Date: 2024-04-26
Time: 11:00 AM - 11:30 AM UTC
Location: Google Meet Call
Attendees:
- Sid Shah (Areta)
- Paul Imseih (Daimon Legal)
- Violet (Security Researcher, full name redacted due to privacy considerations)
1. Interview Discussion
- Discussion Notes:
- Worked on ZKPs and internal security reviews at 0x. Was the protocol lead for Element Finance, which got up to $300m in TVL. She was primarily concerned with security re. the contracting with external security providers and built their own internal security practices. After that role, 1 year ago she went independent and does some work with Spearbit, but most of her practice is entirely just her own clients. She works with her clients to do security reviews to coordinate teams for large projects and doing reviews themselves.
- Almost all security providers they engaged with they had a retainer type of arrangement and did multiple audits with them.
- She’s got experience in working with RFPs (limited), but the firm she worked with in 2018 was one of the first firms to do an RFP with Aragon DAO and she worked extensively on that.
- Need her help in setting up the evaluation criteria for the whitelisted security service providers and help evaluate the responses from security service providers. The technical review will be in her camp.
- The technical evaluation is very within her experience and has strong opinions on how to judge providers already.
- Conflict of interest - no biases against any firms or any loyalty for any firm. Spearbit is a collective that makes up less than 20% of her overall deal flow but that doesn’t matter at all. Spearbit is an intermediary and they bring her clients.
- She has no equity or tokens in any providers or any direct economic relationships.
- She’s one of the only people in the industry in this unique position.
- There will be a KYC process which is completely fine with her.
- She would prefer her alias on the public facing angle because that’s where she has built her brand and reputation.
- All of her work is naturally lumpy - even her recurring clients want audits for a week every 2 months or so.
- She prefers day or weekly rates, weekly because it’s how the audits are constructed.
- Normally charges her security clients $500 per hour and in that range would be her rate. For day rate, she normally charges $4k a day.
- The market is quite high for folks with strong security backgrounds now.
- She can do the evaluation criteria quickly but doesn’t want to guarantee because she wants to make the criteria specific for this kind of project. However, she has pre-existing thoughts around how you should measure people well in this space.
- The critical part of the task is to draft the evaluation criteria in the document. She thinks she has runway to create a SoW for security service providers who will be sitting in a marketplace.
2. Updates Post-Call
- Discussion: Get back to Violet around her candidacy for the Security SME role.
- Resolved: We decided to not go ahead with Violet due to cost restrictions and the availability of DeDaub.
Adjournment
- Resolved: The meeting was adjourned after all items were addressed and tasks were assigned.