The CodeBlue Adventure: Japan, Snowflakes, and Cloudy Threats

Last week, I checked off a major milestone in my career: speaking at the CodeBlue Conference in Tokyo, Japan. For years, CodeBlue has been on my bucket list—that shining, slightly intimidating event where cybersecurity pros gather to share their wisdom. And let me tell you, it was as amazing as I’d imagined, with the added bonus of being my very first trip to Japan!

Let’s start with Japan itself. I mean, how do I even describe it? It’s like walking through a dream, where every street corner has something that makes you pause and think, “Wow, I’ve really crossed the world to be here.” The food? Incredible. I’m pretty sure I ate my weight in sushi and ramen, and I have zero regrets. The people? Incredibly polite and hospitable—I’ve never been anywhere that makes you feel so welcomed just for being yourself, even if yourself is a slightly lost foreigner who’s clearly too excited about vending machines. And let’s not forget the conference itself. CodeBlue delivered an experience that was every bit as vibrant, interesting, and high-energy as the city it was hosted in.

My talk was on building effective threat detection for Cloud and SaaS platforms, and I used the recent Snowflake Campaign as a real-world case study. For those who haven’t heard of it yet—no, it’s not about actual snowflakes, though that would have been cool too. The Snowflake Campaign was a significant security incident that exposed sensitive data from over 165 customers. And by “significant,” I mean “this is the stuff of nightmares for any security team.” We were the first to publicly disclose this breach, and that took a combination of guts and caffeine—because these things aren’t just about who found what, but about how and when you communicate to the broader community.

I broke down how we learned of the Snowflake Campaign, the attackers’ sneaky tactics to get in and exfiltrate information, and what organizations can do to protect themselves. It’s always interesting diving into how breaches happen, but the real joy for me is in sharing how you can build detections to catch these threats before they ruin your day. And the best part? Seeing the audience’s eyes light up—not with fear, hopefully, but with the realization that this stuff is solvable. We can do this; we can make the cloud a safer place.

One of the highlights of my talk was emphasizing the importance of visibility into both Cloud and SaaS environments. With more companies moving their operations into the cloud, it’s like we’re all trying to keep track of our belongings in a giant invisible backpack—and not knowing what’s in there is exactly what attackers are counting on. I shared practical detection strategies, and the audience showed that folks were really eager to take these strategies back home and put them to use (based on the amount of slides people took pictures of..). (Or at least, they were very polite about pretending to be interested. But hey, I’ll take it.)

Speaking at CodeBlue was also a great opportunity to reflect on how far I’ve come personally. I’ve dreamed of speaking at this event for a long time, and it’s not lost on me how lucky I am to get to be in this position—not just to travel to Japan, but to be able to share insights that might help other security professionals protect their organizations. I couldn’t have done it without an amazing support system. A big shout-out to my manager Ofer Maor, the wonderful folks at Mitiga, and everyone who’s encouraged me along the way. Honestly, I’d have been just as nervous giving this talk, but knowing I had people rooting for me made all the difference.

All in all, this trip was a mix of learning, sharing, and soaking in everything Japan had to offer—from cybersecurity lessons to cultural experiences. I’ve got a ton of memories, a new love for Tokyo’s impeccable public transportation, and some genuine excitement for what’s to come in the cybersecurity space. Here’s to many more milestones, many more moments where the community gets together to learn from each other, and yes—many more bowls of ramen.

If you’re interested in diving deeper into the Snowflake Campaign, the details of the breach, and the specific detections I recommended, stay tuned—I’ll be writing more technical posts soon. But for now, I’m just going to let this one simmer, bask in the CodeBlue afterglow, and maybe, just maybe, start plotting my next trip to Japan.

“You must understand that there is more than one path to the top of the mountain” — Miyamoto Musashi

Samurai