A hacker is about to penetrate all cyber defenses in: 

free website builder

"But far more incidents can happen than will happen."

The number and kind of incidents that a CEO and Board are willing to tolerate is their business decision, not a technical one of cybersecurity consultants.

Purchasing cybersecurity services without knowing that number is overspending (or underspending) on protection against incidents than can—but never will—happen. It is like perpetually betting on a horse that is always ineligible to enter any race.

CORE’s C-level industry experts help the CEO and board to frame the problem of cyber threats correctly, one that involves strategic business decisions about investment tradeoffs specific to each company and industry.

CORE then integrates the appropriate cyber resilience into the company's management, governance, and technology in fulfillment of the CEO and Board's strategic decision.

Wayne Shaw
Founder and CEO



CORE empowers you — CEOs and Board Directors — to manage your cyber risks correctly: as a strategic investment that tolerates a certain number of incidents.

CORE then works with your CIO, CISO, and other technical staff to integrate appropriate cyber resilience and cybersecurity in management, governance, and technology within your boundaries.

FOR THE CEO AND BOARD  —   CORE Cyber Strategy™ Services


"How much should we spend on cybersecurity measures?"

This is a fiduciary business decision of the CEO and Board Directors, not a technical decision by technologists or consultants. CORE helps the CEO and Board to frame the problem correctly in order to answer this central strategic investment question. And this must be done before any money is budgeted or spent on cyber resilience and cybersecurity initiatives.

CORE is the only  firm in Japan with the integrated cyber-expertise in law, strategy and governance, industry, and technology. 

CORE helps its clients to achieve continuity in all parts of the integration of cyber resilience and cybersecurity with the management, governance, and technology per the strategic investment by the CEO and Board. Upstream in this work are the regulatory and business case pieces that are specific to each of our clients and their industries.

THE CORE WAY — Business Case before Tech Investments

1. CORE determines what regs actually apply to you

CORE starts by analyzing the governing cyber laws and regulations to determine the ones to which the Client must comply, to what extent, and by when. The analysis is specific to the client's business activities and industry. 

2. CORE helps you to specify your risk tolerance 

CORE creates a business case to help fiduciaries to identify the many investment trade-offs involved in the job of integrating cyber resilience into the client's management, governance, and technology. 

3. CORE familiarizes the CEO and Board on their roles

CORE recommends compliance guidelines to fiduciaries so they can properly perform their own duties regarding mitigation, management, and response to incidents. 

Finally: You are ready for the technology

At this point, the client is well-positioned to undertake the design and implementation of its cyber resilience and cyber security measures. 

Once all of the above is done, then decisions about the big ticket tech items come next in CORE's method, which CORE handles through its Cyber Resilience and Cybersecurity Services.

FOR THE CIO & CISO  -  CORE Cyber Resilience/Cybersecurity Services


CORE helps the CIO and CISO to zero-in on practical, relevant solutions for integrating the appropriate cyber resilience into the company's management, governance, and technology within the budget and the time-frame that have been specified by the CEO and Board in their strategic investment decision.

Activities include, for example, the design, construction, staffing, and initial operations of a new Security Operations Center (SOC), or renovation of an existing one. It also covers the creation of procedures, responses, and remediations—in other words, resilience—after an incident occurs to ensure business continuity. 

At CORE, training is also pillar of excellent implementation. We are able to train employees and vendors in the client's company. Training might be a skills brush-up for the CISO, hardcore in-service training for an engineer, or general awareness training for regular non-technical employees.

CORE brings together decades of industry experience in cybersecurity within multinational corporations, the military, and the auditing community. We are experts at protecting critical systems, data and networks worldwide. Clients are now able to avail themselves of these expertise to protect their people, their customers, and their business prosperity.


CORE helps its clients to achieve continuity in all parts of the integration of cyber resilience and cybersecurity with the management, governance, and technology per the strategic investment by the CEO and Board. Upstream in this work are the regulatory and industry pieces.

CORE's legal and cyber experts understand how Japanese laws, statues, ordinances, guidelines, and other regulations as related to cybersecurity are specifically applicable to the business activities of our clients, and to which reguations that our clients must comply. 

Our expertise includes, but is not limited to: The Act on the Prohibition of Unauthorized Computer Access (“UCAL”), the Penal Code, the Unfair Competition Protection Act, the Basic Act on Cybersecurity, the Telecommunications Business Act (“TBA”), the Act on Protection of Personal Information (“APPI”), the joint Cybersecurity Management Guidelines of the Ministry of Economy, Trade and Industry (“METI”) and the Information-technology Promotion Agency (“IPA”).

But knowing regulations without business context and industry context leads to overspending in some areas and blindspots in others. CORE's leaders and personnel have outstanding practical expertise in the industries from which they came. They have the process knowledge and technical and engineering understanding from having solved specific sets of probems in those industries. They are able to map the often abstract and generic regulations to real-world incidents and problems for the client.

Our industries include healthcare,  financial Services (insurance, securities, banking), pharmaceuticals, manufacturing, legal, retail, and telecom.


CORE, KK - Established 2014

Representative Director. Mr. Wayne Shaw

Paid-in-Capital. JPY10,000,000. Bank of Record: Mizuho Bank

Contact.   Yebisu Garden Place Tower Ebisu 4-20-3, 18F, Shibuya-ku Tokyo 150-6018

Business. Cyber strategy, resilience, & security services

BOARD OF DIRECTORS. Mr. Wayne Shaw, Dr. Mark Lee Ford, Ms Mio Kazuko, Mr. Hiroakai Wakatani

LEADERSHIP TEAM. Mr. Wayne Shaw (CEO and Head of Cyber Strategy Services); Mr. Milos Todic (Head of Cybersecurity Services); Mr. Steve Taylor (Head of Cyber Resilience Services)

© 2019 CORE, K.K. All rights reserved.