Independent builder, full-time. Ten years in cloud & data platform security — most recently leading the practice at KPMG Ignition Tokyo — with a long tail of open-source security contributions now living inside Apache, Kubernetes, Google, Microsoft, NASA, NIST, ClickHouse, ESLint, Vue, PyTorch and 60+ other public orgs. Same ten years as a relentless web-scraper too, though Claude now scrapes better than I ever did and I'm fine with that. I build products at the intersection of data and security, ideally both at once. Three are live today: invc.news, discover-onsen.com, and auditly.fyi.
Shipping auditly.fyi (compliance-as-code SaaS) · taking on one more cloud-security advisory client · in Tokyo through Q3 · open to senior / staff engineering roles in the U.S.
Each one solves a narrow, real problem at the intersection of data and security. All built solo. All running today.
Japanese-language tech news for the startup-curious.
An automated English→Japanese pipeline for global startup news. Custom scrapers feed a translation layer that feeds WordPress that feeds Google. Built half a decade before LLM translation was viable — still pulling daily organic traffic with zero maintenance.
A complete directory of Japan's hot springs.
22,000+ onsens across all 47 prefectures, filterable by type, amenities, and tattoo policy. Built for international travelers who want certainty about whether they'll be welcomed — and for domestic explorers chasing regional onsen culture.
Compliance that ships with your code.
Continuous scanning for accessibility, cookies, trackers, and privacy-policy adherence. Built for engineers, not auditors — structured JSON findings with DOM-level evidence, a public verification badge that auto-updates, and a REST API plus MCP server. Add a domain, verify in 60 seconds, scan with headless Chromium.
A decade of side bets across security and data infrastructure. Some made it. Many didn't. Each one taught me something I now use in the next build.
Processes Dependabot alerts so vulnerable dependencies are patched consistently instead of accumulating as tech debt. Targets the #1 supply-chain failure mode.
Enables GitHub Code Scanning (CodeQL) on private repositories that would normally need a paid Advanced Security seat — lowering the barrier for small teams.
Trivy + Grype + Gitleaks + Trufflehog + CodeQL behind one policy engine. Drops into GitHub Actions or Azure DevOps with one file. SBOM-native (SPDX/CycloneDX), AI-assisted risk scoring.
Pulls advisories from NIST & Vulners.com, enriches via OpenAI, publishes translated bulletins in four languages. For engineering teams that don't read English-first.
Large-scale GitHub automation experiment: orchestrate CodeQL scans across thousands of popular Python projects. Didn't mature into a service — but the orchestration patterns I learned still inform every pipeline I build now.
Years of small-but-real fixes shipped into the libraries and platforms that power the modern internet. A dedicated page tracks every merge, by org.
The first version is intentionally embarrassing. invc.news launched with one source and one language. The toolkit ships with one CI integration. Iteration beats grand plans.
I build automated systems, not one-off scripts. If it can run on a cron and not need me, it will. That's how a side project survives a day job.
Azure, Python, Postgres, ffmpeg. The interesting bit is what you compose, not what you run — most of my pipelines are five APIs in a trench coat.
Most of my tools eventually become OSS. Other people find bugs faster than I do, and the discipline of public code makes the internal version better too.
For seven years I led a small team running detection & response across client cloud environments — about 2,500 alerts a year — and the secure-SDLC programs that prevented half of them from happening in the first place. I've since left to build independently full-time.
I'm open to senior / staff engineering roles in the U.S., advisory work in security and data infra, and collaboration on open-source supply-chain tooling. The shortest path is email.