Securing the Digital Asset Ecosystem with Cantina

Hackers aren’t simply focusing on code anymore, they’re going after folks. On this interview, Sharon Ideguchi, GTM lead at Cantina (Spearbit), displays on her path from conventional cybersecurity to Web3, unpacks how attackers are shifting their focus, and explains why her staff is constructing new safety frameworks to guard corporations in an business that’s evolving quicker than ever.

May you please share your journey to Web3?

My title is Sharon Ideguchi, and I work at Cantina on the gross sales technique facet. I give attention to creating customized product choices for enterprise-level prospects, rising applied sciences, and purchasers within the institutional and conventional finance sectors. My work facilities fully on safety. My profession to this point has been in cybersecurity, primarily in Web2. I spent a few years in conventional cybersecurity roles, working in areas just like CrowdStrike and different on a regular basis safety operations.

Over time, I noticed the market rapidly shifting towards Web3 and acknowledged it as the way forward for expertise. I wished to discover what cybersecurity seemed like outdoors of my conventional Web2 background. That call led me to Cantina, and I’ve been working in Web3 safety ever since.

What are the primary benefits to your purchasers of working completely with Cantina?

After we based Cantina about 4 years in the past, we centered on incentivizing the world’s greatest safety expertise to work on safety initiatives. We seen many extremely expert researchers within the area weren’t engaged on safety, actually because they lacked autonomy and the power to decide on significant initiatives or contribute deeply to protocols.

We constructed a mannequin to provide researchers that autonomy, and it labored. Right this moment, our community consists of expertise throughout all coding languages, chains, ecosystems, and area of interest experience. When purchasers come to us with a safety request, we don’t simply discover somebody certified; we discover one of the best individual on this planet for that job, whether or not it’s a sensible contract audit, bug bounty, operational safety, incident response, or Web2 testing.

You’ve labored in Web2 safety as nicely. What key traits or narratives stand out as distinctive to Web3?

One main distinction is the everlasting nature of Web3 and its lack of intermediaries. In Web2, there are sometimes third events to assist mitigate dangers or get well losses. In Web3, if funds are stolen, they’re sometimes gone. With out correct safety measures, like multi-sig protections or transaction pauses, restoration is sort of not possible.

One other key issue is that Web3’s construction creates incentives for bodily safety threats. Attackers might goal personnel straight, which is one thing far much less frequent in Web2. This makes operational safety practices, together with safeguarding groups, important in Web3.

What metrics do you utilize to measure the success of your safety methods over time?

The obvious metric is whether or not our prospects endure an exploit after receiving our companies. Past that, we measure how improved safety posture impacts funding alternatives, partnerships, and general development. We glance holistically at how robust safety contributes to an organization’s monetary efficiency, person belief, and long-term success.

How do you educate non-technical management groups about high-level safety dangers?

I exploit storytelling and real-world examples. As an illustration, I would stroll a management staff by a well known hack: what safety measures the corporate had in place, what they lacked, and the aftermath. Management groups are much less interested by technical particulars and extra involved with potential influence, whether or not they’d lose knowledge, buyer funds, or face reputational harm. Framing safety dangers by way of tangible outcomes helps them see why investing in safety is crucial.

What are some rising assault vectors in sensible contracts that groups nonetheless underestimate?

Since Web3 started, most safety budgets have gone to sensible contracts. Groups spend thousands and thousands on audits, competitions, bug bounties, and peer critiques. Attackers know this and are shifting focus to much less protected areas like Web2 parts and operational vulnerabilities. Many current assaults originated outdoors of sensible contracts.

We’re serving to groups tackle this imbalance by companies like operational safety, 24/7 incident response, and managed SOC groups, protecting the complete organizational assault floor.

May AI or automation ever change components of a Cantina evaluate, or is human experience irreplaceable?

It’s positively a hybrid strategy. We already use AI extensively for duties like de-spamming competitors platforms and including context to see critiques. AI is superb at figuring out identified vulnerabilities and patterns, which accelerates the preliminary evaluate course of.

Nonetheless, attackers are additionally artistic and more and more use AI themselves. Till AI turns into extra clever and creative than people, we’ll all the time want human experience to counter novel threats. The longer term is a mixture of AI help and expert researchers.

What impressed you to create specialised assessments past conventional audits?

We developed our Web3 SOC framework in response to consumer wants. Asset managers and VC companies started asking us to carry out due diligence on Web3 corporations, assessing each safety and monetary dangers.

We realized there was no standardized approach to quantify Web3-specific dangers. Conventional compliance frameworks like SOC 2 or ISO don’t cowl Web3-native threats. So we created a brand new normal to assist Web3 corporations safe funding and construct partnerships, whereas additionally serving to conventional monetary establishments perceive how you can interact with Web3 safely.

This framework is now a collaboration with a few of our business’s greatest names. It’s gaining traction with conventional finance and asset managers worldwide.

What progressive safety methodologies are you experimenting with proper now?
AI is an enormous focus. We’re utilizing years of bug knowledge to construct AI instruments that enhance code evaluation and make safety critiques quicker and less expensive. We’re additionally enhancing bug bounty triaging to make sure it’s environment friendly and actionable.

A lot of our companies come straight from buyer wants, like bug bounties and our Web3 SOC framework. Right this moment, we see AI-powered code evaluation as the following step in making safety processes extra streamlined and efficient.

May you share Cantina’s roadmap? Any upcoming options?

Our latest program is operational safety with 24/7 incident response. Conventional finance has lengthy relied on SOC groups and monitoring instruments, however Web3 has lagged behind.

We constructed a program with former Coinbase risk intelligence specialists to evaluate assault surfaces holistically, throughout Web2, Web3, bodily, and digital belongings. As soon as that’s in place, we provide a managed SOC service with educated analysts monitoring instruments like Hypernative, Blockaid, Guardrails, and Hexagate across the clock, able to act on threats in real-time.

This program has already gained vital traction, and subsequent, we’re centered on launching AI-powered code evaluation instruments to assist groups construct securely from the beginning.

Lastly, what recommendation would you give a Web3 startup about constructing safety into its roadmap from day one?

Begin eager about safety early. Groups that wait till the audit part typically face delays, further audits, and generally have to re-architect their complete product. Investing in safety from the start saves money and time.

We suggest instruments like AI-powered code evaluation, third-party peer critiques, and utilizing assets like our Safety Assessment Readiness Guidelines. Frequently inviting exterior views helps establish vulnerabilities early.

Outdoors of code, startups must also consider their full assault floor, each Web2 and Web3. We’ve got companies for corporations at each stage to assist them proactively tackle dangers. Constructing a security-first tradition early on units you up for long-term success.

The submit Securing the Digital Asset Ecosystem with Cantina appeared first on Metaverse Post.