This “Professional Series” spotlights the exceptionally talented professionals making an impact at PayPay Group. For this edition, we interview Daisuke Arai, who is responsible for incident response within the Cybersecurity Control Department. We delved into the fulfillment he experiences protecting PayPay from security incidents and his professional growth as a CSIRT engineer.
Daisuke Arai
Computer Security Incident Response Team, Cybersecurity Control Department, Security Division, Legal & Risk Group
Upon graduation, he joined an IT security venture company as a new graduate, where he acquired experience in security diagnostics and launching forensic services. Subsequently, he transitioned to another company, undertaking security consulting roles, including vulnerability assessments. He joined PayPay in April 2024.
Future Business Potential and Highly Specialized Security System as Key Drivers for Career Transition
Could you please describe your current role and mission?
I am currently a member of the Computer Security Incident Response Team within the Cybersecurity Control Department. My primary focus is digital forensics following an incident (investigating information security incidents to collect and analyze evidence and ascertain the facts). I also manage responsibilities akin to a Security Operations Center (SOC), such as security monitoring. While contributing to building systems that prevent incidents by researching the latest security trends, in the unfortunate event of an incident, my aim is to minimize its impact and conduct a thorough review to prevent recurrence.
Could you elaborate on your career history?
I began my career at an IT venture company as their first new graduate hire, where I was responsible for delivering security education to businesses. Being completely new to the field of security, I diligently worked with actual equipment after joining and, on occasion, sought guidance from senior colleagues. Through this process, I acquired a comprehensive set of skills within approximately three years.
Subsequently, leveraging my accumulated security knowledge, I transitioned into a specialized security consultant role, conducting vulnerability assessments and providing customer support based on the findings.
Could you explain your decision to join PayPay?
I sought to work as a CSIRT engineer and therefore decided to pursue a new role. I felt a disconnect merely supporting the security of businesses externally through education and consulting, without having personally implemented security measures internally within a company.
When choosing a company to work for, I prioritized its future business potential and the robustness of its security system. I perceived significant future potential in the rapidly expanding PayPay, along with the expectation of being able to undertake new challenges as the business continued to grow. Furthermore, the security team is structured as a highly specialized organization, segmented into Blue and Red teams. I believed this represented the optimal environment for me, given my desire to dedicate myself to defense and master incident response.
Successful Establishment of a Remote Forensic System Utilizing Open Source × Existing EDR
Could you share details about a recent project you undertook?
This project involved establishing a system for conducting forensics in a remote environment. Traditionally, forensics entails analyzing the specifics of an attack using specialized tools and subsequently transferring data stored on a hard disk to an external vendor. Given that this process necessitates the physical transfer of devices, performing forensics remotely is generally considered unfeasible.
However, to ensure the highest level of security in the industry while also conducting the fastest possible root cause analysis and considering recurrence prevention measures, it is imperative to complete forensics swiftly, regardless of an employee’s location or the timing of the incident. The physical transfer of hard disks also posed an impediment to accelerating the forensic process, so I began exploring the development of a remote forensics mechanism.
Challenges to implementation included ensuring the compatibility of specialized remote forensic tools with existing systems, in addition to high initial introduction costs. Nevertheless, drawing from my previous experience in launching new forensic services, I believed that remote forensics at PayPay could be achieved by integrating open-source tools with our existing EDR. Although I had recently joined the company, when I shared this concept internally, the response was overwhelmingly positive, with the team expressing, “We definitely want you to take on this challenge.” Consequently, I commenced collecting information and designing the framework for its realization.
The most challenging aspect was the design phase, given the limited external know-how available for such a cutting-edge framework. Specifically, during the customization of our internal EDR based on my forensic knowledge, I encountered difficulties in fully comprehending the EDR’s specifications. This was primarily because it was a tool I had not previously encountered, resulting in a lack of familiarity. However, I received invaluable assistance from thorough internal orientations and comprehensive information available on our internal Wiki. Based on my past experience supporting multiple companies, the detailed specifications of EDRs often tend to be proprietary or “black-boxed,” so I was pleasantly surprised.
After thoroughly grasping the specifications, we conducted meticulous verification to ensure flawless execution. Ultimately, we succeeded in establishing the remote forensic system in less than six months from its inception. I am proud to state that we have constructed an exceptional in-house framework, achieving a remote forensic system without relying on commercial products.
What do you find most rewarding about working at PayPay?
The most rewarding aspect is that the profound sense of responsibility in supporting one of Japan’s leading services acts as a strong motivator, continuously refining my security skills. There are certainly challenging aspects, such as the ongoing requirement to pass advanced security tests to safeguard a financial service with 69 million users (as of May 2025) through a robust system. Nevertheless, as my abilities are consistently evaluated by third parties via these tests, my skills invariably enhance as I successfully navigate these challenges. Furthermore, I derive significant fulfillment from the knowledge that “by improving my skills and contributing to the organization, security will be strengthened, thereby protecting our users.”
Of course, other environments also contribute significantly to skill enhancement. Many members hail from diverse backgrounds and possess extensive skills and knowledge in security. The ease with which we can exchange information with them via chat tools is invaluable, and it has broadened my understanding of both domestic and international trends.
Another notable characteristic is the prevalence of active study groups. I, too, actively participate in knowledge sharing initiatives. For example, I regularly host forensic study sessions as a speaker and organize ad-hoc workshops aimed at identifying infrastructure utilized by attackers. I consistently approach my work with the aspiration to “master incident response skills.” I feel that PayPay, with its environment highly conducive to skill improvement, is a company that truly aligns with my professional goals.
Preventing Incidents by Mastering the Basics in a Fast-Paced Environment
Could you please share your future vision?
Regarding remote forensics, my aim is to expand OS coverage to support not only Windows but also Mac. If we were to pursue Mac support, the open-source tools we utilize would be entirely different. Although this is currently in the conceptual stage, I intend to continue thorough verification and actively search for the optimal solution.
Personally, I also aspire to further refine my incident response skills and develop the capability to handle more sophisticated attacks. As PayPay’s societal presence strengthens day by day, I perceive an increasing risk of exposure to threats from powerful attackers, both domestically and internationally. My goal is to consistently strive for the cutting edge in the ever-evolving field of security, enabling me to effectively counter any attack and implement robust countermeasures.
Do you have a message for our readers?
What is paramount for security work at PayPay is maintaining accuracy even within a fast-paced environment. Among the “PayPay 5 senses” values that PayPay highly cherishes, I particularly emphasize the concept of “Work for LIFE, or Work for Rice.” Even for fundamental measures like applying patches, I meticulously consider their core purpose and value—such as “why we do it” and “how we do it”—and execute them promptly. Many security incidents stem from neglecting basic measures. If you are an individual who can keep pace with PayPay’s dynamism while simultaneously valuing fundamental principles, you will undoubtedly flourish at PayPay.
*Job openings and employee affiliations are current as of the time of the interview.