Sorah Fukumori
Software Engineer
Sorah is a Rubyist, and a Rustacean. Sorah has a broad expertise, including: Cloud infrastructure, Security, Digital identity & authentication, Network. And is capable to act as a full-stack engineer ranging from low-level infrastructure to web frontend.
Sorah's currently working as a software enginner of Platform and Corporate Engineering (IT) for Cookpad and is serving as head of Security (CISO) and IT.
During her spare time, Sorah is sometimes powers conference up with Wi-Fi, organizes an international conference on Ruby, contributes to Ruby Core, and operates non-commercial BGP AS 59128.
Sorah is also known as: sora_h, soraher, そらは, 福森空葉
Links and Contacts
Professional Experiences
Cookpad Inc.
Staff Software Engineer (Platform, Security and IT) and CISO
April 2012 - Present- Plays various important roles in the company. Responsible for: End-user facing cloud infrastructure and its reliablity, Security, and Employee Productivity (IT and Engineering Platform) in the both Cookpad Japan and Global organisation; Note: Cookpad Global develops and operates international service independently from Japan domestic business.
- From January 2024, assumed role of CISO and started to serve as head of Security and IT. However still working as an individual contributor for areas I responsible for.
Corporate Engineering Team (aka. IT)
Head of IT and Security, CISO
Janurary 2024 - Present- Responsible for Security, IdP, MDM, corporate IP network, and Employee Productivity.
Corporate Engineering Team (aka. IT)
Staff Software Engineer (IT and Security)
October 2019 - December 2023- Responsible for Security, IdP, MDM, corporate IP network, and Employee Productivity.
- Delivered a Google Workspace primary domain rename with zero downtime and confusion, including most of external SaaS used in the company. (Blog post, 2023)
- Contributed to system design of in-house workflow and inquiries management system; built with Rails, React and AWS Step Functions. (2023)
- Delivered office relocation to Yokohama; As a part of responsibility, delivered IT and Network related changes, but not limited to: Assisted a lot of things by working closely with board members. During the project, Sorah redesigned corporate office networks and moved core functionality to a data centre. (2021)
- Led technical operation of annual global all-hands meetings; Designed and operated a single live stream with speakers from various locations worldwide, including office premises and remote attendees. (2019-2020)
- Launched a IT team in company's UK office to improve local operations and support coverage of its local employees. Ran onboarding of the initial member hired locally. (2019)
- Built Jamf and Intune setup; Enabled iOS/Android BYOD based on Intune, migrated all corporate-owned MacBooks to Jamf-controlled, and enabled zero-touch setup for most devices. (2018-2019, 2022)
- Built multi-region Active Directory fleet for LDAP workloads, along with Azure AD (Entra ID) as a primary IDaaS. (2019)
- Built in-house web-based tool to self-manage passwords and groups in Active Directory. It also actively replicates data to separate OpenLDAP instance for gradual consolidation with AD. (2017)
- Organized the company's tech conference 'Cookpad TechConf'; This includes running Wi-Fi for a large number of attendees. (Blog post; 2017-2019, 2022)
Platform Engineering Team
Staff Software Engineer (Platform)
May 2015 - Present- Responsible for Security and Developer Experience in Japan and Global organisation.
- Decommissioned a traditional IPsec appliance and replaced with Twingate to enhance security of non-Web based internal servers with per-DNS-name access control. (2022)
- Launched efforts to improve communication between end-users, support team, and SRE team during service outages and issues. A service status page was also published during the project. (2020)
- Led severe security incident response at private information exposure in the album feature (「料理アルバム」における保存写真の表示不具合). (2020)
- Proposed and executed legacy TLS deprecation (TLS 1.0 and 1.1), to keep following modern best practices in the industry. Launched a in-house portal to allow service developers to check legacy protocol usage in their systems, and turn them off easily. (Blog post, 2020)
- Designed and built a IoT infrastructure for Cookpad Mart for fridges and label printers with SORACOM; This includes Linux base system images for Raspberry Pi with CI, fleet management service including OTA update delivery and network infrastructure to connect server-side systems with deployed IoT devices. (blog post, 2019)
- Ran in-house ISUCON (web app performance competition) as a company-wide activity in the engineering organisation to share knowledge of designing and building high performance web application. (2019)
- Built a multi-region aware SSH bastion server that a single connection to a bastion in the closest region can reach servers in all regions and data centers. (2018)
- Built a in-house mobile app distribution service 'Haneda'; All employees can install nightly apps or in-house apps easily into their mobile phones. (2018)
- Launched a in-house portal to self-manage AWS IAM user and console access; This removed human intervention to issue access keys on their first use. (2018)
- Assisted a launch of SRE team dedicated for international service located in UK, including onboarding the initial members hired locally. (2017-2018)
- Migrated GitHub Enterprise Server from on-premises to AWS. We were the initial customer for its AWS support. (Blog post, 2015)
- Launched a new infrastructure for international service ('Global') from scratch in a AWS region apart from domestic service, and enhanced use of AWS managed services and features. (2015)
Development Infrastructure Team
Software Engineer
April 2012 - April 2015Works available as a Open Source Software
himari
March 2023- A small OIDC IdP backed with Omniauth designed for small teams and organisations, and targeted to run in AWS Lambda for low running cost. RubyKaigi and KMC uses this to provide their team members an access to their AWS account and OIDC-enabled AWS ALB using GitHub login, in combination with sorah/himari2amc
needroleshere
September 2022- An alternative helper software for AWS IAM Roles Anywhere targeted for Linux server machines, to bring several advantages over the official one including: Scoped exposure of credentials (without giving direct access to the certificate), systemd integration; Built in Rust.
apigatewayv2_rack
October 2022- A lightweight Ruby library to run a Rack web application in AWS Lambda through API Gateway and Function URL.
ecamo
November 2021- An HTTP image proxy with JWT authentication for my company's internal pages to deal with 3rd party cookie. Integrates with Fastly Compute@Edge for edge caching, as we had employees worldwide. Built in Rust.
takeout-app
August 2021- A web application for conference virtual venue (live stream, chat) for RubyKaigi. Built using Rails, React, Amazon Chime SDK, and Amazon IVS.
- Details posted on AWS Blog: https://aws.amazon.com/blogs/business-productivity/how-rubykaigi-built-an-event-site-in-days-with-the-amazon-chime-sdk-and-amazon-ivs/
sponsor-app
November 2018- A web application for conference sponsorships coordination and arrangement. Used at RubyKaigi; sponsorships.rubykaigi.org
himeko
September 2018- A web application provides AWS IAM access key self service and federated login to AWS management console, based on IAM users.
clarion
December 2017- Web-based FIDO U2F helper for CLI operations (e.g. SSH logging in)
hocho
December 2016- Wrapper for Itamae to make it easily use with a lot of servers by inventory.
codily
June 2016- A tool to codificate a configuration of Fastly CDN in Ruby DSL.
acmesmith
February 2016- A simple, effective ACME client to use with many servers and a cloud.
- ACME Protocol is used at Let's encrypt for automating SSL certificate issuing. Acmesmith is the simplest client that works with several cloud providers for securing keys.
nginx_omniauth_adapter
September 2015- A Rack app to use Omniauth with nginx.
- nginx で omniauth を利用してアクセス制御を行う - クックパッド開発者ブログ
Mamiya
September 2014- Fast deployment tool using tarballs and serf. This is used for cookpad.com, a web application backed with 150+ app servers.
- Engineers in Cookpad can deploy within around 30 seconds for 150+ servers by this software.
- Scalable Deployments - How we deploy Rails app to 150+ hosts in a minute // Speaker Deck
Envchain
June 2014- Secure credentials in environment variable; set them from OS X's keychain.
- OS X キーチェーンから環境変数をセットするツールを作りました - クックパッド開発者ブログ
days
January 2013- Simple blog system built up with Sinatra, written in Ruby.
Find more at my GitHub.
Selected Activities and Affiliations
RubyKaigi
Conference Organizer, Wi-Fi Network Operations Lead
September 2017 - present- RubyKaigi is the world's largest international conference on the Ruby programming language.
- Manages Wi-Fi service for a large number of attendees (approx 1,300 devices); GitHub Repo, Blog post (2023), Blog post (2017)
- Run Sponsor Relations; Maintains sponsor-app for CRM.
- Operated virtual venue during COVID-19 for remote attendees; Built a web application called takeout-app.
- Wi-Fi and Network Operations; Running a large Wi-Fi network for attendees.
Ruby
Committer (developer)
February 2011 - present- Contribute as a committer of Ruby programming language.
- Also participate as a member of official web site editorial team.
ISUCON10
Organizer and problem writer (final round)
April 2020 - October 2020- ISUCON is the famous web app performance competition of Web applications in Japan. I, @mirakui, and @rosylilly were participated as organizer and problem writer for ISUCON10.
- Led a incident response for various system failures during the qualification round. Wrote a postmortem blog post.
- Built a web-based system to run the competition (isucon/isucon10-portal); This includes judge, benchmark queue, leaderboard, and clarification forms. Used by contestants and admins during the competition.
- Managed a contestant server system image in the final round.
- Wrote a WebPush server (RFC8030, RFC8291, RFC8292) for the final round benchmarker in Go.
- https://github.com/isucon/isucon10-final
- ISUCONの問題作成の舞台裏を2020年の出題チーム・白金動物園に聞いてみた - エンジニアHub|Webエンジニアのキャリアを考える!
IOI 2018 (30th Int'l Olympiad in Informatics)
Tech lead, Host Technical Committee
July 2017 - September 2018- IOI is the large, annual international competitive programming contest for secondary school students. IOI 2018 was held in Japan, and I participated as a tech lead in its host country technical committee.
- Designed and built a whole infrastructure to run on-site competitive programming contest on AWS and on-premises; Deploying judging systems, printing systems, translation support systems, contest seating management systems, on-site IP network with strict security policies.
- https://stats.ioinformatics.org/olympiads/2018
- https://github.com/jcioi/ioi-htc
- https://github.com/jcioi/ioi_console
ISUCON4
Organizer and problem writer
August 2014 - November 2014- ISUCON is the famous performance tuning competition of Web applications in Japan. At 2014, ISUCON4 held and I, @mirakui, and @rosylilly were participated as organizer and problem writer.
- 4: ISUCON4 Postmortem - Admins Bar
Sinsai.info
Developer
March 2011 - December 2011- Sinsai.info provided informations for victims of 3.11 Japan disaster.
- I re-built Twitter crawler to improve performance, and added location based search using GPS for mobile devices.
Find more contributions at my GitHub.
Skills, Expertises
- Programming Languages: Ruby, Rust, TypeScript, and Golang
- Cloud Platforms: Amazon Web Services
- Provisioning: Terraform, Puppet, Itamae
- Linux Distros: Debian, Ubuntu, Arch Linux and Gentoo
- Linux init systems: systemd
- Security: X.509 fundamentals, Cryptography fundamentals, OAuth 2, OpenID Connect, SAML, LDAP; Microsoft Intune, Jamf, Active Directory, Microsoft Entra ID
- Web backend frameworks: Ruby on Rails and Sinatra
- Web frontend frameworks: React (React Router, Next.js)
- IP Network: Cisco IOS, Juniper Junos, Ubiquiti Edgerouter; BIRd, strongSwan, Linux networking stack.
- Databases: MySQL, DynamoDB, Redis
Certifications
- AWS Certified Solutions Architect - Associate (Nov 2018-2021)
Talks
- Serverless IdP for Small Team (Lightning talk at RubyKaigi 2023, May 2023)
- RubyKaigi のはなし (Keynote for Fukuoka RubyistKaigi 03, Feb 2023)
- RubyKaigi Takeout 2021 バーチャル会場 & 配信の技術的舞台裏 (Architect New World on AWS 2022, Apr 2022)
- Fastly in Cookpad (Fastly Yamagoya 2017 in Tokyo, Oct 2017)
- Keynote (Oedo RubyKaigi 06, Mar 2023)
- Building infrastructure for our global service (Cookpad TechConf 2017, Jan 2017)
- acmesmith: An effective ACME client (http2study #8, May 2016)
- Scalable Deployments - How we deploy Rails app to 150+ hosts in a minute (RubyKaigi 2014, Sep 2014)
- Parallel Testing World (RubyConf 2011, Nov 2011)
Honors, Awards and Prizes
AWS GameDay at re:Invent 2022: 1st place (Monday Afternoon)
December 2022- "AWS GameDay is an interactive team-based learning exercise designed to give players a chance to put their AWS skills to the test in a real-world, gamified, risk-free environment."
- https://twitter.com/unicorn_rentals/status/1598221226781990912
- https://twitter.com/unicorn_rentals/status/1598475023156928513
ISUCON9: 1st place
September 2019 - November 2019- ISUCON is a famous performance tuning competition of Web applications in Japan.
- At ISUCON9 in 2019, our team 白金動物園 took 1st place at the final round.
- http://isucon.net/archives/53877800.html
AWS GameDay at re:Invent 2019: 1st place (Afternoon)
December 2019- "AWS GameDay is an interactive team-based learning exercise designed to give players a chance to put their AWS skills to the test in a real-world, gamified, risk-free environment."
- https://twitter.com/AWSreInvent/status/1202050428248248320
ISUCON5: 2nd place
September 2015 - November 2015- ISUCON is famous web performance tuning competition of Web applications in Japan.
- At ISUCON5 in 2015, our team 白金動物園 took 2nd place at the final round.
- http://diary.sorah.jp/2015/11/02/isucon5f
第 7 回 日本OSS奨励賞 (Japan OSS Contributors Award)
March 2012Other Affiliations
Kyoto university Microcomputer Club (KMC)
Member, Sysadmin
August 2014 - present- Participating for a project running AS (autonomous system) + eBGP in KMC network. (AS59128)
- https://www.kmc.gr.jp/projects/as/
Education
Utsunomiya-shi Yohoku Junior High School '12
April 2009 - March 2012- 宇都宮市立陽北中学校