InfoSec Team Season 4 Budget Proposal

Program Name: BanklessDAO Information Security Team
Program Champion: BogDrakonov#1337
Start Date: May 2nd, 2022
End Date: July 29th, 2022
Multisig Wallet Address: 0x35201Cb23590bF72457F2E4Ee36D1BfeA3E7aa41
Meeting Discussions: InfoSec Meetings are held Wednesdays at 7pm EST

Program Justification

BanklessDAO members and crypto users as a whole have suffered many personal security breaches of their wallets, accounts, and other resources. After a serious round of Discord Nitro phishing campaigns and a constant raid of spam bots, and scammers, the DAO’s need for an InfoSec team only strengthens in Season 4. We’ve seen a few long standing members also get hit with sophisticated phishing attacks targeting BANK holders.

We plan on continuing to fine tune our anti-spam/scam measures as well as improve our educational materials in Season 4. We are also taking over GitHub management from DevOps as they wind down operations. This leaves InfoSec in charge of GitHub, Google Workspace, and AWS as we continue to leverage some of these Web2 vendors for the benefit of the DAO.

The success of the InfoSec team will be measurable by a few key points:

  • BanklessDAO members, contributors, and guests gain an overall better understanding of how to stay safe online, and how to remain safe when transacting on EVM-based networks.
  • BanklessDAO remains secure against data breaches, attacks, vandalism, and theft/fraud.
  • Educational programs and content around information security, resulting in peer to peer education amongst Discord members, and the wider Bankless community
  • Timely support and operations of Web2 vendors under the InfoSec Team’s purview.

Program Terms

The BanklessDAO InfoSec team is cross-functional in nature, as information security is everyone’s responsibility. In order to remain transparent, the InfoSec team acts as an independent “project” and is not tied to any guild. We will collaborate heavily with every guild and project to provide security advice and operations wherever they may be needed. Some core cross-collab operations include:

  • Gatekeeping access and evaluating Principle of Least Privilege across the DAO.
  • Monitoring and alerting on critical systems where an intrusion would publicly harm the DAO (ie: defaced websites, DEGEN infrastructure takeover, email spam from @bankless.community addresses, etc…)
  • Securing the bankless.community DNS service with logged and gated access via Route53
  • Help with improvements to onboarding new DAO members, and the DAO-curious to proper personal operational security (OpSec) around protecting your accounts and assets. (ie: First quest security tasks, easy to follow guides and educational material, newsletter and Medium content)
  • Collaborate with various projects during their design to help keep a “Security First” mindset without getting in the way of work
  • Collaborate with the Writers Guild and EPA to develop and publish content both in bDAO’s Weekly Rollup and on its Medium page. At least initially, there would be a regular InfoSec or OpSec column to provide a forum to educate DAO members on best practices in the Weekly rollup.

Infrastructure Costs

BanklessDAO InfoSec Team Costs

Team Compensation

The following DAO members are available to be a part of the InfoSec team during initial formation and will be compensated for the roles and rates both listed below:

  • InfoSec Team Coordinator - BogDrakonov#1337 - 120k BANK
    • Facilitate weekly discussions and meetings
    • Manage team direction and coordination
    • Manage project priorities and triage incoming help requests
    • Work on project missions
    • Office hours where I am active in voice chat at my desk for 1:1 sessions, receiving reports, educating users, or just general InfoSec discussions with whoever joins.
  • Google Workspace/GitHub Management - 150k BANK
    • Taking on GitHub ownership from DevOps as they are winding down administration of services in Season 4. Dev Guild will still have an active presence in GitHub but InfoSec now oversees security and authentication
    • On-board our first Google Workspace users now that we have a platform.
    • Two InfoSec team members will oversee GitHub Organization and Google Workspace management and split the work/payment evenly
  • InfoSec Educational Program - 40k BANK
    • Create and maintain an educational InfoSec program for BanklessDAO
      • This will include working alongside the Newsletter Team to deliver bite-sized security-related content in the Weekly Rollup on a weekly basis
      • Partnering with the EPA to produce security-related content as it applies to both Web3 and the Web2 communities that support it (protocols and DAOs that exist on Discord, Twitter, etc)
      • Get some basic InfoSec starter guides in to first quest
      • InfoSec RSS feed for CISA alerts and similar
    • Documentation for best practices on wallet security, 2FA, and other security hardening topics
      • Likely through our InfoSec Discord channels, instead of a website as proposed in S3, due to higher visibility by the DAO
    • 10k BANK to be spend as part of educational InfoSec raffles that include quizzes or other knowledge tests
  • Discord Moderation Bot Project - 70k
    • Maintaining and tuning Wick as edge cases pop up
    • Learning Wick inside and out
    • Planning bot management as a service for Bankless Consulting
  • POAP Manager - 10k BANK
    • InfoSec POAPs design & release
    • Work with Infosec Education program to design some neat POAP raffles for InfoSec to drive engagement
      • Unique POAPs or NFTs for InfoSec quizzes

Total: 390k BANK

Returning Season 3 Veterans

  • BogDrakonov#1337 - InfoSec Team Lead/Coordinator
  • Dysan#6547 - Google Workspace/GitHub Management
  • d0wnlore#1050 - InfoSec Education Coordinator
  • Texas Farmer#2662 - InfoSec Educator

Season 4 Recruits

  • stackthat.eth#5136 - Terraform expert aiding the InfoSec team
  • Sidthescriptkid21#1806 - InfoSec explorer attending meetings and looking for work

Do we fund the InfoSec Team for Season 4

  • Yes
  • No

0 voters

1 Like

@BogDrakonov / @Dysan What is the plan with Google Workspace? Who will get accounts?

2 Likes

@RunTheJewelz Any guild, project, or team member that has a good reason (common sense, not specific written guidelines) for needing an emailaddress@bankless.community

Examples off the top of my head would be Bankless Consulting to reach out to clients with, or DAO social media managers in order to have a unified email address for login.

1 Like