Training Case Study
Pioneering the Field of Web Security: Cyber Security CloudKey to Training New Graduates: 'How to Overcome Challenges in the Real World'
Cyber Security Cloud, Inc.
Yoji Watanabe, Representative Director & CTO
Mr. Yoji Watanabe
Mr. Watanabe (right), CTO of Cyber Security Cloud; center: company mascot WAF-kun; Mr. Satomi (left), CEO of Fignny
INTERVIEW
At Cyber Security Cloud, Inc., we believe it’s essential for every employee to possess application knowledge and be able to provide security solutions to our clients. We want to offer all staff continuous learning opportunities. When we were planning a self-directed training program for new graduates—focusing on helping them independently catch up on technical skills and solve problems—we turned to Fignny, known for its expertise in nurturing highly capable engineers. We spoke with Mr. Watanabe, our Representative Director and CTO, about the training outcomes, his impressions, and his perspective on human resource development.
Could you tell us about your company’s business?
As our name 'Cyber Security Cloud' suggests, we primarily operate in the field of cybersecurity. We develop and sell our own security products—most notably WAF (Web Application Firewall), which protects websites from cyberattacks. Our offerings also include products such as 'Attack Interceptor-kun', 'Waf Charm', the vulnerability management tool 'SIDfm', and 'Cloud Fastener', a security solution for cloud applications.
What was the deciding factor in choosing our 'Self-Driven Engineer' training program?
One major reason for me was that Fignny is involved in contract-based development. Unlike companies that only specialize in training, I felt Fignny could provide practical, hands-on knowledge drawn from real-world trends and experience—something that is often missing in purely academic training. "Training engineers to be self-driven" was another important point that resonated with my own beliefs. I’ve long wanted to implement this kind of training, and Fignny’s program aligned perfectly. Rather than just teaching technical skills, it focuses on "how to approach challenges" and "how to overcome real-world obstacles on the job"—which are crucial aspects. That was the biggest reason we chose this program. Also, the fact that Fignny specializes in custom-designed training was key. We were able to request a one-month intensive program. In longer programs, trainees learn rapidly at first, but once they grasp the basics, progress tends to plateau. That’s why we preferred to compress a three-month program into one month.
Thank you. From my experience as an engineer, the ability to independently resolve errors was something I especially wanted to emphasize. In cybersecurity too, since new threats constantly emerge, the ability to keep learning on your own is vital, isn’t it?
Exactly. In this training, we used Python and TypeScript as programming languages. While they might not always be used directly on the job, the program helped establish a foundation for learning new technologies. So I feel that our new graduate hires are now prepared to continue learning and catching up with evolving technologies.
Among the seven trainees, some weren’t engineers—such as those assigned to Sales or Customer Success (CS)—who might not touch programming languages in their work. Was there a specific reason for including them in the training?
Our company provides cybersecurity through web applications, so understanding applications is essential to grasping our products. While not all sales staff currently have technical knowledge, we wanted to give everyone a learning opportunity. For CS roles in particular, it’s hard to propose appropriate security measures without understanding the client’s application. We wanted CS members to understand how applications behave. Security engineers also benefit—having application and software knowledge helps when performing diagnostics or using various tools. In general, there are engineers doing vulnerability assessments without any background in app development. But if they do have that experience, they’ll better understand the interface between applications and security logic and can implement with a more user-focused perspective. So, we wanted even non-developers to join the engineering training because having development knowledge leads to higher quality outcomes.
How was the experience of actually going through the training?
Since we set a high goal—compressing what is usually a three-month training into just one month—we didn’t expect perfect results. Instead, we focused on how much could be achieved in that limited time. The trainees themselves clearly understood what they accomplished and where they fell short, so I believe the program was effective. Although they didn’t fully complete the application, I think their learning curve accelerated significantly.
On the final day, there was a presentation session where the trainees shared their results with senior team members. What were your impressions of their achievements?
It was especially valuable that they experienced the full process of building an application from the ground up. Additionally, a natural environment of peer support among the trainees developed, which I think was another great outcome.
If you were to consider using our training again in the future, is there anything you would hope to see?
The content was excellent. If I had to make one suggestion, it would be to provide more opportunities for in-person interaction with instructors. Our trainees will increasingly work face-to-face in the future, so I’d like them to get used to real-life communication. For example, sessions with explanations on a whiteboard could be a great experience—maybe having in-person classes once a week would be ideal.
That makes sense. We’d love to incorporate that in future sessions. By the way, if you had to score this training out of 100, what would it be?
If I had to give it a score, I’d say 150—no, 200 out of 100.
There’s no way I could run this kind of training myself, and I don’t think a typical training company could’ve offered this level of flexibility, so I was extremely pleased.
Thank you. We’re a small, specialized team, so while our capacity is limited, we remain committed to human-led, flexible, customized training. That principle will continue to be a core part of our approach.
Lastly, could you share your outlook for the future of your company?
We are one of the very few security vendors based in Japan. Demand for cybersecurity is rising globally, and we plan to expand our business further in markets like the U.S. and APAC. One of the most exciting aspects of our work is the opportunity to have something you’ve built or contributed to used by people around the world. For the engineers who join us, participating in global product development is one of the most rewarding parts of working here. We intend to continue driving our business in that direction.
For document downloads and inquiries, please click here
Detailed case studies
not included on this site
