The First TMC Tokyo Meetup
Last month marked the launch of the first TMC local chapter in Asia: TMC Tokyo! Nearly 80 security professionals from across Japan gathered in Tokyo for an entire day—from 9 AM to 9 PM—to dive into hands-on threat modeling workshops and compete in a hardcore five-hour MINI ‘hardening’ competition called ZANSIN. I had the pleasure of attending this exciting event and wanted to share a recap of the day.
About the event and organizers
The meetup was hosted on December 7th, 2024 in Asakusabashi, Tokyo. It was a full day event from 9AM till 9PM, featuring two back-to-back workshops, including a five-hour competition. Organized by Takaharu Ogasa and Yoshikazu Hayasaka, this meetup officially launched the TMC Tokyo chapter, joining the ranks of TMC London and TMC Barcelona as one of the first TMC local chapters. Both organizers have been hosting and involved in threat modeling events across Japan since 2023, such as the popular "Threat Modeling Nights.” They decided to co-found TMC Tokyo to further evangelize threat modeling practices in Japan and connect Japanese security professionals with the global TMC community.
Highlights
1. Threat Modeling Workshop by Takaharu Ogasa
After taking Adam Shostack’s Threat Modeling training in Dublin in 2023, Takaharu has led over 10 threat modeling workshops in cities across Japan. This workshop combined foundational topics, such as Adam’s “Four Questions,” with advanced techniques like Incremental Threat Modeling by @Irene Michlin.
What made this workshop particularly special was the hands-on exercise, where participants modeled a game server—the very same system they would later “defend” during the “ZANSIN” workshop in the afternoon.
2. “ZANSIN” Workshop by ZANSIN Project
ZANSIN is a competition-style cybersecurity workshop where participants defend and improve a vulnerable system, simulating real-world incident response. Unlike traditional CTFs that focus on exploiting vulnerabilities, ZANSIN challenges teams to act as security engineers to protect a vulnerable system from Red Team attacks. For this event, the teams act as security engineers for an online gaming company, protecting vulnerable servers of the company while minimizing downtime and revenue loss.
Having modeled the same system during the morning workshop, participants entered this session with deeper insights into the vulnerabilities and plenty of ideas for defending and improving the system. The two workshops complemented each other seamlessly, enabling participants to apply their newly acquired threat modeling skills and witness the direct impact of their threat modeling efforts during the simulated attack.
From 2 PM to 7 PM, 19 teams battled it out. The top-earning team emerged victorious, but everyone walked away a winner, gaining valuable feedback and insights. The ZANSIN team concluded the session with a comprehensive feedback discussion, making it a rewarding experience for all.
3. Japanese Curry and Kabocha Cakes
Sponsored by @Security Initiative, @Secure Sky Technology, and @IriusRisk, the event also stood out for its delicious food. A much-needed lunch break featured hearty Japanese curry, while the coffee break during the five-hour ZANSIN session offered delightful cakes, including a standout kabocha cake. These treats kept everyone energized and ready to tackle the day.
4. Happy Hour - ‘Kanpai’ (Cheers!) to a Day of Learning
Sponsored by @Cyber Security Cloud, the event concluded with a celebratory happy hour. After 12 hours of back-to-back workshops, participants deserved a moment to unwind. The teams toasted to their hard work and collaboration. By the time @Takaharu announced the end of the event, attendees were already asking about the next meetup. This feels like the start of a cybersecurity movement in Japan, and I can’t wait to see what comes next!
Special thanks
A huge shoutout to the ZANSIN team for bringing their signature event to this meetup. This competition-style workshops with real-world examples really fired up the room, challenging the participants to apply their newly-gained security skills in the most practical way by solving problems in a real-world scenarios.
They’ve hosted dozens of these workshops in Japan, Singapore, and Taiwan. Want to see one in action your city? Let the team know in the comments!
More recap posts in Japanese
Several participants shared their experiences and takeaways on their blogs. Dive deeper into the event through their posts:
https://nikinusu.hatenablog.com/entry/2024/12/08/165032
https://zenn.dev/cybersec_plus/articles/d6998c12fd55d7
https://zenn.dev/cybersec_plus/articles/38548ceb9f8bad
https://qiita.com/yu1c1yu1c1/items/1c4f28213e2a9e8e3133
https://note.com/japan_d2/n/nc9f83cee5503