Victoria d’Este
Revealed: September 02, 2025 at 4:33 am Up to date: September 02, 2025 at 4:33 am
Edited and fact-checked:
September 02, 2025 at 4:33 am
In Transient
Sharon Ideguchi, GTM lead at Cantina, discusses the shift in attacker focus from code to individuals, emphasizing the necessity for brand spanking new safety frameworks to guard corporations within the quickly evolving trade.
Hackers aren’t simply concentrating on code anymore, they’re going after individuals. On this interview, Sharon Ideguchi, GTM lead at Cantina (Spearbit), displays on her path from conventional cybersecurity to Web3, unpacks how attackers are shifting their focus, and explains why her crew is constructing new safety frameworks to guard corporations in an trade that’s evolving quicker than ever.
May you please share your journey to Web3?
My identify is Sharon Ideguchi, and I work at Cantina on the gross sales technique facet. I give attention to creating customized product choices for enterprise-level prospects, rising applied sciences, and purchasers within the institutional and conventional finance sectors. My work facilities solely on safety. My profession to date has been in cybersecurity, primarily in Web2. I spent a few years in conventional cybersecurity roles, working in areas just like CrowdStrike and different on a regular basis safety operations.
Over time, I noticed the market shortly shifting towards Web3 and acknowledged it as the way forward for know-how. I needed to discover what cybersecurity regarded like exterior of my conventional Web2 background. That call led me to Cantina, and I’ve been working in Web3 safety ever since.
What are the primary benefits on your purchasers of working completely with Cantina?
Once we based Cantina about 4 years in the past, we centered on incentivizing the world’s finest safety expertise to work on safety initiatives. We seen many extremely expert researchers within the discipline weren’t engaged on safety, actually because they lacked autonomy and the power to decide on significant initiatives or contribute deeply to protocols.
We constructed a mannequin to offer researchers that autonomy, and it labored. At this time, our community consists of expertise throughout all coding languages, chains, ecosystems, and area of interest experience. When purchasers come to us with a safety request, we don’t simply discover somebody certified; we discover one of the best particular person on this planet for that job, whether or not it’s a sensible contract audit, bug bounty, operational safety, incident response, or Web2 testing.
You’ve labored in Web2 safety as properly. What key developments or narratives stand out as distinctive to Web3?
One main distinction is the everlasting nature of Web3 and its lack of intermediaries. In Web2, there are sometimes third events to assist mitigate dangers or get well losses. In Web3, if funds are stolen, they’re sometimes gone. With out correct safety measures, like multi-sig protections or transaction pauses, restoration is nearly unattainable.
One other key issue is that Web3’s construction creates incentives for bodily safety threats. Attackers might goal personnel straight, which is one thing far much less frequent in Web2. This makes operational safety practices, together with safeguarding groups, important in Web3.
What metrics do you utilize to measure the success of your safety methods over time?
The obvious metric is whether or not our prospects undergo an exploit after receiving our providers. Past that, we measure how improved safety posture impacts funding alternatives, partnerships, and total development. We glance holistically at how sturdy safety contributes to an organization’s monetary efficiency, person belief, and long-term success.
How do you educate non-technical management groups about high-level safety dangers?
I take advantage of storytelling and real-world examples. For example, I would stroll a management crew by means of a well known hack: what safety measures the corporate had in place, what they lacked, and the aftermath. Management groups are much less keen on technical particulars and extra involved with potential impression, whether or not they’d lose knowledge, buyer funds, or face reputational injury. Framing safety dangers by way of tangible outcomes helps them see why investing in safety is vital.
What are some rising assault vectors in good contracts that groups nonetheless underestimate?
Since Web3 started, most safety budgets have gone to good contracts. Groups spend tens of millions on audits, competitions, bug bounties, and peer critiques. Attackers know this and are shifting focus to much less protected areas like Web2 elements and operational vulnerabilities. Many current assaults originated exterior of good contracts.
We’re serving to groups handle this imbalance by means of providers like operational safety, 24/7 incident response, and managed SOC groups, overlaying all the organizational assault floor.
May AI or automation ever change components of a Cantina assessment, or is human experience irreplaceable?
It’s positively a hybrid method. We already use AI extensively for duties like de-spamming competitors platforms and including context to see critiques. AI is great at figuring out recognized vulnerabilities and patterns, which accelerates the preliminary assessment course of.
Nevertheless, attackers are additionally artistic and more and more use AI themselves. Till AI turns into extra clever and ingenious than people, we’ll all the time want human experience to counter novel threats. The long run is a mix of AI help and expert researchers.
What impressed you to create specialised assessments past conventional audits?
We developed our Web3 SOC framework in response to shopper wants. Asset managers and VC corporations started asking us to carry out due diligence on Web3 corporations, assessing each safety and monetary dangers.
We realized there was no standardized option to quantify Web3-specific dangers. Conventional compliance frameworks like SOC 2 or ISO don’t cowl Web3-native threats. So we created a brand new commonplace to assist Web3 corporations safe funding and construct partnerships, whereas additionally serving to conventional monetary establishments perceive how one can interact with Web3 safely.
This framework is now a collaboration with a few of our trade’s largest names. It’s gaining traction with conventional finance and asset managers worldwide.
What revolutionary safety methodologies are you experimenting with proper now?AI is an enormous focus. We’re utilizing years of bug knowledge to construct AI instruments that enhance code evaluation and make safety critiques quicker and more cost effective. We’re additionally enhancing bug bounty triaging to make sure it’s environment friendly and actionable.
Lots of our providers come straight from buyer wants, like bug bounties and our Web3 SOC framework. At this time, we see AI-powered code evaluation as the following step in making safety processes extra streamlined and efficient.
May you share Cantina’s roadmap? Any upcoming options?
Our latest program is operational safety with 24/7 incident response. Conventional finance has lengthy relied on SOC groups and monitoring instruments, however Web3 has lagged behind.
We constructed a program with former Coinbase menace intelligence specialists to evaluate assault surfaces holistically, throughout Web2, Web3, bodily, and digital property. As soon as that’s in place, we provide a managed SOC service with educated analysts monitoring instruments like Hypernative, Blockaid, Guardrails, and Hexagate across the clock, able to act on threats in real-time.
This program has already gained vital traction, and subsequent, we’re centered on launching AI-powered code evaluation instruments to assist groups construct securely from the beginning.
Lastly, what recommendation would you give a Web3 startup about constructing safety into its roadmap from day one?
Begin fascinated about safety early. Groups that wait till the audit section usually face delays, further audits, and typically have to re-architect their whole product. Investing in safety from the start saves money and time.
We suggest instruments like AI-powered code evaluation, third-party peer critiques, and utilizing sources like our Safety Assessment Readiness Guidelines. Recurrently inviting exterior views helps establish vulnerabilities early.
Exterior of code, startups also needs to consider their full assault floor, each Web2 and Web3. We’ve got providers for corporations at each stage to assist them proactively handle dangers. Constructing a security-first tradition early on units you up for long-term success.
Disclaimer
In step with the Belief Mission pointers, please observe that the data supplied on this web page is just not meant to be and shouldn’t be interpreted as authorized, tax, funding, monetary, or every other type of recommendation. You will need to solely make investments what you’ll be able to afford to lose and to hunt impartial monetary recommendation if in case you have any doubts. For additional info, we advise referring to the phrases and situations in addition to the assistance and help pages supplied by the issuer or advertiser. MetaversePost is dedicated to correct, unbiased reporting, however market situations are topic to vary with out discover.
About The Creator
Victoria is a author on a wide range of know-how matters together with Web3.0, AI and cryptocurrencies. Her intensive expertise permits her to jot down insightful articles for the broader viewers.
Extra articles
Victoria d’Este
Victoria is a author on a wide range of know-how matters together with Web3.0, AI and cryptocurrencies. Her intensive expertise permits her to jot down insightful articles for the broader viewers.
