@ken5scal, 2022/09/30 ͳͥLayerXͷηΩϡϦςΟͰ Softwareࢦ޲͕ॏࢹ͞Ε͍ͯΔ͔ LayerX CTOࣨ, Fintechࣄۀຊ෦

ࣗݾ঺հ • @ken5scal • LayerX: 2020/02 ~ • CTOࣨ / Fintechࣄۀ෦ • CTOࣨ: CTO഑ԼͰશࣾԣஅతͳηΩϡϦςΟɾγεςϜͷ։ ൃɾӡ༻ • Fintechࣄۀ෦: ෆಈ࢈ূ݊ͷখޱԽ • ݸਓ׆ಈʮSecureཱྀஂʯ • ΄΅िץʮ๩͍͠ਓͷͨΊͷηΩϡϦςΟɾΠϯςϦδΣϯεʯ • PodCastʮSecure Liaisonʯ

ࠓ೔ͷ͓࿩ • ͜ΕͷηΩϡϦςΟαΠυ https://tech.layerx.co.jp/entry/2022/07/27/090609 https://tech.layerx.co.jp/entry/2022/07/27/090609

No content

No content

45min/ਓ * Nਓ -> 10min

஥ؒΛ૿΍͢ ಉ͡ߟ͑ํ΋ͬͯ͘ΕΔ஥͕ؒ૿͑Δͱ͏Ε͍͠ͳ˒ ࠓ೔ͷΰʔϧ

CTOࣨͷ໾ׂͱืूཁ߲ • ໾ׂ • σδλϧܦࡁ׆ಈΛݎ࿚Խ͢Δ • શࣾతͳLayerXͷϓϩμΫτͷϙςϯγϟϧΛ࠷େԽ͢Δ • ืूཁ߲

CTOࣨͷ໾ׂͱืूཁ߲ • ໾ׂ • σδλϧܦࡁ׆ಈΛݎ࿚Խ͢Δ • શࣾతͳLayerXͷϓϩμΫτͷϙςϯγϟϧΛ࠷େԽ͢Δ • ืूཁ߲ɹʢڧ͘ιϑτ΢ΣΞͳϓϩμΫτ։ൃܦݧΛཁٻʣ

CTOࣨͷ࣮੷ • ্ྲྀʁܥ • վఆݸਓ৘ใอޢͳͲͷํରԠ • ֤छγεςϜؔ࿈ͷنఔ࡞੒ɾӡ༻ • ֤छݚम • γεςϜӡ༻ • ΦϯϘʔσΟϯάؔ܎࡞ۀͷࣗಈԽ • ΦϑϘʔσΟϯάͷࣗಈԽ • ॏཁΠϯϑϥͷશମߏ੒ɾ؂ࢹج൫ • ࣾ಺޲͚γεςϜͷೝূήʔτ΢ΣΠ • ࢖͏ݴޠ • ݴޠ: Golang, TypeScript • Iac: Terraform, CDK • IaaS: جຊAWS, ͨ·ʹGCP

Why?

ηΩϡϦςΟରԠΛSWԽ͢Δཧ༝͸৭ʑ͋Δ • SoftwareԽͷఆٛͬͯͳΜͩͱ͍͏ͷ͸ޙ೔ʹɻɻɻ • ࠶ݱੑ͕ڧ·Δ • ΤϏσϯεͷऔಘ͕༰қʹͳΔ • ࡞ۀՄೳͳ࣌ؒͷറΓ͕ͳ͘ͳΔ • ࿑ಇࢢ৔ͷڱ͍ݴޠʢ೔ຊޠʣʹґଘ͠ͳͯ͘Α͘ͳΔ • ࡉ͔͍৚݅ࣜΛӡ༻͠΍͘͢ͳΔ • ͳͲͳͲ https://www.paloaltonetworks.com/blog/2019/08/4-practical-steps-shift-left-security/?lang=ja https://www.nri-secure.co.jp/glossary/shift-left https://www.aquasec.com/cloud-native-academy/devsecops/shift-left-devops/

ηΩϡϦςΟରԠΛSWԽ͢Δཧ༝͸৭ʑ͋Δ • SoftwareԽͷఆٛͬͯͳΜͩͱ͍͏ͷ͸ޙ೔ʹɻɻɻ • ࠶ݱੑ͕ڧ·Δ • ΤϏσϯεͷऔಘ͕༰қʹͳΔ • ࡞ۀՄೳͳ࣌ؒͷറΓ͕ͳ͘ͳΔ • ࿑ಇࢢ৔ͷڱ͍ݴޠʢ೔ຊޠʣʹґଘ͠ͳͯ͘Α͘ͳΔ • ࡉ͔͍৚݅ࣜΛӡ༻͠΍͘͢ͳΔ • ͳͲͳͲ https://www.paloaltonetworks.com/blog/2019/08/4-practical-steps-shift-left-security/?lang=ja https://www.nri-secure.co.jp/glossary/shift-left https://www.aquasec.com/cloud-native-academy/devsecops/shift-left-devops/ ࡢࠓͷϓϩμΫτ։ൃ͔Βɺ Ͳ͏ͯ͠ιϑτ΢ΣΞԽΛਐΊͯΔ͔

ηΩϡΞͳϓϩμΫτͱݴ͑͹γϑτϨϑτ • ϏδωεతͳγϑτϨϑτ • ʮϦϦʔεͷεέδϡʔϧΛ๦͛ͳ͍Α͏ʹɺηΩϡϦ ςΟʹؔΘΔ޻ఔΛલ౗࣮ͯ͠͠ࢪ͢Δͱ͍͏֓೦ʯby NRIηΩϡΞ • ʮ։ൃϓϩηεͷՄೳͳݶΓૣظͷஈ֊ʹηΩϡϦςΟର ࡦΛҠಈͤ͞Δ͜ͱʯ by PaloAlto https://www.paloaltonetworks.com/blog/2019/08/4-practical-steps-shift-left-security/?lang=ja https://www.nri-secure.co.jp/glossary/shift-left https://www.aquasec.com/cloud-native-academy/devsecops/shift-left-devops/

ηΩϡΞͳϓϩμΫτͱݴ͑͹γϑτϨϑτ • ϏδωεతͳγϑτϨϑτ • ʮϦϦʔεͷεέδϡʔϧΛ๦͛ͳ͍Α͏ʹɺηΩϡϦ ςΟʹؔΘΔ޻ఔΛલ౗࣮ͯ͠͠ࢪ͢Δͱ͍͏֓೦ʯby NRIηΩϡΞ • ʮ։ൃϓϩηεͷՄೳͳݶΓૣظͷஈ֊ʹηΩϡϦςΟର ࡦΛҠಈͤ͞Δ͜ͱʯ by PaloAlto https://www.paloaltonetworks.com/blog/2019/08/4-practical-steps-shift-left-security/?lang=ja https://www.nri-secure.co.jp/glossary/shift-left

ηΩϡΞͳϓϩμΫτͱݴ͑͹γϑτϨϑτ • ϏδωεతͳγϑτϨϑτ • ʮϦϦʔεͷεέδϡʔϧΛ๦͛ͳ͍Α͏ʹɺηΩϡϦςΟʹؔΘΔ޻ ఔΛલ౗࣮ͯ͠͠ࢪ͢Δͱ͍͏֓೦ʯby NRIηΩϡΞ • ʮ։ൃϓϩηεͷՄೳͳݶΓૣظͷஈ֊ʹηΩϡϦςΟରࡦΛҠಈͤ͞ Δ͜ͱʯ by PaloAlto • DevOpsతͳγϑτϨϑτ • ”he e ff orts of a DevOps team to guarantee application security at the earliest stages in the development lifecycle, as part of an organizational pattern known as DevSecOps” by aquasec https://www.paloaltonetworks.com/blog/2019/08/4-practical-steps-shift-left-security/?lang=ja https://www.nri-secure.co.jp/glossary/shift-left https://www.aquasec.com/cloud-native-academy/devsecops/shift-left-devops/

ηΩϡΞͳϓϩμΫτͱݴ͑͹γϑτϨϑτ • ϏδωεతͳγϑτϨϑτ <- 2015೥ʹ͸͋ͬͨ • ʮϦϦʔεͷεέδϡʔϧΛ๦͛ͳ͍Α͏ʹɺηΩϡϦςΟʹؔΘΔ޻ఔΛલ౗ ࣮ͯ͠͠ࢪ͢Δͱ͍͏֓೦ʯby NRIηΩϡΞ • ʮ։ൃϓϩηεͷՄೳͳݶΓૣظͷஈ֊ʹηΩϡϦςΟରࡦΛҠಈͤ͞Δ͜ͱʯ by PaloAlto • DevOpsతͳγϑτϨϑτ<- ࠷ۙͷSWαϓϥΠνΣʔϯؔ܎ • ”he e ff orts of a DevOps team to guarantee application security at the earliest stages in the development lifecycle, as part of an organizational pattern known as DevSecOps” by auasec https://www.paloaltonetworks.com/blog/2019/08/4-practical-steps-shift-left-security/?lang=ja https://www.nri-secure.co.jp/glossary/shift-left https://www.aquasec.com/cloud-native-academy/devsecops/shift-left-devops/

ηΩϡΞͳϓϩμΫτͱݴ͑͹γϑτϨϑτ • ϏδωεతͳγϑτϨϑτ <- 2015೥ʹ͸͋ͬͨ • ʮϦϦʔεͷεέδϡʔϧΛ๦͛ͳ͍Α͏ʹɺηΩϡϦςΟʹؔΘΔ޻ఔΛલ౗ ࣮ͯ͠͠ࢪ͢Δͱ͍͏֓೦ʯby NRIηΩϡΞ • ʮ։ൃϓϩηεͷՄೳͳݶΓૣظͷஈ֊ʹηΩϡϦςΟରࡦΛҠಈͤ͞Δ͜ͱʯ by PaloAlto • DevOpsతͳγϑτϨϑτ <- ࠷ۙͷSWαϓϥΠνΣʔϯؔ܎ • ”he e ff orts of a DevOps team to guarantee application security at the earliest stages in the development lifecycle, as part of an organizational pattern known as DevSecOps” by auasec https://www.paloaltonetworks.com/blog/2019/08/4-practical-steps-shift-left-security/?lang=ja https://www.nri-secure.co.jp/glossary/shift-left https://www.aquasec.com/cloud-native-academy/devsecops/shift-left-devops/ ͭ·Γࠓ೔Ͱ͸ɺ ϓϩμΫτͷ Ϗδωεͱ࢓༷ͱ։ൃͱӡ༻શମͰ ʮγϑτϨϑτʯ͕ ཁٻ͞Ε͍ͯΔ

ϓϩμΫτͷαΠΫϧ Ϧαʔν + Ծઆ ༏ઌ౓ ઃܭ ࣮૷ ϦϦʔε ؍ଌɾܭଌ ܁Γฦ͠ ܁Γฦ͠

ηΩϡϦςΟͷαΠΫϧ ϙϦγʔ ֬ೝɾ࡞੒ ϦεΫ ෼ੳ ઃܭ ࣮૷ ϦϦʔε ؍ଌɾܭଌ ܁Γฦ͠

αΠΫϧ Ϧαʔν + Ծઆ ༏ઌ౓ ઃܭ ࣮૷ ϦϦʔε ؍ଌɾܭଌ ܁Γฦ͠ ϙϦγʔ ֬ೝɾ࡞੒ ϦεΫ ෼ੳ ઃܭ ࣮૷ ϦϦʔε ؍ଌɾܭଌ ܁Γฦ͠

αΠΫϧ Ϧαʔν + Ծઆ ༏ઌ౓ ઃܭ ࣮૷ ϦϦʔε ؍ଌɾܭଌ ௒ߴස౓ ܁Γฦ͠ ϙϦγʔ ֬ೝɾ࡞੒ ϦεΫ ෼ੳ ઃܭ ࣮૷ ϦϦʔε ؍ଌɾܭଌ ܁Γฦ͠ ϞμϯͳCICDͳͲʹΑΓ ϓϩμΫτ։ൃ͸γεςϜԽ͞Ε ࠶ݱੑ͕ڧԽ -> ΑΓߴස౓ͳ มߋ͕Մೳʹͳͬͨɻ

ηΩϡϦςΟϚϯͷ൵ئ: ϓϩμΫτͷϦεΫʹ ϦΞϧλΠϜରԠ

(࠶ܝʣηΩϡϦςΟରԠΛSWԽ͢Δཧ༝͸৭ʑ͋Δ • SoftwareԽͷఆٛͬͯͳΜͩͱ͍͏ͷ͸ޙ೔ʹɻɻɻ • ࠶ݱੑ͕ڧ·Δ • ΤϏσϯεͷऔಘ͕༰қʹͳΔ • ࡞ۀՄೳͳ࣌ؒͷറΓ͕ͳ͘ͳΔ • ࿑ಇࢢ৔ͷڱ͍ݴޠʢ೔ຊޠʣʹґଘ͠ͳͯ͘Α͘ͳΔ • ࡉ͔͍৚݅ࣜΛӡ༻͠΍͘͢ͳΔ • ͳͲͳͲ https://www.paloaltonetworks.com/blog/2019/08/4-practical-steps-shift-left-security/?lang=ja https://www.nri-secure.co.jp/glossary/shift-left https://www.aquasec.com/cloud-native-academy/devsecops/shift-left-devops/ ͜ΕΒ͕ɺϓϩμΫτଆͰՄೳͰ͋ΔҎ্ɺ ηΩϡϦςΟଆ΋ಉ͡౔ඨʹ͕͋Βͳ͚Ε͹ Ӭଓతʹޙ௥͍ʹͳΔ

ʢ࠶ܝʣCTOࣨͷ໾ׂͱืूཁ߲ • ໾ׂ • σδλϧܦࡁ׆ಈΛݎ࿚Խ͢Δ • શࣾతͳLayerXͷϓϩμΫτͷϙςϯγϟϧΛ࠷େԽ͢Δ • ืूཁ߲ɹʢڧ͘ιϑτ΢ΣΞͳϓϩμΫτ։ൃܦݧΛཁٻʣ

ʢGoogleͷʣશηΩϡϦςΟΤϯδχΞ͸ίʔυԽΛ ஌͍ͬͯͳ͚Ε͹ͳΒͳ͍ɺྫ֎͸ͳ͍ɻ

஥ؒΛ૿΍͢ ಉ͡ߟ͑ํ΋ͬͯ͘ΕΔ஥͕ؒ૿͑Δͱ͏Ε͍͠ͳ˒ ͜͏͍ͬͨྖҬͷΠϕϯτɺษڧձɺΧϯϑΝϨϯε΁֤ ࣾ΋ͬͱηΩϡϦςΟਓࡐ࠾༻͠ʹ͍͖·ͤΜ͔ʁ

No content

ੋඇɺMeetyͰ ଓ͖Λ https://meety.net/matches/ SunJOdvBKMrT