Although born (1971) and raised in Southern California, since my parents had immigrated to the United States from Japan in the 1960s, my upbringing was both bilingual and bicultural.
A precocious youngster, I began tinkering with computers in middle school. And by high school I was coding software applications for small-business clients. But that was meant to be a sideline on the way to fulfilling my parents’ dream that I become a doctor.
Even once I entered UC Riverside’s pre-med program, though, it was tough to keep my “sideline” on the side. Opportunities just kept falling in my lap. And so, from my dorm room, along with a partner, we incorporated our company, I/O Software, to develop custom software applications for Japanese electronics manufacturers.
Over time, we started developing our own information security platform and associated application suite and, after over four years, I decided to focus on the dream of pioneering in a growing information security industry.
By the late 1990s, our solution had become the de facto standard for authentication on the PC, licensed to several dozen companies around the world. Eventually, Microsoft acquired the rights to our technology in 2000.
As a result, I suddenly found myself free and wondering what to do next.
From our real-world work in biometrics, encryption and authentication I had some very deep insights into cybersecurity, but by then I’d had my fill of coding and longed to do something different. And what began to compel me was the challenge of hybridizing California’s start-up culture with the disciplined execution of Japanese ingenuity. So in 2005 I moved to Tokyo.
Setting up a boutique venture capital/consultancy – InTecur – I began working with young prospective entrepreneurs, providing advice and, in some cases, investment. But as I explored Japan’s start-up ecosystem – such as it was and is – I soon encountered a thicket of cultural and regulatory obstacles that prevent new ventures from sprouting.
For starters, although “entrepreneur’ isn’t exactly a dirty word in Japan,” if you choose that path your mother won’t dare tell the neighbors. There is huge pressure to pursue a ‘secure’ career – and if you try to start something from scratch, good luck finding financing. In the U.S., by contrast, start-up jobs are seen as “cool” with an ecosystem eager to support them.
Nonetheless, in business, government, academia and the media Japanese were all eager to discover the “secret” behind California’s dynamic start-up culture. And as the son of Japanese immigrants who had launched a start-up from my dorm room, I quickly became the “go-to-guy,” called on to reveal how Japan could do it, too.
Soon I found myself speaking to audiences all over the country, evangelizing the changes I see as essential to revitalizing Japan’s entrepreneurial dynamism. Admittedly, it was an ego boost to have my opinions taken so seriously, which is perhaps why I couldn’t say ‘no’ to any invitation. But this was not a calculated career strategy. I saw it simply to contribute and give back to the society of my ancestral homeland.
Although I never sought out such opportunities, my rising profile led to invitations to join – often as a volunteer – a slew of organizations seeking paths to the types of reform I was advocating. Eventually this led me into the murky, intrigue-fueled world of Japanese government policy-making. And as a brash, opinionated American outsider, suffice it to say that ultimately my input was not entirely comforting to many powerful entrenched interests.
While it was entrepreneurship and innovation that drew me into Japan’s public policy realm, it was literally by way of accident that I was drawn back into cybersecurity. In the wake of the 2011 Tohoku quake, tsunami and nuclear disaster, I was drafted to help set up, among other things, a secure network for the National Diet of Japan’s independent investigation commission into Fukushima Daiichi. Ever since that experience revealed to me the woeful inadequacies of Japan’s information technology and cyber defenses, my activities have been focused once again on cybersecurity.
Around the same time, I became closely involved with the World Economic Forum, primarily as an advocate of rational cybersecurity policy. My contribution to this issue is less strictly technical – I no longer program or write algorithms – and more in terms of strategy, norms and policy development. My concern is to educate corporate and government policy-makers on smart ways to ensure robust security without impairing the usability of technology and enabling online trust and our respective economies.
As I embark on a new chapter of my career, my perspective is increasingly global and focused on the ever-more-urgent question of information security – which is where I started out 25 years ago.