惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Palo Alto Networks Blog
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
GbyAI
GbyAI
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
量子位
T
The Blog of Author Tim Ferriss
Y
Y Combinator Blog
Microsoft Azure Blog
Microsoft Azure Blog
C
CERT Recently Published Vulnerability Notes
Recent Announcements
Recent Announcements
A
About on SuperTechFans
aimingoo的专栏
aimingoo的专栏
P
Privacy International News Feed
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 叶小钗
L
Lohrmann on Cybersecurity
G
GRAHAM CLULEY
T
The Exploit Database - CXSecurity.com
Hugging Face - Blog
Hugging Face - Blog
P
Proofpoint News Feed
NISL@THU
NISL@THU
博客园 - Franky
C
Cybersecurity and Infrastructure Security Agency CISA
The Register - Security
The Register - Security
M
MIT News - Artificial intelligence
Know Your Adversary
Know Your Adversary
A
Arctic Wolf
F
Full Disclosure
T
Threat Research - Cisco Blogs
P
Privacy & Cybersecurity Law Blog
The Hacker News
The Hacker News
博客园 - 【当耐特】
D
Docker
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Jina AI
Jina AI
Help Net Security
Help Net Security
V
Visual Studio Blog
小众软件
小众软件
B
Blog
Vercel News
Vercel News
云风的 BLOG
云风的 BLOG
N
News and Events Feed by Topic
Forbes - Security
Forbes - Security
N
Netflix TechBlog - Medium
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
C
Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic

Okta Security RSS Feed

OpenSSL HollowByte: A DoS Hiding in 11 Bytes Datadog and Okta Combine for New Customer Detections Detecting OpenClaw at Sign-In Okta Hardening Guide Updated to Secure Non-Human Identities Okta Pooled Security Audits: a One-Year Retrospective Account Recovery, without Password Resets Okta’s Response to React2Shell Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework Attackers Target Hotelier Accounts in Malvertising and Phishing Campaign Using Auth0 Logs for Proactive Threat Detection Controlling Cross-App Data Sprawl in Google Workspace How this ClickFix campaign leads to Redline Stealer Paving the Path: Pooled Audits with Okta Security Building Confidence in Support Comms with Caller Verify at Okta Enabling ISO/IEC 27001:2022 Compliance with Okta Okta’s Secure by Design Pledge - One Year On Leveraging Okta System Logs for Proactive Threat Detection Enhancing Customer Trust Through a Comprehensive Audit Program Okta's new Security Technical Implementation Guide (STIG) A Guide to DORA Compliance with Okta How AI services power the DPRK’s IT contracting scams Detect and Prevent Cross Device Authentication How Responsible Disclosures are Shaping a Safer Cyberspace Cybersecurity’s Next Gen Next.js CVE-2025-29927 CSO Conversations: Matthew Hansen, Regional CSO of Americas West Empowering Security with Customer Trust Solutions Putting Security First with Secure Development One trick finds the root of any Okta troubles CSO Conversations: Stephen McDermid, Regional CSO of EMEA Content-Security-Policy in a Complex Environment How Okta Embraces Identity Verification Using Persona CSO Conversations: Matt Immler, Regional CSO of Americas East Raising the Bar for our Industry with IPSIE Cyber-Safety over the Holidays Okta Social Engineering Impersonation Report - Response and Recommendation Five Reasons to Upgrade your Org to Okta Identity Engine Okta’s Ongoing Commitment to Secure By Design Unveiling the Essence of the Security Customer Trust Function Security Education Through the Art of Storytelling Seven Ways to Reduce Super Admins in Okta The Case for Zero Standing Privileges FastPass: The battle-hardened authenticator Detecting Cross-Origin Authentication Credential Stuffing Attacks How to Block Anonymizing Services using Okta Why Cyber-heroes need a Zero Trust CAEP! Okta Verify Vulnerability Disclosure Report - Response and Remediation Defensive Domain Registration is a Mug’s Game Protecting Administrative Sessions in Okta How to Secure the SaaS Apps of the Future Okta October 2023 Security Incident Investigation Closure October Customer Support Security Incident - Update and Recommended Actions Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation Tracking Unauthorized Access to Okta's Support System Go “Secure by Default” With Custom Admin Roles for IT support staff Cross-Tenant Impersonation: Prevention and Detection BYO Telephony and the future of SMS at Okta Saying “No Thanks” to nOAuth Telling More Okta Detection Stories with Google Chronicle An Unexpected Endorsement for WebAuthn Social Engineering is Getting More Extreme, but the Fixes Can Be Simple Study up on Okta Logs for Splunk’s Boss of the SOC! Keeping Phishing Adversaries Out of the Middle Using Workflows to Respond to Anomalous Push Requests Okta and Splunk Combine to Detect Common Attacks Setting the Right Levels of Assurance for Zero Trust Catch-All's and Canary Rules User Sign-in and Recovery Events in the Okta System Log Okta Code Repositories Detecting Real-Time Phishing Attacks Detecting Real-Time Phishing Attacks Okta’s Response to OpenSSL Security Update Monitoring for Abuse of Administrative Privileges System Log: a Window into Supporting the Okta Cloud The Human Factor in Phishing Resistance Auth0 Code Repository Archives From 2020 and Earlier Phishing Resistance and Why it Matters Detecting Scatter Swine: Insights into a Relentless Phishing Campaign Defending against Session Hijacking Unlocking the Mystery of 700+ Okta System Log Events Official Okta Statement on LAPSUS$ Claims Protection, without perimeters We (still) need to talk about RDP Just How Risky is Legacy Authentication?
CSO Conversations: Keiko Itakura, Regional CSO of Japan
Keiko Itakura · 2025-02-12 · via Okta Security RSS Feed

CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership.

What motivated your career pursuit in cybersecurity at Okta?

Logging in is the first step in a threat scenario, and identity represents the person themselves. In one survey, it was found that over 80% of security incidents were related to identity credentials. Okta is used by many customers in Japan, and the greatest reward of pursuing a career at Okta is that by securing Okta, we contribute to protecting the businesses of our many customers.

How has your previous experience shaped your approach to cybersecurity today?

I have worked in the identity security field in a variety of positions, not only as a product vendor, but also as a security officer at a user company, as a consultant at a partner company, and as an engineer at a system integrator. Attackers may attempt to exploit gaps in normal processes, such as emergency recovery processes or exception processes for executives. My real-world experience in a variety of roles has helped me to think realistically about which business processes are vulnerable and what countermeasures can be taken.

Are there any existing or emerging threats of particular interest to you?

I continue to be concerned about phishing attacks. As I mentioned earlier, there are many incidents related to credentials, and phishing using email and SMS is still being used as a way to steal credentials. And, with the development of AI technology, it is becoming more difficult for humans to detect. In addition to system-based measures such as passwordless authentication and DMARC, it is necessary to take a wide range of measures, including user education and reviewing business processes.

Recently, I have also been paying more attention to cyber attacks resulting from geopolitical risks, such as the MirrorFace cyber attack. This year, the Osaka-Kansai Japan Expo 2025 will be held, and such international events increase the risk of being targeted by cyber attacks, so I am also vigilant about threats related to this.

From your perspective, what is the impact of cybersecurity awareness in today’s organizations?

No matter how much you invest in system protection, if the security culture is weak, there will be risk. Of course education and training are important, but it is also important to have a system for evaluating security awareness. In addition, security is often neglected because of concerns that it could put the brakes on business speed. It is necessary for the management team to themselves place importance on security and to propagate it as a corporate culture.

As the methods used in phishing and social engineering become more and more sophisticated, it will also be important to create a relationship where people feel psychologically safe to report any suspicions they may have.

What are your thoughts on automated intelligence, or AI, in cybersecurity?

The democratization of AI technology has lowered the cost of carrying out attacks. It is becoming increasingly difficult to visually determine whether something is fake, such as advanced deep fakes. I believe that defenders also need to use AI technology to create a system that can automatically and timely detect and repair attacks while implementing multilayered defence.

What trends are you seeing in cybersecurity relating to your region?

Japan has a distinctive organizational structure, way of working and underlying way of thinking, and this gives rise to issues and responses that are specific to Japan.

For example, Japan's traditional employment system is known as the ‘membership type’, and rather than honing specific expertise, employees are expected to take on a variety of tasks based on the premise of lifetime employment. In other words, they are committed to the company itself. For this reason, in many cases, security expertise is heavily dependent on external resources such as SIers.

However, in light of the growing importance of security in recent years, there has been an increase in the number of cases where companies are hiring external security experts as full-time employees. As a result of global business expansion and management integration, many companies are now faced with the common challenge of determining what organizational structure and mechanisms they should use to ensure security across the entire supply chain and implement governance across the entire corporate group, while also having to collaborate with members not only in Japan but also overseas.

Additionally, identity verification using Individual Number cards is becoming increasingly common and is a topic unique to Japan that has been gaining discussion in recent years.

What is the most significant change you’ve seen in the cybersecurity industry in your career to-date?

The concept of Zero Trust has emerged. I think that the emphasis on implicit relationships of trust is also a characteristic of Japan. With the diversification of working styles and the globalization of business, and with reports of actual damage, the idea that attacks are inevitable has gradually become more widespread, and I think it is now gaining considerable support. Many companies have yet to fully consider measures against internal crime, but I think that taking measures will also protect employees, so I would like to focus on this.

How do you employ Okta’s corporate values in your day to day?

In Japan, Okta products are delivered via partners, so I consider that our customers include both end users and partners, and I “Love our customers.”

I feel rewarded by the fact that I can build trusting relationships and communicate with various customer CISOs etc, with the responsibility of being the only Japanese person on the Okta’s security team. My biggest mission is to properly understand what issues Japanese customers have, and to reflect this in the activities of the global security team.

Oktane24 brought numerous exciting announcements, which are you most looking forward to?

I’m looking forward to IPSIE, the Interoperability Profiling for Secure Identity in the Enterprise - improving industry standards is one of the pillars of the Okta Secure Identity Commitment (OSIC.) By promoting standards together with various technology companies, I hope that not only Okta but the entire industry will become a safer society.

If you could provide a few short cybersecurity words of wisdom to Okta customers, what would they be?

I feel it is a shame not to leverage higher assurance options that can be used without requiring much additional cost or effort. For example, since you are already using Okta I recommend for you to make the most of the options that can enhance security, such as FastPass and the migration from Okta Classic to the Okta Identity Engine, or OIE.

Keiko was recently interviewed by ScanNetSecurity on why she joined Okta as Japan’s Regional CSO and her mindset to fulfill her mission. She was also featured by EnterpriseZine for a profile piece on her career in Identity management and her vision for its future in the Japan region. Keiko also shared insights as a speaker at the 2024 Fido Alliance Seoul Public Seminar, and at the Authenticate 2024 Conference.