E09 - Marc Krisjanous on Security Standards in Crypto

Marc Krisjanous is a cyber security turned crypto auditor that been working with the C4 cryptocurrency consortium to develop the new cryptocurrency auditor certification course (CCSSA). Marc is presently undertaking the first ever audit of a business using the standard to asses their crypto security practices. In this conversation we talk about where the standards fit into a business, what they consist of, and touch on best practices both for businesses and for people getting into crypto. 

Acronyms(!)

• QSA - Qualified Security Assessor
• PCI - Payment Card Industry 
• DSS - Data Security standard
• HSM - Hardware Security Module
• CCSS - Cryptocurrency Security standard
• CCSSA - CCSS Auditor
• C4 - Cryptocurrency Certification Consortium
• SOC2 - System and Organization Controls standard
• ISO27001 - Information Security Management standard

Timestamps:
01:44 background in credit card security
10:22 crypto security standard
14:09 attack vectors
17:04 profanity vanity generator
20:59 CCSS levels
25:35 the audit boundary
28:34 social engineering
30:29 practical takeaways for businesses
35:00 multi-party compute
37:33 security advice for newcomers
40:10 wen audit? 
45:39 rapid fire
48:20 proof of reserves
52:28 fin

Some notes from the show:

• Marc's writing 
• C4 
• CCSS  
• https://rekt.news/
• Profanity hack 
• emp data storage 
• Quadriga podcast: A Death in Cryptoland 
• MPC
• Sandbox
• Decentraland
• Celsius Machinsky withdraws 10m in customer funds 
• proof of reserves

Contact Marc:

• LinkedIn 

Find Jeff:

• Twitter
• LinkedIn 

The BCNZ Pod:

• Website https://podcast.blockchain.org.nz/
• YouTube 
• Apple Podcasts
• Google Podcasts
• Spotify 
• iHeartRadio 

Sponsor:

• The Blockchain New Zealand podcast is brought to you by EasyCrypto

Media & Sponsorship Enquires:

• team@blockchain.org.nz 

Recorded at blockheight 757090. The BCNZ podcast was founded in 2022 by Jeff Nijsse and Bryan Ventura.