Please indicate if you are running to be the Council Lead or a Council Member: Council member
Does this nomination represent an individual or organization: Individual
Candidate country of residence (or, if an entity, incorporation and principle place of business): Argentina
Have you previously served on Optimismās Security Council: No
Have you previously served on any other Council or Board in the Collective: No
Are you a representative of OP Labs: No
Are you a representative of another OP Chain: No
If you are a delegate, please provide the link to your delegate profile: No
If you are a member of the Citizensā House, please link to your most recent attestation here: I am not a member.
Please outline your contributions, and their impact, to the Optimism ecosystem to date:
I am a member of SEAL 911, the incident response initiative from the Security Alliance, where we receive lots of security incidents as soon as they happen and help on how to solve them by coordinating people through war rooms and taking specific actions to stop or mitigate these attacks in some cases or to help victims in others. Many saved projects and affected people were operating on Optimism.
Aside from this, I have created many security education materials, which have been distributed through different channels, such as my X account (69K followers: https://x.com/pablosabbatella ), conferences, and classes at Universities. I talked a lot about Optimism as one of the leading L2s.
Please demonstrate any non-Optimism experience you believe is relevant to this role:
I have been involved in Cybersecurity since I was 14 (39 years now), and I am also passionate about economics and technology. That mix led me to dedicate myself completely to Blockchain Security.
I am a member of SEAL 911, the incident response initiative from Security Alliance (https://securityalliance.org). This is why I am familiar with incident response handling, war rooms and cybersecurity emergencies.
My main focus is Operational Security: what practices, processes, and tools need to be applied to avoid being hacked at the human and infrastructure levels?
I perform operational security audits for people and teams that are usually the target of attacks due to their exposure to the crypto and financial worlds.
I understand what measures must be taken to secure Infrastructure, teams, and communication channels and avoid things like hacked Discord, Twitter, and Telegram accounts, private keys stolen from developers, social engineering, domain and DNS hijacking, etc.
I have a deep knowledge of how most teams and projects are nowadays compromised at the human level and used to scam or steal from users.
- In the early 2000s, I founded one of the biggest Cybersecurity portals in Spanish (Hackemate)
- I have given many talks and participated in panels at different conferences about Blockchain Security (EthCC, ETH Latam, LaBitConf, Ethereum Argentina, and many more)
- Created one of the best Blockchain Opsec Security courses (with a framework) through Defy Education.
- Founded the Blockchain Security Series podcast, where I interview the most important people on the security ecosystem. https://blockchainsecurityseries.com
- Teach about blockchain security in one of the most important tech universities in Argentina (ITBA) at the subject āBlockchain & DeFiā I founded 3 years ago.
Founded:
- Hackemate (1999)
- Defy Education (2020)
- Defy Foundation (2022)
- Ethereum Argentina (2023)
- Blockchain Security Series podcast (2023)
It is key to understand that a new wave of malicious actors is coming from the Web2 ecosystem to Web3, and those kinds of attacks are very effective.
My last talk on Operational Security to protect Twitter and Telegram from State sponsored threat actors at Ethereum Community Conference in Brussels: https://ethcc.io/archive/How-to-securely-configure-and-use-Telegram-and-Twitter
You can check lots of talks, panels, and classes I gave on Youtube:
https://www.youtube.com/results?search_query=pablo+sabbatella
Please elaborate on your technical background, including your GitHub handle (this will be used to calculate your GitHub expertise score and will be added to your nomination before it goes to a vote by the Foundation):
Specialities: Zero-day exploits, Social Engineering, Private-keys management, Secure devices, VMs, Multisigs, Physical security, Data retention and backup, Email & Phone security, OSINT, Secure Browsing, Malware, Firewalls, domains & DNS hijacks, Secure messaging channels, signatures, hardware wallets, physical security.
Please elaborate on your experience with relevant member (or Lead) requirements:
I have had many leadership positions over the last 25 years due to the many startups I founded and teams in which I participated. The most relevant to this role is being a member of SEAL 911, where we coordinate responses to blockchain cybersecurity incidents. Check https://x.com/0xmstore/status/1763593053950894258
Please describe your philosophy on what makes a good Security Council member:
A good Security Council member must take security as the number one priority and have deep experience in operational security, threat actors, and diligent handling of cybersecurity incidents. Knowing how attackers think and work is key to defending ourselves, our peers, and our organizations from their threats. Having been part of war rooms and having experience in acting fast but carefully, and knowing how to communicate and coordinate all stakeholders is key to this role, aside from being 24/7/365 reachable and available to jump in any kind of situation. Itās important to understand that all systems have vulnerabilities and will eventually be broken, so we must prepare these systems and ourselves for those events in order to contain as much damage as possible.
I think itās also essential to be fully doxed, to have a good reputation in the ecosystem and to have a big network of connections, as they are very important when lots of people need to be coordinated.
Last but not least, having a state-of-the-art Opsec strategy and understanding deeply how to use hardware wallets, store seed phrases, and analyze transactions and signatures before signing anything.
Please disclose any anticipated conflicts of interest: none
Please verify that you understand you may be removed from this role via the Representative Removal proposal type in the Operating Manual: I understand
Please verify that you understand that election is subject to successful completion of a Foundation screen which may include KYC/AML, sanctions screening, and a requirement to sign a standard contract: Yes
Please verify that you are able to commit ~5 active hours / month to fulfill the Member Responsibilities. Please note that there is an āon-callā aspect to this role that is not fully encompassed in the active hours estimate: Yes
Many Thanks
Pablo Sabbatella (pablito.eth)