InfoSec Department - Season 9 Budget Proposal
Author: BogDrakonov#1337
Date Created: July 21, 2023
Date Posted: July 21, 2023
Affiliation: Operations, Education
Funds requested: 628,000 BANK / 60 USDC
Department wallet: eth: 0x35201cb23590bf72457f2e4ee36d1bfea3e7aa41
Department Summary
Our primary role and responsibilities is to collaborate heavily with every guild and project to provide security consultation, education and infrastructure automation whenever they may be needed. The InfoSec Team stays on top of attack vectors being used to target members and the web3 ecosystem and report them and if possible how to mitigate them. We also provide security education through BDAO’s newsletters and publishing platforms.
The InfoSec team oversee and provide the following services:
- Management of infrastructure via automation with strict access policies.
- Gatekeeping, auditing and providing least privilege on web2 platforms
- Google Cloud
- Google Workspace
- CloudFlare
- GitHub
- Prevention of anti-spam, phishing scams on Discord and other communication platforms
- Monitoring and alerting of critical systems where an intrusion would publicly harm the DAO (ie: defaced websites, DEGEN infrastructure takeover, email spam from @bankless.community addresses, secret leaks etc…)
- Securing the bankless.community DNS with strict access policies, auditing for Route53 and Cloudflare
- Help with improvements to onboarding new DAO members, and the DAO-curious to proper personal operational security (OpSec) around protecting your accounts and assets. (ie: Bankless Academy lessons, First quest security tasks, easy to follow guides and educational material, newsletter and Medium content)
- Collaborate with various projects during their design/incubation stages to help keep a “Security First’’ mindset without getting in the way of work. As well as speed to acquiring proper resources to host the project for any architecture requirement without having to hire an expert
- Continue collaboration with the Writers Guild, EPA and Bankless Publishing to develop and publish security education content, in addition to new opportunities to promote security education through our GE partners and IMNs
Previous work:
- We’ve seen the amount of phishing scams and attacks on DAO members decrease dramatically with the implementation and continuous management of the Wickbot.
- The InfoSec Team worked with @twoeggs on an InfoSec Web3 User Safety Survey. Users of the survey gained a shiny new POAP for aiding in making Web3 safer for all!
- Objective: survey Bankless community members to understand prevalence of crypto scams, factors that increase scam risks and features that crypto users want to improve Web3 safety.
- Method: conducted survey of Bankless community (with ~35,000 members) December 14 to 30, 2022
- Results: 354 survey responses from active crypto users (average 37 transactions per year) 66% of users have experienced a crypto scam and 39% lost money. Crypto scams cost victims an average of $2,900. Users would pay on average $6/month for crypto scam protection.
- This has led to multiple Product offerings that can be built within the Bankless community to protect users.
- Full Report here Crypto Scams Survey.pptx - Google Slides
- We’ve fully migrated AWS Route53 to Cloudflare as well as the bankless.community domain registration.
- Various Investigations to support BDAO.
- Extending our security education endeavors to new mediums, such as Bankless Publishing and our IRL security workshop at SeoulBound
The InfoSec Department continues to stay on top of security and fine tune our measures and best practices to ensure all members, guilds and projects needs are met.
Mission Statement and Value Alignment
We dedicate ourselves to preserving the ethos of the Bankless Movement by protecting its members, resources, and data from threats, breaches, and unauthorized access. Through diligent efforts, we will implement robust information security measures to create a safe environment for users to explore decentralized financial technologies with confidence. By fostering a culture of education, awareness, and continuous improvement, we aim to create user-friendly onramps that empower people to discover and embrace the full potential of decentralized financial technologies. Through unwavering commitment and collaboration, we shall fortify the foundation of the Bankless Movement, enabling a future where financial sovereignty and freedom thrive.
Season 9
Season 9 Forecast
Season 9 Anticipated Spend: 778,000 BANK
Season 8 Carry over: 150,000 BANK
BanklessDAO Treasury Ask: 628,000 BANK
Season 9 Role Budget
| Line Item | Budget | S7 Role Holder |
|---|---|---|
| InfoSec Team Coordinator | 135,000 BANK | BogDrakonov |
| InfoSec Educational/Technical Writer | 112,000 BANK | d0wnlore |
| Discord & Wick Administrator | 110,000 BANK | Dysan |
| InfoSec Web Administrator | 98,000 BANK | Tony |
| InfoSec Infrastructure Administrator | 123,000 BANK | Stackthat.eth |
| Sub total: | 578,000 BANK |
Season 9 Budgets
| Line Item | Budget | Role Holder(s) |
|---|---|---|
| Infrastructure | 123,000 BANK | stackthat.eth / BogDrakonov |
| * Automation | 65,000 BANK | |
| * Google Cloud / Workspace | 38,000 BANK | |
| * Github | 20,000 BANK | |
| Discord and Wick Administrator | 110,000 BANK | Dysan/BogDrakonov |
| * Administration / Moderation | 50,000 BANK | |
| * Permissions Auditing / Cleanup | 60,000 BANK | |
| * Wick Premium | 60 USDC | Wick vendor |
| Education/Technical Writer | 112,000 BANK | downl0re/BogDrakonov |
| * Education Content & Articles | ||
| InfoSec Website | 98,000 BANK | tony.stark/BogDrakonov |
| * InfoSec Website Update/Improvements/Feature Adds | ||
| Project Incubation Buffer | 150,000 BANK | buffer for projects without funding or PoC |
| Fiat Cost | 50,000 BANK | $234 fiat payment to Google Workspace for InfoSec admins |
| Team Coordinator | 135,000 BANK | BogDrakonov |
| Total | 778,000 BANK |
Season 9 Plans and Goals
We plan to continue increasing awareness of the attacks being committed within the crypto community with millions of assets stolen from users each day. We plan to be an integral part of the DAO in continuing to keep members and users safe online.
Infrastructure
We take pride in managing and maintaining the BDAO’s critical infrastructure, which encompasses Google Cloud, Google Workspace, DNS, and Github. Our mission extends beyond this role, as we also provide vital support to other departments and projects. We ensure seamless operation of our systems, empowering us to bolster our capabilities and effectively back diverse initiatives.
Through strategic implementation of Automation, we will optimize resource allocation, leading to heightened productivity and significant cost savings. The collaborative power of Google Cloud and Google Workspace remains pivotal in fostering synergy and efficiency among teams, while Github serves as a transparent and streamlined platform for development processes. By nurturing and fortifying our infrastructure, we reaffirm our commitment to achieving operational excellence and facilitating innovation within the organization.
Together, through your support, we will continue to advance BDAO’s mission, ensuring a dynamic and technologically sound foundation that drives success across the board.
Discord and Wick
- Bot integrations and security management
- Permissions management and auditing
- Documentation in Notion of Admin processes for level 2 guidance of decentralized expansion
- Spam / Fraud mitigation
- Moderation and violations of community standards enforcement (Bans)
- Role management and auditing
Effective Discord security management is critical to fostering a thriving and secure community environment. To achieve this, our approach encompasses various essential elements. Firstly, we implement bot integrations and robust security management protocols to safeguard against potential threats and ensure data integrity. Additionally, our meticulous permissions management and auditing procedures guarantee that access levels are appropriately assigned, promoting transparency and accountability.
Furthermore, we employ proactive measures to mitigate spam and fraud, preserving the quality and credibility of interactions within the community. Our team diligently enforces community standards and implements appropriate moderation actions, including bans, to uphold a safe and respectful space for all members.
Lastly, role management and auditing are central to maintaining an organized and inclusive community structure. By regularly reviewing roles and permissions, we ensure that members’ contributions are recognized appropriately and that our Discord community remains a vibrant hub for open communication and collaboration.
Education
The goal of InfoSec Team’s education endeavors is to help BDAO contributors, and the wider Web3 ecosystem, stay in the game for as long as possible. We do this through educational security content, from Discord messages to long-form articles, that promote beneficial security behaviors and awareness for Web3 users. As hackers and scammers continue to refine their tactics, security education continues to play an increasingly important role for us to remain BDAO strong.
All core members of the InfoSec Team are security subject matter experts (SMEs) that BanklessDAO’s departments, guilds and projects can always rely on for assistance. In particular the InfoSec Educational/Technical Writer plays a crucial role in promoting a secure and knowledgeable environment within BDAO.
Having started with Phishing School in the Weekly Rollup, InfoSec Team’s security education content has evolved to include other mediums:
- newsletters like DeFi Download
- publications like Bankless Publishing
- platforms like Bankless Academy
- media partner collaborations like WebX + Bankless Japan
As a department we will continue to create and promote beneficial security behaviors and awareness for our BDAO contributors. But we will also lean into doing this through mediums that have strong reach outside of BDAO, to help the wider ecosystem stay in the game as long as possible. We will also refine how we promote security education within the BDAO, starting with more security education within Discord itself, where most of us collaborate with each other.
InfoSec Website
A dedicated and skilled individual responsible for elevating the InfoSec’s website to new heights. As the expert web developer and administrator, the SME takes charge of improving, updating, and maintaining the website to ensure it remains at the forefront of cybersecurity best practices. The website undergoes regular enhancements and refinements. With their unwavering commitment and technical prowess, the information security website becomes a beacon of trust and reliability for both internal teams and external stakeholders, solidifying the BDAO’s dedication to safeguarding sensitive data and fortifying its cybersecurity defenses.
SEASONAL KPI
| Factor | KPI | Success Metric |
|---|---|---|
| Discord and Wick Management | Total Count |
Total AutoMod
Total Mod Count|Total Count#≥100|
|Work Stream Support and BDAO member Support|Number of times InfoSec expertise is requested|Total Count #>5|
|Education|Number of Education Content/Reports/Articles/Tweets/Workshops|Total Count #>5|
- Yes
- No (Comment)