sorah.jp

Sorah Fukumori

Software Engineer

Sorah is a Rubyist, and a Rustacean. Sorah has a broad expertise, including: Cloud infrastructure, Security, Digital identity & authentication, Network. And is capable to act as a full-stack engineer ranging from low-level infrastructure to web frontend.

Sorah's currently working as a software enginner for IVRy, ranging from Cloud Infrastructure and Security, to IT.

During her spare time, Sorah is sometimes powers conference up with Wi-Fi, organizes an international conference on Ruby, contributes to Ruby Core, and operates non-commercial BGP AS 59128.

Sorah is also known as: sora_h, soraher, そらは, 福森空葉

Links and Contacts

More →

Professional Experiences

IVRy

Principal Software Engineer
April 2025 -

    Cookpad Inc.

    Staff Software Engineer (Platform, Security and IT) and CISO
    April 2012 - March 2025
    • Played various important roles in the company. Responsible for: End-user facing cloud infrastructure and its reliablity, Security, and Employee Productivity (IT and Engineering Platform) in the both Cookpad Japan and Global organisation.

    Corporate Engineering Team (aka. IT)

    Head of IT and Security, CISO
    Janurary 2024 - March 2025
    • Responsible for Security, IdP, MDM, corporate IP network, and Employee Productivity.
    • Launched an internal workflow and ticketing system called "Fryegg", which replaces ServiceNow, by utilizing AWS Step Functions and other serverless systems with Ruby and Rails. Most of legal related workflows and purchasing related workflows has been replaced with AWS Step Functions. (Slide deck, 2023-2024)
    • Delivered office relocation to Tokyo; Designed and built office network and physical security. (2024)

    Corporate Engineering Team (aka. IT)

    Staff Software Engineer (IT and Security)
    October 2019 - December 2023
    • Responsible for Security, IdP, MDM, corporate IP network, and Employee Productivity.
    • Delivered a Google Workspace primary domain rename with zero downtime and confusion, including most of external SaaS used in the company. (Blog post, 2023)
    • Delivered office relocation to Yokohama; As a part of responsibility, delivered IT and Network related changes, but not limited to: Assisted a lot of things by working closely with board members. During the project, Sorah redesigned corporate office networks and moved core functionality to a data centre. (2021)
    • Led technical operation of annual global all-hands meetings; Designed and operated a single live stream with speakers from various locations worldwide, including office premises and remote attendees. (2019-2020)
    • Launched a IT team in company's UK office to improve local operations and support coverage of its local employees. Ran onboarding of the initial member hired locally. (2019)
    • Built Jamf and Intune setup; Enabled iOS/Android BYOD based on Intune, migrated all corporate-owned MacBooks to Jamf-controlled, and enabled zero-touch setup for most devices. (2018-2019, 2022)
    • Built multi-region Active Directory fleet for LDAP workloads, along with Azure AD (Entra ID) as a primary IDaaS. (2019)
    • Built in-house web-based tool to self-manage passwords and groups in Active Directory. It also actively replicates data to separate OpenLDAP instance for gradual consolidation with AD. (2017)
    • Organized the company's tech conference 'Cookpad TechConf'; This includes running Wi-Fi for a large number of attendees. (Blog post; 2017-2019, 2022)

    Platform Engineering Team

    Staff Software Engineer (Platform)
    May 2015 - March 2025
    • Responsible for Security and Developer Experience in Japan and Global organisation.
    • Contributed to the One Experience project that migrates systems and data owned by Japan organisation to Global based systems and platform. Acted as a bridge between Japan and Global organisation, not limited to simple bridge between English and Japanese language. Led security risk management and discovery on data and system migration. (2024)
    • Decommissioned a traditional IPsec appliance and replaced with Twingate to enhance security of non-Web based internal servers with per-DNS-name access control. (2022)
    • Launched efforts to improve communication between end-users, support team, and SRE team during service outages and issues. A service status page was also published during the project. (2020)
    • Led severe security incident response at private information exposure in the album feature (「料理アルバム」における保存写真の表示不具合). (2020)
    • Proposed and executed legacy TLS deprecation (TLS 1.0 and 1.1), to keep following modern best practices in the industry. Launched a in-house portal to allow service developers to check legacy protocol usage in their systems, and turn them off easily. (Blog post, 2020)
    • Designed and built a IoT infrastructure for Cookpad Mart for fridges and label printers with SORACOM; This includes Linux base system images for Raspberry Pi with CI, fleet management service including OTA update delivery and network infrastructure to connect server-side systems with deployed IoT devices. (blog post, 2019)
    • Ran in-house ISUCON (web app performance competition) as a company-wide activity in the engineering organisation to share knowledge of designing and building high performance web application. (2019)
    • Built a multi-region aware SSH bastion server that a single connection to a bastion in the closest region can reach servers in all regions and data centers. (2018)
    • Built a in-house mobile app distribution service 'Haneda'; All employees can install nightly apps or in-house apps easily into their mobile phones. (2018)
    • Launched a in-house portal to self-manage AWS IAM user and console access; This removed human intervention to issue access keys on their first use. (2018)
    • Assisted a launch of SRE team dedicated for international service located in UK, including onboarding the initial members hired locally. (2017-2018)
    • Migrated GitHub Enterprise Server from on-premises to AWS. Cookpad was the initial customer for its AWS support. (Blog post, 2015)
    • Launched a new infrastructure for international service ('Global') from scratch in a AWS region apart from domestic service, and enhanced use of AWS managed services and features. (2015)

    Development Infrastructure Team

    Software Engineer
    April 2012 - April 2015
    • Delivered several Ruby and Rails upgrades of the world's largest Rails monolith, including migration to protect_from_forgery.
    • Delivered Mamiya, to enable fast deployment of large application to large server fleet.
    • Developed Envchain, which make use of environment environments for secrets on local development more secure.

    Works available as a Open Source Software

    mairu

    April 2024
    • Envchain like command line utility for AWS SSO. This tool simplifies using multiple AWS IAM roles in developers' local machine by auto role ARN detection, and also secures AWS SSO usage by storing everything on memory and avoid persisted credentials on its disks.

    himari

    March 2023
    • A small OIDC IdP backed with Omniauth designed for small teams and organisations, and targeted to run in AWS Lambda for low running cost. RubyKaigi and KMC uses this to provide their team members an access to their AWS account and OIDC-enabled AWS ALB using GitHub login, in combination with sorah/himari2amc

    needroleshere

    September 2022
    • An alternative helper software for AWS IAM Roles Anywhere targeted for Linux server machines, to bring several advantages over the official one including: Scoped exposure of credentials (without giving direct access to the certificate), systemd integration; Built in Rust.

    apigatewayv2_rack

    October 2022
    • A lightweight Ruby library to run a Rack web application in AWS Lambda through API Gateway and Function URL.

    ecamo

    November 2021
    • An HTTP image proxy with JWT authentication for my company's internal pages to deal with 3rd party cookie. Integrates with Fastly Compute@Edge for edge caching, as we had employees worldwide. Built in Rust.

    takeout-app

    August 2021

    sponsor-app

    November 2018

    himeko

    September 2018
    • A web application provides AWS IAM access key self service and federated login to AWS management console, based on IAM users.

    clarion

    December 2017
    • Web-based FIDO U2F helper for CLI operations (e.g. SSH logging in)

    hocho

    December 2016
    • Wrapper for Itamae to make it easily use with a lot of servers by inventory.

    codily

    June 2016
    • A tool to codificate a configuration of Fastly CDN in Ruby DSL.

    acmesmith

    February 2016
    • A simple, effective ACME client to use with many servers and a cloud.
    • ACME Protocol is used at Let's encrypt for automating SSL certificate issuing. Acmesmith is the simplest client that works with several cloud providers for securing keys.

    nginx_omniauth_adapter

    September 2015

    Mamiya

    September 2014

    Envchain

    June 2014

    days

    January 2013
    • Simple blog system built up with Sinatra, written in Ruby.

    Find more at my GitHub.

    Selected Activities and Affiliations

    RubyKaigi

    Conference Organizer, Wi-Fi Network Operations Lead
    September 2017 - present
    • RubyKaigi is the world's largest international conference on the Ruby programming language.
    • Manages Wi-Fi service for a large number of attendees (approx 1,300 devices); GitHub Repo, Blog post (2023), Blog post (2017)
    • Run Sponsor Relations; Maintains sponsor-app for CRM.
    • Maintains on-site digital signages: signage-app.
    • Operated virtual venue during COVID-19 for remote attendees; Built a web application called takeout-app.
    • Wi-Fi and Network Operations; Running a large Wi-Fi network for attendees.

    Ruby

    Committer (developer)
    February 2011 - present
    • Contribute as a committer of Ruby programming language.
    • Also participate as a member of official web site editorial team.

    ISUCON10

    Organizer and problem writer (final round)
    April 2020 - October 2020

    IOI 2018 (30th Int'l Olympiad in Informatics)

    Tech lead, Host Technical Committee
    July 2017 - September 2018
    • IOI is the large, annual international competitive programming contest for secondary school students. IOI 2018 was held in Japan, and I participated as a tech lead in its host country technical committee.
    • Designed and built a whole infrastructure to run on-site competitive programming contest on AWS and on-premises; Deploying judging systems, printing systems, translation support systems, contest seating management systems, on-site IP network with strict security policies.
    • https://stats.ioinformatics.org/olympiads/2018
    • https://github.com/jcioi/ioi-htc
    • https://github.com/jcioi/ioi_console

    ISUCON4

    Organizer and problem writer
    August 2014 - November 2014

    Sinsai.info

    Developer
    March 2011 - December 2011
    • Sinsai.info provided informations for victims of 3.11 Japan disaster.
    • I re-built Twitter crawler to improve performance, and added location based search using GPS for mobile devices.

    Find more contributions at my GitHub.

    Skills, Expertises

    Certifications

    Talks

    Honors, Awards and Prizes

    AWS GameDay at re:Invent 2022: 1st place (Monday Afternoon)

    December 2022

    ISUCON9: 1st place

    September 2019 - November 2019

    AWS GameDay at re:Invent 2019: 1st place (Afternoon)

    December 2019

    ISUCON5: 2nd place

    September 2015 - November 2015

    第 7 回 日本OSS奨励賞 (Japan OSS Contributors Award)

    March 2012

    Other Affiliations

    Kyoto university Microcomputer Club (KMC)

    Member, Sysadmin
    August 2014 - present

    Education

    Utsunomiya-shi Yohoku Junior High School '12

    April 2009 - March 2012
    • 宇都宮市立陽北中学校

    Appearances