Momoko Aoyama is a leading figure in Hitachi Solutions’ cybersecurity technology. Having honed her skills in Capture the Flag (CTF) cybersecurity competitions, she has built a career as a white hat hacker. In 2024, she was named Cybersecurity Woman Hacker of Japan. Today, she is a real-life role model who is attracting attention in the industry.

Turning Skills Honed Through Passion into Protection of People and Society

── What kind of work are you currently doing?

I propose web and network vulnerability assessments and penetration testing services. Many clients say, “We know cybersecurity is important, but we don’t know where to start.” When we hear that, we begin with a vulnerability assessment to identify where the weaknesses are in their servers or systems.

My main roles include clarifying requirements through client interviews, creating proposals and quotations, and handling contract finalization. The actual diagnostic work and testing are handed over to the team, while I, as manager, oversee multiple projects and support the team as a whole.

── What sparked your interest in cybersecurity technology?

I’ve been around computers since I was a child, so it was natural for me to study information systems in university. I chose to major in information security because I saw it as a technology that protects people and society. It may sound childish, but I genuinely thought it was “cool.”

During university, I discovered CTF, a type of cybersecurity competition. Solving assigned problems within a time limit felt like an intellectual puzzle game. The competitive nature of it, much like a head-to-head game, drew me in. Before I knew it, I was engrossed in honing my CTF skills and naturally deepening my understanding of cybersecurity.

── You’ve consistently built your career in the cybersecurity field at Hitachi Solutions.

Yes, I’ve worked on validating and expanding network security products and providing vulnerability assessment and penetration testing services. During penetration testing, as a white hat hacker, I simulate attacks on corporate servers and networks to identify cybersecurity vulnerabilities. It’s exciting to apply the skills I developed in CTF in real-world environments, and rewarding to know that my work contributes to clients’ businesses.

I also participated in Black Hat USA and DEFCON, which are held in Las Vegas and are two of the world’s largest cybersecurity events. Having the opportunity to hear from Jeff Moss, the founder of both events and a legendary hacker, was an unforgettable experience.

In 2016, I became one of the founding members of the internal Security Professional Center, which supports company-wide improvement in information security skills. I began contributing to technical support and talent development, and one of my proposals driven by experience in the field led to the creation of an internal cybersecurity competition.

This has grown into a company-wide event that draws an average of 300 to 400 participants annually.

The Future of Cybersecurity Through the Eyes of a White Hat Hacker

── What is the world of hackers like?

Hackers are people who deeply understand technology and explore or manipulate system mechanisms. Among them, white hat hackers use their knowledge for ethical purposes, such as protecting information assets.

Essential skills include technical ability based on deep expertise. Other important traits are curiosity to explore a wide range of topics, perseverance in problem-solving, and flexible thinking to anticipate attacker behavior.

The hacker world is a merit-based, collaborative community focused on sharing knowledge. It has a strong international presence online, with a culture of growing through mutual learning and challenges.

Cybersecurity competitions like CTFs are held worldwide and serve as opportunities to connect.

── How do you see new technologies like AI and quantum computing affecting the future of cybersecurity?

From the defender’s perspective, AI will automate threat detection and incident response, enabling rapid reaction to unknown attacks. But from the attacker’s perspective, AI could enhance phishing, malware, and fraud using deepfakes.

Since the IT field continuously produces new technologies, cybersecurity engineers must respond swiftly, set new cybersecurity standards, and revise encryption protocols.

White hat hackers need to understand both the benefits and risks of AI, ensuring safety and ethics. By leveraging new technologies like AI, white hat hackers can focus on higher-level, strategic work and make better decisions.

── How do you keep your skills up to date with rapidly evolving technology?

I take advanced cybersecurity training and regularly gather information from books, social media, and news sites. I also believe that it is essential to apply that knowledge in practice.

── Your work and achievements were recently recognized when you won the Cybersecurity Woman Hacker of Japan 2024 award.

I was very surprised when I heard about winning the award. It was a great honor to have my efforts in cybersecurity recognized.

I will continue to do my best to inspire and train the next generation, and to help elevate the cybersecurity field even further.

Supporting Cybersecurity, Society’s “Invisible Infrastructure”

── As a cybersecurity expert and white hat hacker, what challenges do you want to take on?

I want to keep building team achievements while listening closely to clients’ on-the-ground needs.

Looking ahead, I hope to support Hitachi Solutions’ offerings more broadly from a cybersecurity standpoint. For example, I want to advocate for proactive cybersecurity measures that reflect the latest cyberattack trends and industry developments, even from the proposal phase, helping to enhance the overall value of our solutions.

I’m also committed to furthering talent development both inside and outside the company. I enjoy having conversations with people who are interested in cybersecurity, as I find them stimulating and inspiring.

I currently serve as a guest lecturer at universities and seminars, and I plan to continue contributing to society through these activities.

── What kind of society do you want to help build?

IT permeates every aspect of our daily lives. The cybersecurity technology that supports it has become part of our social infrastructure. If that infrastructure is poorly designed and has vulnerabilities, it could lead to severe consequences, such as service outages or data leaks. On the flip side, if systems impose excessive cybersecurity measures on users, it reduces convenience.

That’s why we engineers must strive to balance usability and cybersecurity. The future I want to help create is one where cybersecurity works so seamlessly that it goes unnoticed, and everyone can enjoy the benefits of information systems without even thinking about it.

Personal Perspectives

During my maternity leave, I earned Japan’s Level Pre-1 Certified Professional Organizer certification. I wanted to truly understand the principles of tidying up because I felt that, in order to work while raising a child, I needed to make household chores more efficient. For me, creating an environment where everything I need is immediately accessible was key. It was an engineer-like approach: improve the system to improve the outcome. That mindset carries over into my home life, too.