Connecting the DOTS: Training the Next Generation of Blockchain Security Experts

Dear Community,

I'm writing to share with you our treasury proposal for the upcoming NextGen Web3 Cybersecurity training to take place September 27-29th in person, close to Berlin, Germany. The graduates will then practice their skills selected projects, and share their results in November in Berlin, at the Parity office.

What is unique about this proposal?

We aim at 51% women participation in the training, setting a strong precedent for the ecosystem's inclusion efforts. Blockchain security is gaining more and more relevance as the honey pots grow bigger every day. If we care about closing the gender equity gap, we should invite those identified as women to join parts of the ecosystem that are systemically relevant, and growing.

The training is designed by women security researchers from Security Research Labs, who are already supporting parachains teams with security audits, and organized by SystAIn3r, who have in the past already organized Web3 Hackathons for women, retreats and conferences with majority of participants women. The founder of SystAIn3r has supported the Brooklyn Polkadot HackerHouse 2022, the Well-Being Lounge at Sub0 Lisbon, and founded DLT Talents, Europe's largest blockchain education program for women.

What is more is that funding for Accommodation, Catering, Housing for up to 50 Pax have already been secured for the 3 days 2 nights training in the CryptoCastle, which is destined to host crypto-native events.

This means that upon successful funding of this project, we can go all in to recruit the best current and future security researchers for the ecosystem!

We will also participate in the Web3 Summit in Berlin August 19-21 to spread more awareness about this training to develop the whitehat hacker's mindset! (Update: Mission accomplished, August 22, 2024)

**Please read our proposal ** https://docs.google.com/document/d/10x4EcG8cuTz9hjynQVJ2TULlkA7gTVC39snUF36sN-o/edit?usp=sharing

We will submit the on-chain proposal once on-chain identity migration for the people chain has been finished (it seems w/o on-chain identity verfification we can't submit the treasury proposal). (FIXED — August 22, 2024)

UPDATE  1 (August 22, 2024): 

During Web3 Summit in Berlin from August 19-21, we were asked by community members what specific benefits this brings to Polkadot. We have specified this in our updated proposal (p.9.). 

What benefit does this training bring to the Polkadot Ecosystem?

Implementing a blockchain security training program for the Polkadot ecosystem will yield significant benefits, particularly when considering the specialized expertise of SRLabs and the inclusion of hands-on technical exercises.

Leveraging Specialized Knowledge and Experience: SRLabs has a deep and nuanced understanding of the Polkadot ecosystem, having audited over 50 projects based on the Polkadot SDK in the past five years. Their experience spans critical technologies developed by the Polkadot community, such as the Nominated Proof-of-Stake (NPoS) system, Bridges, ink!, XCM, and more. By creating training materials, SRLabs will provide participants with insights into these core features and the associated security challenges. This ensures that the knowledge imparted is both relevant and applicable to real-world scenarios within the Polkadot ecosystem.

Building a Strong Foundation of Knowledge: The training is designed to present complex security concepts and system intricacies in an understandable manner, enabling participants to build upon this foundational knowledge. By demystifying the technologies specific to Polkadot, the training will empower developers, auditors, and other stakeholders to make informed decisions that enhance the security and robustness of the projects they are involved in.

Hands-On Experience with Ecosystem-Specific Tools: A significant component of the training will be the technical exercises, which will include the use of open-source tools developed specifically for auditing projects within the Polkadot ecosystem. For example, participants will gain practical experience with tools like the substrate-runtime-fuzzer, a fuzz testing tool developed by SRLabs, and parathreat, a wargame based on the Polkadot SDK developed by Parity Security. By engaging with these tools, participants will not only learn how to identify and address security vulnerabilities but also contribute to the ongoing improvement of these resources.

Enhancing Security Practices Across the Ecosystem: The training will equip participants with the skills and knowledge necessary to implement best practices in blockchain security, ultimately leading to a more secure and resilient Polkadot ecosystem. As more developers and auditors become proficient in the use of specialized tools and understand the nuances of Polkadot’s technology stack, the overall security posture of projects within the ecosystem will be strengthened. This proactive approach to security education will help mitigate risks and prevent potential vulnerabilities before they can be exploited.

Fostering a Collaborative Security Culture: By involving the Polkadot community in this training, we also foster a culture of collaboration and shared responsibility for security. Participants will not only learn from the experts at SRLabs but also from each other, creating a network of knowledgeable individuals who can collectively raise the standard of security across the entire ecosystem.

.UPDATE  2 (August 22, 2024): 

During Web3 Summit Berlin, we hosted a women-focussed event, together with 5 community partners which we invited to join our event (DLT Talents Alumni, H.E.R. Dao, Women of Polkadot, Crypto Girls Club, Si<3>. We totaled 48 sign-ups, and show-up rate of 80%! Many of the attendees, including women and non-women members of Parity, confirmed that our planned cybersecurity training makes sense. 

In addition, we also helped to offer a well-being initiative (which was rejected by events bounty, nevertheless, team kept pushing), and which then transformed into a Studio1 (Main Stage) opening ceremony in Day 3 of the summit — the Quantum Healing Gong in the iconic venue with dope accoustics. 

Finally, our team onboarded a number of women hackers to the WebZero parallel hackathon with dev background. Ourselves, we participated also in the hackathon with a project for catalyzing learning journey into Web3! We had 4 first-time hackers in the team. Unfortunately, we didn't make the Top4 cut, however, we are very happy to have pushed continuous onboarding of women into the "hacker" ecosystem. Without us, they would not have participated at all! 

Update 3 (August 22, 2024): 

Inspired by the simplicity of the Web3 Summit in design & branding, we will also strip down on our plans for media, marketing, merchandise and keep it to the minimum needed for building community engagement and a meaningful experience.

We look forward to hearing your feedback.

Best wishes Team SystAIn3r (/ˈsɪst.eɪn.ər/)

https://polkadot.polkassembly.io/referenda/1110