We’ve done battle with our fair share of phishing scams, fake Google ads and heard many tales of malware horror. It comes as no surprise that security will always be one of our top priorities for our products, users and employees.
It’s with great enthusiasm that I introduce our Security Engineer, Kristov. Our conversation takes us from his recent introduction to the team, the evolution of Bitcoin privacy and his personal journey that began as a young technophile, innocently fascinated by the wonders of ASCII art, to a more purposeful and fulfilling path of personal growth and career as a Bitcoin security expert.**Alyson: You recently joined the Blockchain Team as Security Engineer. Tell us about your position and an idea of what you hope to accomplish in your new role.**
Kristov: A lot of my job is to be a friendly nag. I train fellow team members to resist phishing attempts; I remind people to apply their software patches; I try to poke holes in our products and let the development team know about them, and I triage security findings that we receive from independent researchers, through platforms like CrowdCurity and HackerOne. It’s a lot of work, which makes it all the more impressive that, at one point in time, Blockchain developers were doing this same work on top of their software engineering duties. I’m glad I don’t have to juggle quite as many tasks as they did!
Blockchain is in an unusual position in that it is a fairly new company, but because of the sensitivity of our products, we can’t afford to mature our security practices at the same rate as other startup companies. Our Bitcoin users cut us very little slack when it comes to defending them against security predators; honestly, I like it that way. We need to be excellent at what we do. After decades of maturity, companies tend to move toward formal models like OpenSAMM, and I’d like to implement that for Blockchain in a much shorter time frame.
The end goal is to provide superior security that complements our team’s ambitious goals for the effortless use of Bitcoin.
“Our Bitcoin users cut us very little slack when it comes to defending them against security predators; honestly, I like it that way. We need to be excellent at what we do. After decades of maturity, companies tend to move toward formal models like OpenSAMM, and I’d like to implement that for Blockchain in a much shorter time frame.”
**A: Take us back to when your interest in security first began; how did your curiosity with IT mischief shift to an interest in Bitcoin security?
K: Immediately after I started using my first computer, I was curious about what kind of mischief could be had with it. Children have a strong natural drive to experiment and computers became my laboratory of choice.
What will happen to the family computer if I “deltree” a bunch of critical system files, I wondered? Result: it stopped working, of course.
My father delighted me when he brought home a floppy disk obtained from a co-worker in IT, that contained a harmless DOS “virus” that would cause colorful ASCII art to appear on the screen and “eat” the existing text.
In grade six, I learned that you could temporarily crash a friend’s America Online client by sending an instant message with color codes that the software wasn’t expecting and couldn’t display. Back then, in the early 90’s, hacks of all kinds were laughably simplistic by today’s standards, but I was nevertheless fascinated by them. As I grew older, this interest in breaking digital things matured into a matching interest in fixing fragility.
Over time, information security as an end in itself has lost some of its glamor for me. Like the old Nietzsche quote goes: “He who has a why to live can bear almost any how.” What really excites me about my job is combining the how of information security with the why of Bitcoin. I think Bitcoin is going to change the world. When I realized back in 2012 just how profound and positive this change may become, I was enamored with using my technical and communication skills to hasten the process.**A: As our Security Engineer, what are the 3 most important security tips or pieces of advice you could provide to our new users?**
K: The advice I’d offer is pretty much the same for any financial service you use, whether it’s a Blockchain account, a legacy banking account, or a brokerage.
If you have a mobile device, make sure to enable Two-Factor Authentication (2FA). This way, if someone does manage to guess your password, you have a second line of defense that’s hard to access from a distance.
Choose a good password to protect your account. I find it hard to remember lots of dissimilar and strong passwords for different websites, and so I personally use password managers to produce completely random passwords for me, and to store and access them securely.
Lastly, adopt security practices that are proportional to the amount of funds you are storing in your account. If someone steals five bucks from you, you might not care that much. On the other hand, your life savings are much more precious to you, and should require more security checkpoints to pass through in order to be accessed.
**A: Your contribution to the Bitcoin-sphere includes a presence at many conferences, discussions, as well as a book you wrote, Anonymous Bitcoin. Can you tell u****s about the inspiration behind your book and what you hope readers will get out of it?
K: “Anonymous” is a scary word for some people. If I could go back and rename the book, I might have entitled it “Bitcoin Privacy.” “Anonymity” to me is simply a term from mathematics and computer science that is nearly equivalent to the word “privacy” when it comes to the Internet. Privacy is something that we all enjoy and value, and it’s of course very important for our finances.
I was motivated to write the book when I noticed that a lot of Bitcoin enthusiasts and those who were Bit-curious were having a hard time understanding how privacy works with the crypto-currency. We’ve had the same model of finances now for decades or centuries in some cases; we are accustomed to thinking of our financial privacy in terms of old systems like credit cards and banks. The blockchain is completely different from these centralized systems, however.
I didn’t want to just point out the ways that Bitcoin changes privacy. I wanted to provide people with step-by-step instructions for thoroughly protecting their financial privacy and security at the same time. Even though I published the book a year ago, I still find it very relevant. I hope, however, that it will quickly become irrelevant. That will mean that software developers have done a great job at making this stuff easy and automatic, and there will no longer be a need for supplemental guidance or explanation.> *“[A]dopt security practices that are proportional to the amount of funds you are storing in your account. If someone steals five bucks from you, you might not care that much. On the other hand, your life savings are much more precious to you, and should require more security checkpoints to pass through in order to be accessed.”*
**A: In these team profiles, I like to share a bit about each of us that isn’t related to Bitcoin or our positions at Blockchain; can you tell us a little about yourself beyond all the Bitcoin stuff?
**K: **For a number of years I’ve been interested in the interdisciplinary study of philosophy and psychology. Like many Bitcoin early adopters, my pursuit of philosophy was a big part of what piqued my interest in Bitcoin.
I’ve long been an introvert. I played classical music for a number of years when I was younger, but gave it up as an adult in part due to stage fright. It’s funny that years later I ended up traveling to give speeches and make an appearance on national TV.
I’m not all cerebral. I’m my free time, I like to train with weights.
I have a couple tattoos.
Years ago, I earned a blue belt in Brazilian Jiu-Jitsu.
**A: We’ll wrap this up on a musical note. At a DC Bitcoin conference we both attended last year, I remember seeing you belt out pretty much every lyric to every song Zhou Tonged performed at his show. Are you still a huge fan? Give us a glimpse of a potential song collaboration between you two.
K: Zhou Tonged is the unbelievably cool king of Bitcoin hip-hop. Yes, I have watched his videos so many times that I know all of the lyrics by heart.
Pitch Zhou T. on a parody? That’s a tough one. Maybe Kanye West’s “Can’t Tell Me Nothing.”
Can’t Sell Me Nothing, the tale of the overconfident Bitcoin bear.
Yo Antonopoulos — I’m really happy for you, I’mma let you finish — but the Romans had one of the best currencies of all time! One of the best currencies of all time!
I don’t know any Kanye West songs, but because I’ve heard Kristov rap in person, I’m guessing his version would be a sold-out hit.
*Connect with Kristov, by following him on Twitter. Stayed tuned for his latest rap album updates.