybersecurity, making it difficult for individuals without advanced degrees or relevant work experience to enter the field. For workers, cybersecurity can be daunting challenge to pursue. For companies, the reliance on individual skills for cybersecurity operations has hindered scalability. This structure further complicates the resolution of the cybersecurity workforce shortage. 宮崎県における賃金や人口流動の現状 Global Cybersecurity Workforce Gap What is Cybersecurity Workforce? ※3 ISC2 | Cybersecurity Workforce_Study, 2023  https://www.isc2.org/-/media/Project/ISC2/Main/Media/documents/research/ISC2_Cybersecurity_Workforce_Study_2023.pdf ※4 Ministry of Economy, Trade and Industry | Guidelines for Building a Cybersecurity Framework and Developing a Cybersecurity Workforce https://www.isc2.org/-/media/Project/ISC2/Main/Media/documents/research/ISC2_Cybersecurity_Workforce_Study_2023.pdf Individuals whose primary role is to implement and maintain cybersecurity measures. (※4) (※3) (※3) Social Issues Shortage of Cybersecurity Workforce
  6. In today’s world where many companies form supply chains to

    provide products and services, it is not just large enterprises that are expoed to the cyberattacks. Despite this, many small and medium-sized enterprises (SMEs) lack adequate cybersecurity measures. While large enterprises can afford specialized cybersecurity teams and advanced cybersecurity products or services, SMEs often struggle with limited workforce, technical expertise, and financial resources, making it difficult for them to take sufficient cybersecurity measures. If a company fail to implement adequate cybersecurity measures, the consequences can be severe for both the company and society as a whole. A company itself may suffer from data breaches and service disruptions due to cyberattacks. Furthermore such incidents can ripple through the entire supply chain, affecting business partners, related companies and end users, causing significant social impacts. In other words, leaving behind companies that cannot implement cybersecurity measures can leave society vulnerable to widespread cybersecurity risks. Lack of workforce Lack of technical expertise Lack of financial resources Cybersecurity risks within the supply chain are escalating Impact on Businesses Impact on consumers The possibility of personal data breaches and critical infrastructure failure is increasing SMEs find themselves unable to implement adequate cybersecurity measures due to... If they are left behind... Social Issues Cybersecurity Gap
  7. With the purpose of “to Continue to be a company

    that provides peace of mind”, we are committed to addressing social issues such as “urban-rural divide”, “shortage of cybersecurity workforce”, and “cybersecurity gap”. From cybersecurity sector, we aim to provide peace of mind to a diverse range of stakeholders, including employees, clients, business partners, local communities, government agencies, the cybersecurity industry, and NPOs/NGOs. This is the social impact that our business activities can bring. 02 Our Initiatives
  8. Our Initiatives | Overall Picture Our three initiatives to address

    social issues are not independent of each other but are organically connected, establishing sustainability. Bridge Urban-Rural Devide Eliminate Cybersecurity Gap Resolve Shortage of Cybersecurity Workforce Use S4 development / derivery Cybersecurity management system S4 Turning IT novices into professionals Delivering cybersecurity services Use Vulnerability assessment Monitoring service Standardization Systemization Fostering IT professionals Giving back through career Overall Picture
  9. Developing a Cybersecurity Engineer Educational Framework For the past seven

    years since our establishment in 2017, we have been recruiting and nurturing IT professionals from non-IT backgrounds in Miyazaki Prefecture, a rural area in Japan. We have particularly focused on cultivating cybersecurity engineers, a field that was previously scarce in the region, and have successfully trained 173 individuals. This impact has been made possible by our innovative approach of standardizing and systematizing of cybersecurity techniques to create a robust educational framework that empowers IT novices to acquire the necessary skills and advance their careers. By analyzing and breaking down the work process of highly-skilled security engineers, we identified and quantified essential tasks and skills such as judgement, reasoning, and administrative abilities. This analysis enabled us to develop a robust educational framework. Today, we can train individuals to become active cybersecurity engineers in approx. six months. Fostering diverse career paths and brighter future Since 2018, we have actively hired individuals with no IT experience and have successfully developed 173 security engineers. Our employees, who have diverse backgrounds, such as nursing, manufacturing, and retail, have transformed into proficient security engineers through our comprehensive education and training programs. We also provide diverse career paths including standardization engineering and education. a total of 173 We have trained cybersecurity engineers since our founding Transitioning of IT novices into professionals in Miyazaki to Drive Rural Job Creation Our Initiatives | to Bridge Urban-Rural Divide
  10. Our initiative to transform IT novices into skilled cybersecurity personnel

    has helped to address the chronic shortage of cybersecurity workforce. With standardization and systematization, we have clarified the complex tasks and skills required to provide cybersecurity services. This has enabled us to cultivate cybersecurity personnel from individuals with no IT experience. Standardization has also eliminated the reliance on individual expertise, allowing us to deliver consistent, high-quality cybersecurity services to a wider range of clients. Since our founding 7 years ago, KRAF has grown to a team of 150 and conducted over 10,000 vulnerability assessments as a group company. Through these efforts, we are addressing the cybersecurity workforce shortage and contributing to safer digital world. Government agencies Telecommuni- cations and manufacturing Financial Medical and welfare Logistics and distribution Retail and wholesale and so on ----------------------------Industry---------------------------- Number of vulnerability assessments provided 11,000 projects ※including delivery as a group company Delivering Consistent, High-quality Cybersecurity Services through Standardization and Systematization Our Initiatives | to Resolve Shortage of Cybersecurity Workforce What is Vulnerability Assessment ? We assess the security of web and mobile applications by simulating cyber attacks and identify security flaws (vulnerabilities).
  11. Working Together to Eliminate Cybersecurity Gap Our Initiatives | to

    Eliminate Cybersecurity Gap We have developed a free cybersecurity management system called S4 to address the cybersecurity gap where well-funded companies can implement robust cybersecurity measures, while those with limited resources cannnot. To date, we have provided S4 to over 100 companies and organizations. We develop the free cybersecurity management system S4, driven by the belief that visualizing IT assets and assessing associated cybersecurity risks is the foundational step in any cybersecurity measures. To ensure the sustainability of this initiative and foster continuous cycle of cybersecurity within society, we propose a “mutual support structure.” Sustainable inequality reduction through mutual support structure The “mutual support structure” is a simple system where S4 offers both free and paid plans. A portion of the revenue from paid plans is reinvested into developing and maintaining the free distribution of S4. By providing S4 free of charge to organizations with limited cybersecurity budgets, we aim to address the financial barriers to cybersecurity. This ensures the long-term sustainability of the S4 project. Through this structure, free plan uses can enhance their own cybersecurity posture, contributing to a more secure society and mitigating supply chain risks. Free cybersecurity management system S4 Meanwhile, paid plan users not only secure their own assets but also support organizations that cannot afford cybersecurity measures, thereby contributing to the resolution of social issues. This collaborative approach beyond organizational boundaries enables us to collectively work towards safer digital landscape. Mutual Support Structure
  12. About Social Enterprise We define a social enterprise is a

    company that prioritizes addressing social issues, sees it as its primary purpose, and aims to improve society through its core business. When we delve deeper into our philosophy, such as “creating 1,000 jobs” and “turning IT novices into professionals”, we find that the root of our endeavor lies in solving social issues. By growing KRAF, we aim to expand our social impact. We provide safe and secure to society through our cybersecurity business. We also contribute to the well-being of our local community and employees by creating jobs, promoting career growth, and improving working environment. Through these efforts, we strive to provide peace of mind to as many people as possible, both inside and outside our company. We believe that by joining forces with other B Corps, those aspiring to become B Corps, and individuals who have come here seeking social initiatives, and others, we can collectively create a greater force for good. We will continue to strive forward, in our own unique way, to make a difference. Our purpose is “to continue to be a company that provides peace of mind.” While we provide peace of mind to society through cybersecurity business, we are mostly focused on fostering the growth of IT professionals from non-IT backgrounds. Our commitment to our employees was recognized with our B Corp certification in 2023. I personally struggled when I first made leap into the IT industry. We wanted to create an environment where people who aspire to enter the IT industry could be accepted and nurtured. Our aim for them to gain confidence by realizing that their skills and experiences are valuable not only in local but also on a broader societal level. We believe that individuals experiencing career anxiety can find a peace of mind as they build confidence through growth. Driven by these beliefs, we founded KRAF in our hometown Miyazaki, where career opportunities were limited. Our long-term goal is to grow KRAF as a social enterprise. We want to provide “peace of mind” to as many people as possible Masashi Fujisaki President President Masashi Fujisaki November 27, 2024
  13. 2017 2019 2018 2020 Founding 2022 2021 2023 ・Launch S4

    project to address the cybersecurity gap ・Lauch software testing services ・Publicly release S4 ・Certified as a B Corporation ・Launch vulnerability assessment services ・Relocate office twice ・Increase capital ・Obtain license for worker dispatch business ・Create over 100 jobs in Miyazaki Prefecture ・Establish “Social Distance Office” where we realize our mission  and ensure employee safety The Journey of KRAF
  14. Name KRAF, Inc. Founding November 2017 Number of employees 144

    (as of May 2024) Capital 30 million JPY (including capital reserves) Contact 10F, JR Miyako Twin Building Office, 2-2-22 Oimatsu, Miyazaki-shi, Miyazaki, 880-0801, Japan Mail:[email protected] Website https://kraf.jp/ Company Overview President Masashi Fujisaki Group companies SHIFT Inc. / SHIFT SECURITY, Inc. / others