BanklessDAO
BanklessDAO
/
🖊️
Grants Committee
/
InfoSec Season 7 Funding Proposal

InfoSec Season 7 Funding Proposal

BANK ask
734,000
Champion
stackthat.eth#5136
Date Submitted
‣
Files
Forum Post
https://forum.bankless.community/t/infosec-department-season-7-budget-proposal/5063
Multisig
0x35201Cb23590bF72457F2E4Ee36D1BfeA3E7aa41
Additional Notes
Near the end of Season 6 our Team Lead BogDrakonov#1337 had a leave of absence, this caused delays with coordinating the submission to the forum. We play an integral role in the DAO ecosystem and hope to continue our mission from S4 and keeping our community safe.
Proposed KPIs
Our primary role and responsibilities is to collaborate heavily with every guild and project to provide security consultation and infrastructure automation whenever they may be needed. The InfoSec team stays on top of attack vectors being used to target members and the web3 ecosystem and report them and if possible how to mitigate them. The InfoSec team continues to oversee and provide the following services: Management of infrastructure via automation with strict access policies. Gatekeeping, auditing and providing least privilege on web2 platforms - JumpCloud - Google Cloud - Google Workspace - AWS - CloudFlare - GitHub Prevention of anti-spam, phishing scams on Discord and other communication platforms Monitoring and alerting of critical systems where an intrusion would publicly harm the DAO (ie: defaced websites, DEGEN infrastructure takeover, email spam from @bankless.community addresses, secret leaks etc…) Securing the bankless.community DNS with strict access policies, auditing for Route53 and Cloudflare Help with improvements to onboarding new DAO members, and the DAO-curious to proper personal operational security (OpSec) around protecting your accounts and assets. (ie: Bankless Academy lessons, First quest security tasks, easy to follow guides and educational material, newsletter and Medium content) Collaborate with various projects during their design/incubation stages to help keep a “Security First’’ mindset without getting in the way of work. As well as speed to acquiring proper resources to host the project for any architecture requirement without having to hire an expert Continue collaboration with the Writers Guild and EPA to develop and publish content on the DAO’s weekly Rollup Since Season 4 & 5 we’ve seen the amount of phishing scams and attacks on DAO members decrease dramatically with the implementation of the Wickbot. In Season 6, the InfoSec Team worked with @twoeggs on an InfoSec Web3 User Safety Survey. Users of the survey gained a shiny new POAP for aiding in making Web3 safer for all! Objective: survey Bankless community members to understand prevalence of crypto scams, factors that increase scam risks and features that crypto users want to improve Web3 safety. Method: conducted survey of Bankless community (with ~35,000 members) December 14 to 30, 2022 Results: 354 survey responses from active crypto users (average 37 transactions per year) 66% of users have experienced a crypto scam and 39% lost money. Crypto scams cost victims an average of $2,900. Users would pay on average $6/month for crypto scam protection. This has led to multiple Product offerings that can be built within the bankless community to protect users. The InfoSec Department continues to stay on top of security and fine tune our measures and best practices to ensure all members, guilds and projects needs are met. Here are October's KPIs: Total Count 691 Total Automod 541 Total Mod Count 30 Here are November's KPIs: Total Count 439 Total Automod 322 Total Mod Count 36 Here are December's KPIs: Total Count 232 Total Automod 181 Total Mod Count 12 Here are January's KPIs for Discord Management: Total Count 258 Total Automod 209 Total Mod Count 13 The lower the number the better, it means we're doing a good job at mitigating threats.
BanklessDAO
BanklessDAO
/
🖊️
Grants Committee
/
InfoSec Season 7 Funding Proposal

InfoSec Season 7 Funding Proposal

BANK ask
734,000
Champion
stackthat.eth#5136
Date Submitted
‣
Files
Forum Post
https://forum.bankless.community/t/infosec-department-season-7-budget-proposal/5063
Multisig
0x35201Cb23590bF72457F2E4Ee36D1BfeA3E7aa41
Additional Notes
Near the end of Season 6 our Team Lead BogDrakonov#1337 had a leave of absence, this caused delays with coordinating the submission to the forum. We play an integral role in the DAO ecosystem and hope to continue our mission from S4 and keeping our community safe.
Proposed KPIs
Our primary role and responsibilities is to collaborate heavily with every guild and project to provide security consultation and infrastructure automation whenever they may be needed. The InfoSec team stays on top of attack vectors being used to target members and the web3 ecosystem and report them and if possible how to mitigate them. The InfoSec team continues to oversee and provide the following services: Management of infrastructure via automation with strict access policies. Gatekeeping, auditing and providing least privilege on web2 platforms - JumpCloud - Google Cloud - Google Workspace - AWS - CloudFlare - GitHub Prevention of anti-spam, phishing scams on Discord and other communication platforms Monitoring and alerting of critical systems where an intrusion would publicly harm the DAO (ie: defaced websites, DEGEN infrastructure takeover, email spam from @bankless.community addresses, secret leaks etc…) Securing the bankless.community DNS with strict access policies, auditing for Route53 and Cloudflare Help with improvements to onboarding new DAO members, and the DAO-curious to proper personal operational security (OpSec) around protecting your accounts and assets. (ie: Bankless Academy lessons, First quest security tasks, easy to follow guides and educational material, newsletter and Medium content) Collaborate with various projects during their design/incubation stages to help keep a “Security First’’ mindset without getting in the way of work. As well as speed to acquiring proper resources to host the project for any architecture requirement without having to hire an expert Continue collaboration with the Writers Guild and EPA to develop and publish content on the DAO’s weekly Rollup Since Season 4 & 5 we’ve seen the amount of phishing scams and attacks on DAO members decrease dramatically with the implementation of the Wickbot. In Season 6, the InfoSec Team worked with @twoeggs on an InfoSec Web3 User Safety Survey. Users of the survey gained a shiny new POAP for aiding in making Web3 safer for all! Objective: survey Bankless community members to understand prevalence of crypto scams, factors that increase scam risks and features that crypto users want to improve Web3 safety. Method: conducted survey of Bankless community (with ~35,000 members) December 14 to 30, 2022 Results: 354 survey responses from active crypto users (average 37 transactions per year) 66% of users have experienced a crypto scam and 39% lost money. Crypto scams cost victims an average of $2,900. Users would pay on average $6/month for crypto scam protection. This has led to multiple Product offerings that can be built within the bankless community to protect users. The InfoSec Department continues to stay on top of security and fine tune our measures and best practices to ensure all members, guilds and projects needs are met. Here are October's KPIs: Total Count 691 Total Automod 541 Total Mod Count 30 Here are November's KPIs: Total Count 439 Total Automod 322 Total Mod Count 36 Here are December's KPIs: Total Count 232 Total Automod 181 Total Mod Count 12 Here are January's KPIs for Discord Management: Total Count 258 Total Automod 209 Total Mod Count 13 The lower the number the better, it means we're doing a good job at mitigating threats.