The CyberSec Sessions Episode 3 - with Pablo Sabbatella

We discuss Defy Labs, hosting a blockhain security Podcast, the rise of Crypto in Latin America, and what Pablo thinks is the biggest issue in Blockchain Security

It’s my pleasure to share Episode 3 of the CyberSec Sessions, the lightning interview series where I interview CyberSec Leaders about what they’re doing, and what they think about the Industry.

We flip things around for Pablo, who is usually used to being the podcast host, and talk about his work and thoughts on Blockchain Security.

Don’t have the time to listen? Here is an overview of what we covered.

Pablo is growing the Defy Labs Brand

It started with Defy Education, which became the largest Blockchain and CyberSecurity academy in Latin America.

From there he wanted to make high-quality education available to as many people as possible, all in Spanish, all focused on Blockchain and CyberSecurity. He created a centralised place for this information and created the Defy Foundation.

With his specialism in this space being in demand, he created a consulting business too, and wrapped all these ventures up into the Defy Labs brand.

The Blockchain Security Series podcast is filling a niche

Pablo has been passionate about CyberSecurity and being active in the community since he was 14 and had a Hacking and Security website, but when he moved into Blockchain he saw a gap.

He wanted a Podcast about the topic that he could listen too in the car but couldn’t find one at all. So he decided created it himself!

The other motivation was to meet great people in the space, and since he started in December, he has had some amazing guests. Listen to the full episode or check out Pablo’s podcast for the names.

He found everyone was surprisingly open and happy to delve deep into technical conversations right from the start. He finds that a relaxed and open conversational style really got the most out of people.

Blockchain in Latin America grew out of necessity

In the US and Europe, Crypto is an option but thier other currencies are strong so it isn’t something currently needed.

In Latin America, with things like Argentina’s 200% inflation rate, the multiple collapses of banks and government institutions failing to provide protection, faith in Local FIAT currencies is at an all-time low.

Buying US dollars on the black market was common pre-COVID, but when people weren’t allowed out of thier houses, they had to think of a way around this.

USDT and other stablecoins allowed people to trade Pesos in and then buy goods and services globally. This acted like a gateway, with people moving from stablecoins to Ethereum and then the wider Crypto ecosystem.

That, paired with exceptional talent moving over from big tech unicorns in the Latin American region to projects like Decentraland, means Crypto has taken off massively.

Operational Security and Social Engineering is the biggest challenge

Pablo has a similar opinion to Rex on last week’s episode in that he feels all the security focus in Web3 at the moment is on smart contracts or auditing protocols, but ‘hacking people’ is where the money is.

Operational security is an area Pablo specialises in, and he gives the great quote ‘Beginers Hack software, Professionals hack people’ to explain why.

Some examples of attacks he gave were:

• Hacking the doman, not the application, and putting a phishing link on it

• Hijacking discord, telegram or twitter accounts and directing people to scams

• Impersonating journalists to get insider information

Or one I nearly fell for myself while trying to bring on new clients, posing as a legit company that is looking to hire someone, and then making you download custom software for the interview/meeting that has viruses inside of it.

Account abstraction would be a good way to reduce these, things like moving away from private keys that let you access everything. People are starting to become aware but it needs to be built in.

Other than that, you personally need to be paranoid, especially when you’re a high value target, because targeted attacks are common. You have to be careful with new people if they’re sending you things or asking you to do anything.

Open up your candidate pool by looking globally

When I asked my regular question about how to attract and retain talent, Pablo thinks they key is in remote working, alongside other flexibility.

Too many companies tie themselves into a small geographic location by wanting people in-country, or even on-site, neglecting the worldwide pool of talent, such as some of the talented Latin American engineers.

From there, to keep people on board, giving them the flexibility to get the work done in the way they want without micromanaging time, giving learning oppurtunities and finally giving them ownership are the key ways to retain them.

Pablo says there will always be another company that can offer higher salaries to your engineers, but if you are really a part of the company, making a difference to thier vision and owning a part of it, it’s much less likely they’ll leave.

That’s all Folks

I hope you enjoyed this week’s Episode Summary. Watch the full video below for more details.