My Journey with Product Cybersecurity
My name is Tetsuya, and I now work as a Security & Privacy Specialist in the Product Security & Privacy Office (PCSO) at Continental Japan. I joined the J.DRIVE Program in 2020 after graduating from university because I wanted to develop automotive parts to ensure the safety of road users. Therefore, it was necessary to find out how I could contribute to such safety development.
The two-year J.DRIVE Program at Continental Japan is intended for new graduates and allows them to experience three positions in various Business Areas (BA) for six months each. During the program, I chose two positions in the Electronic Brake Systems (EBS) development department and my current position in PCSO, where I first encountered product cybersecurity.
During the assignment in PCSO, I was first assigned to investigate the latest amended Japanese vehicle act regarding cybersecurity due to the establishment of international regulations (i.e., UNR-155 and ISO/SAE 21434). With moving forward into the product cybersecurity field, I analyzed the international regulations in depth. I learned that vehicle cybersecurity needs to be achieved, and it cannot be accomplished without the commitment of a Cybersecurity Management System (CSMS) of the entire supply chain.
At the same time, a Japanese OEM started its suppliers' CSMS evaluation due to the advancements of such regulations. With the result of my analysis of the relevant international regulations, I supported my colleagues to prepare evidence based on Continental Automotive (CA) Rules for product cybersecurity that are part of our CSMS. Honestly, the evaluation was strict and tough. However, because of the sufficiency of the CA Rules, our CSMS was well evaluated by the OEM. Through this assignment, I learned the importance of having strong CS rules as well as CS technologies. As a result, I decided to participate in the improvement of CA rules as it was clear other OEMs would follow suit with the CSMS evaluations.
As the final assignment, I returned to the EBS development department. I developed practical skills in CS technologies by supporting many projects. It was extremely interesting for me to study cryptography and CS functions that I was unfamiliar with. Throughout this assignment, I realized that safety, which was my core motivation, cannot be achieved without ensuring security. Therefore, I decided to work in the product cybersecurity field, where I can contribute to the safety of road users as a result of my work. After the end of the J.DRIVE Program, I was officially assigned to the position in PCSO.
Until today, I have gotten to know so many cybersecurity experts in Continental. Although I was inexperienced at first, everyone is really kind and teaches me everything. Also, managers and colleagues trust me and let me do challenging tasks. Thanks to such Continental core values, I was able to accomplish other OEMs' supplier CSMS evaluations. In addition, I got the chance to reflect my findings in CA Rules. Now, I’m playing a major role in revising a CA Rule for product cybersecurity engineering with the help of central functions and all BAs.
Before joining Continental, I totally did not expect that I could have such challenging opportunities so early in my career. Also, thanks to the J.DRIVE Program, I was able to encounter this interesting field, product cybersecurity. I’ll keep developing my practical skills further and work for internal/external standardization. Since many colleagues in the world are working for international or regional organizations for standardization and I’m a member of Japan-Auto-ISAC as well, Continental can easily and promptly reflect it in its CA Rules. I’m sure that the cybersecurity in Continental will continue to advance, and I’d love to keep contributing to it. I strive to become an acknowledged CS expert, and Continental has given me the first step in my journey.