Tomohisa graduated in Mar 2009 from International Christian University with a B.A. in Computer Science. Also, he won 1st and 2nd prizes in various English Parliamentary Debate Competitions. After graduation, Tomohisa worked as a Security Consultant in NRI, and he was specialized in Red Team (offensive), Blue Team (defensive), and Global Security Management. He engaged in various projects such as red team operation, incident response, security consultation, vulnerability management, security audit, secure development, and security awareness, and had many experiences of domestic and international security projects as a lead consultant and a PM. In addition, he became an IT Security Trainee of TMNA Services in the U.S. with 1-year NRI Global Trainee Program. He learned cutting-edge IT security management and CISO decision-making process.
He engages in global projects such as the support for various group companies globally and conducts security training globally. Also, He joined F-ISAC Japan and FS-ISAC community to handle threat intelligence and to contribute to this community. Also, he received the "2019 F-ISAC Japan Award" for his community contribution.
As his continuous education, he earned a doctorate degree (Doctor of Engineering) from Kyushu University in Dec 2017. He published several academic papers about security management. In addition, throughout his career, he earned various certifications such as CISSP, CSSLP, CISA, CISM, CDPSE, CFE, PMP, RISS, and GIACs (GSEC, GPEN, GWAPT, GSNA, GREM, GCFA, and GCIH). Also, he has a lot of contributions to the infosec community as a lecturer, speaker, GIAC Advisory Board member, JITE/RISS Exam Committee member, TA in SANS training, and professional technical translator. He speaks at well-known conferences such as SANSFIRE 2011 & 2012, DEFCON 24 SE Village, and Internet Week 2018 - 2020. He also translated "Intelligence-Driven Incident Response" published by O'Reilly Media, and “Learning Malware Analysis” by Packt, and published by O'Reilly Japan.
"I have two philosophies when it comes to teaching my students. The first principle is "to be practical". When explaining security technologies or security concepts, I try to explain the technique and the mechanism of the vulnerability, explain how to fix it, how to apply the mechanism or idea in practice, share examples and demos, and discuss alternative techniques and approaches as much as I can. This is because I would like to provide practical knowledge and experience when the students go back to their normal lives, what I have taught them has been useful. Also, some students, based on their own experiences, know certain areas better than others. If this is the case, we want to touch on advanced topics and share documents and tools that will help in advanced understanding.
The second principle is "to be dynamic". I assume I have a lot more experience in the field of cybersecurity than my students, but I do not know everything about cybersecurity. By discussing dynamically with students, I think we can share better approaches, share good practices done in specific industries, and also find out which areas can be a challenge to understand." - Tomohisa Ishikawa