2023
/
05
/
17
Kuwabara : Could you tell us how Makita-san founded Ielae Security, the predecessor of the current GMO Cybersecurity by Ielae (hereafter, Ierae), and what kind of trend it has taken since then.
Makita : I first became interested in cybersecurity when I was in high school. There was no ADSL yet, and it was around the time dial-up communication began to become popular. When I was chatting with people from overseas on my computer, they said, “I hacked your computer. I was told to “open the CD drive as proof,” and when I was watching it, the drive actually opened. I was interested in the fact that there is an amazing world. “There are few people in the world who understand security at the source code level. I also received advice from my father, saying, “Why don't you study?” I went on to the university's engineering department, joined an information security seminar, and began studying security with a focus on attacks.
Kuwabara : I think I'll do it myself.
Makita : Yes. I made a honeypot, invaded servers with exploits, and chose “attack and defense” as the theme for my graduation thesis. After graduation, I joined SoftBank and set up a security team, and later I was involved in setting up a security team at CyberAgent. Around that time, there was an incident where Sony was attacked by a cyber attack and information was leaked. The understanding that failure to take security measures would lead to major losses progressed, and demand for cybersecurity rapidly expanded. Originally, I thought I'd start a business after working at SoftBank for 3 years, so I started thinking about starting my own security service company. After all, it took about 8 years to start a business.
Makita : There were two security issues at the time. One is that not all companies were necessarily high quality, and prices were high. There were few companies that could do quality work commensurate with the price, even with the vulnerability diagnosis we had received. Another challenge was that security engineers weren't evaluated at all. Engineers who are at the top level in the world only received salaries of about 4 to 5 million yen. It's not just about salary. There are a lot of night owls, so I can't wake up in the morning. That's why I don't come to work in the morning. There were a lot of people who didn't want to wear suits, didn't want to get on crowded trains, and didn't like to go to customer destinations. They are people who prefer talking to computers. From my point of view, people who have the world's top talents and are said to be geniuses were ignored, and in some cases treated as problem children. In order to solve these issues, we decided to create a company. The purpose is to help security engineers and to help customers. This was also my original life's work. So, the engineers who participated in a hacking contest called CTF (Capture The Flag) together called out, “Let's do it together.” That's how we gathered engineers and started a business with the concept of providing customers with the highest quality at about half the price of what it used to be. This is the first company I created called Ielae Security.
Kuwabara : After establishing Ielae Security, were the results going well?
Makita : Well, I've always been in the black, and sales have doubled every year. Engineers were also working with a small number of elite engineers for the first 2 to 3 years, but when one person joined the company, excellent people around them gathered, and specialists in various fields gathered. We were operating at a profit, so we didn't have to worry about raising funds. At the time, Ielae Security had an operating profit margin of 50% and was highly evaluated by customers, but in fact, I felt limited. Sales, PM, team management, issuing estimates, billing, payment confirmation, and settlement work. I was doing this by myself, so I felt that it would be difficult as it is. I was satisfied with being able to help people within my reach, but I felt limited when it came to growth as a company. About three and a half years after the company was founded, Mr. Kuratomi, 22 years old at the time, who was the president of Cocon Co., Ltd., asked us to do it together. When I met Mr. Kuratomi, I learned that he wanted what he lacked. Mr. Kuratomi was greedy. “I will definitely surpass my grandson. There is talk of “This company is also growing steadily, achieving the youngest listing, and surpassing Toyota's total market value,” and in pretty words, it's a vision, but in physical terms, it's a desire, isn't it? For me, Masayoshi Son was the number one business owner in Japan, but there is a 22-year-old young man who can surpass that grandson and say that he will become number one in Japan. I thought this desire was an amazing talent as a manager, so we decided to do it together. We joined the Cocon Group and expanded our scale with the aim of becoming a company that surpassed Softbank and Toyota. In order to make the company bigger, we hired 10, 20, and 30 people. There are many security needs in the world, but customers were in trouble because there were no companies that could meet them. As a result of carefully dealing with it one company at a time, the organization grew larger.
Makita : Since then, Cocon has grown with a strategy to acquire IT startups, but as it progressed, it slightly lost sight of the management axis. In 2021, executives gathered in Karuizawa for a training camp to discuss management policies aimed at further growth of the Cocon Group. Kuwabara-san also participated in this training camp, didn't he? Since VGI invested in Cocon in December 2020, Kuwabara-san has been our closest understanding and partner, and has consulted us when needed. I thought many government funds were a little more bureaucratic, or rather, salaried, but Kuwabara-san is completely different. So, there was no sense of incongruity at all even when we talked, and we just ended up having troublesome discussions.
Kuwabara : I majored in physics when I was a student, so the people around me were researchers and were a bit out of touch with reality, such as being nocturnal and unable to wake up in the morning. But I know those people are amazing people, and I wanted it to be a world where such people can play an active role. In that sense, I thought the company Ielae, where white hackers are active, was wonderful, and I wanted to support them.
Makita : Thank you very much. Wouldn't it be better to butt heads and talk at a training camp in Karuizawa and go straight to the business instead of the M&A strategy up until now? Cocon's cybersecurity area, Ierae Security, has grown significantly, so we can see the direction to focus on that. Then, while talking about our mission, we came to the conclusion that since hacking and information leakage have become social issues, there may be a mission to protect Japan, and we set that as the axis of our new company. The companies gathered at Cocon had all the pieces necessary to protect Japan. Ielae Security had high-level security engineers called white hackers, and they had a lot of know-how about hacking and cybersecurity attacks. Within the group, there were companies that could develop like Lepidum, companies that were good at design and UI/UX, and companies that operated SaaS. If that's the case, I think the mission of protecting Japan can be realized by making the strongest security product in Japan and supplying it to the whole of Japan. Therefore, we merged Cocon's subsidiaries and decided to name the company Ielae Security. I have decided to take over as president from Mr. Kuratomi for the reason that I have the best knowledge about cybersecurity within the group.
Kuwabara : Various security incidents have occurred in Japanese society. Can you explain in a bit more detail what role your company, whose mission is to protect Japan through security, is playing?
Makita : There are a lot of white hackers in Ierae, so they're strong offensively. We provide services, etc. to test whether they can be penetrated by launching simulated attacks against services and products. Most of Ielae's customers are major publicly traded companies. It is a company that also invests tens of millions or hundreds of millions of yen in security budgets, but it was found that 90% or more of the systems could be broken into. If you include smaller companies, regional companies, etc. that have not invested in security, it can be said that Japan is in a pretty dangerous state. The fact that we can break into more than 90% of companies means that a real malicious attacker with knowledge equal to or greater than ours can of course do the same. Since IT dependency is progressing due to the digital information revolution, such as EC sites and internet-based banks, risks are only increasing.
Kuwabara : While only offensive DX is attracting attention, it actually means that defense is becoming more important.
Makita : Exactly. From an era where personal information was leaked due to hacking, it has come to an age where tens of billions of yen worth of crypto assets are stolen. Right now, it's also getting involved in human life. For example,a hospital in Osaka was hacked and electronic medical records became unusable, and the hospital lost its memory. No one knows who this patient is, what kind of treatment is needed, and what to do, and cybersecurity is affecting even human life. There is also a very good aspect of increasing social convenience due to DX, but this situation is also very convenient for attackers. There's also the negative side of being able to access and break into specific sites from anywhere in the world. As DX progresses further, it can be seen that security incidents will become more serious, so protecting Japan is our medium-term mission.
Kuwabara : As is the case for Japanese society as a whole, your company's mission is to firmly protect cybersecurity risks as they increase, even in the sense of managing Japanese companies.
Makita : Man-made disasters and natural disasters can be mathematically estimated to some extent using actuarial science. However, in cybersecurity, damage occurs on a scale that does not meet expectations. Even I can break into thousands or tens of thousands of PCs by pressing, for example, a single button. Higher level people in Yelae can find security holes that nobody knows about yet, such as Zero-Day, so I think they should be able to hack everyone using Windows, for example. The range of influence that a single hacker can exert is so large that it doesn't fit into mathematical probability. It appeared in the Nikkei Shimbun, it seems that the European CRO (Chief Risk Officer) says that the biggest risk in 2023 is cybersecurity. People involved in security measures at Japanese companies don't even know that 90% of Japanese companies' systems can be broken into, and no one in the general public knows. We are actually doing penetration tests in response to customer requests, so we are aware of the importance of security risks.
Kuwabara : It's a story about being able to break into 90% of systems, but could you tell me some episodes about the high level of white hackers at your company who make it possible?
Makita : What we do is identify vulnerabilities by researching and attacking new technology when it comes out, and therefore report that this kind of security is necessary. Around 2011, when the company was founded, iPhones and Android had just come out, so no one knew what kind of security was necessary for smartphone apps. We attacked that, and made it clear that information would be leaked if such countermeasures were not taken, and that if it was a game, it would be cheated. Vulnerabilities were clarified using a similar approach when IoT came out, and the same was true when autonomous driving of cars came out. We are investigating vulnerabilities in the development of drones and flying cars using a similar approach. When new technology comes out, half of it is an engineer's hobby, researching attack methods and deriving countermeasures.
Kuwabara : Technically, I think they're doing very advanced things, but what is the reason why amazing engineers who can do such advanced things gather at your company, and the retention rate is so high?
Makita : Ielae's engineer retirement rate has been almost 0% for the past few years. However, there is a downside to this. This is because our mission is to help engineers, so we solve problems so that engineers can work in a comfortable environment. First, we are solving the problem of working hours and salary issues. After that, issues of discretion and work that can be done have also been resolved. In other words, the salary is high, the ideal is that there is no overtime during working hours, and technical challenges are recommended. When new technology comes out, they will also buy Tesla for experiments on their own. We regularly invest in such things and are in a state where we can always take on challenges. So I'm interpreting that there are few reasons to quit. We have excellent engineers, so we can help our customers. If you help a customer, they will return it with sales. If the company makes money, they return it to the engineers one more time, and then even better people come and nobody quits. We also help our customers again by strategically offering the highest quality products close to the lowest prices. We're revolving around that ecosystem. I'm sorry, but shareholders are the last. This is because they are not neglecting shareholders; they think that shareholders will also make money as a result. If you give top priority to shareholders, or give top priority to company profits, you can triple the price. By lowering quality, time is cut in half, and engineers can work twice as much. Most of the costs are labor costs, so if you cut your salary in half, your profit will go up quickly. The company will make money, but all the engineers will quit, and customers will leave. If that happens, shareholders will lose money, right? Therefore, I will focus on putting engineers first. As a result, both the company and shareholders always make money.
Kuwabara : Rather than pursuing short-term profits, you're aiming for a medium- to long-term company where all of Japan's excellent security engineers gather, and where there is no doubt that customers place orders with Ielae.
Kuwabara : I understand it very well. By the way, you joined the GMO Internet Group last year. Could you tell us about your goals and what you are aiming for in the future?
Makita : By merging the Cocon Group into one company, we are now in a state where we can create the best products. However, in order to protect Japan, it is necessary to popularize products and gain market share in Japan as a whole. There is also the fact that Mr. Kuratomi was an acquaintance of Mr. Kumagai, Chairman and Group CEO of GMO Internet Group, so I decided to talk with Mr. Kumagai. While talking with Mr. Kumagai, I came to think that in order to fulfill the mission of protecting Japan, it is best to join the GMO Internet Group. This is because the GMO Internet Group operates 90% of Japanese domains and 60% of hosting servers. By providing our products to 90% and 60% of people, we can automatically create a state that protects Japan. And one more thing, we had a big goal of going public. In the GMO Internet Group, 10 companies are listed within the group, and since they have listing know-how, they chose to join this GMO Internet Group.
Kuwabara : Starting with Mr. Kumagai, I heard that everyone at GMO Internet had a high level of enthusiasm, or rather commitment, but what about after they actually joined the group?
Makita : It's getting even hotter. Normally, I think the trend is that only representatives come out at the beginning and then they are on site, but even now, I have meetings with Mr. Kumagai 2 to 3 times a week to talk about products and marketing. GMO has 100 companies and 7,000 employees, and they create a slogan every year to unify their intentions. This year, we will implement Ielae products company-wide as a top priority to differentiate our services. Right now, it may be the number one market share, but the entire GMO Internet Group is committed to Ierae's products because adding security will add value that other companies cannot match.
Kuwabara : Thank you very much. After large companies acquire startups, it seems that there are many cases where it is difficult to determine how to demonstrate synergy. However, the relationship between your company and GMO Internet seems ideal. As for the last question, I would like to hear your evaluations and requests about VGI.
Makita : Out of all kinds of investors, Kuwabara-san of VGI took the most time to support them. They also attend the board of directors meetings every time, and they always speak up. They are accurate in their calm comments from a neutral standpoint. We are very thankful that they sometimes say tough things. Kuwabara-san has looked at various investment destinations until now, or has looked at hundreds of companies, including companies that did not invest, and he knows a lot of patterns that fail and patterns that work well. This is a typical pattern of failure, and this company also talks about how it worked, so I'm very thankful for that.
Kuwabara : Certainly that part might be the value we can offer.
Makita : What I would like to look forward to from VGI in the future is that if it is possible to introduce the needs of government offices, I would like to ask for that. For the mission to protect Japan, I think it will be even more necessary in the future to be involved in defense and police investigations. Currently, there are few government office projects we are working on, so we are looking forward to your support. Actually, cyber warfare began six months before the war in Ukraine began, and they were invaded and attacked by each other. In that sense, cybersecurity is important as a country as well. From the viewpoint of economic security, it seems that the way cybersecurity is going to change. We have the necessary technology, and we would like to contribute to it.
Kuwabara : VGI is a special entity called a government-affiliated venture capital firm, so we will cooperate well. In the future, I hope we can work together on national projects and efforts to enhance the country's own cybersecurity capabilities.
Makita : Protecting Japan's cybersecurity is important both as our mission and as a country, so please support and give us advice to achieve this.
Kuwabara : Thank you very much for your support.
-640wri.png)
Contact
E-mail: info@j-vgi.co.jp
