“cyber security services”
What specific services do you plan to offer?
Discussion
Penetration testing (Web, Mobile, API, External, Internal although albeit that’s becoming less common, Cloud Sec reviews, and so on). Consultancy (particularly in support of secure SDLCs). Governance support to help attain certifications for things like ISO, SOC 2, etc.
I think I’d leave things like SOC monitoring unless there was proper demand for it and I had the resources to do it properly 😊
SOC is a BigCo service.
Here on nostr you have FOSS projects, and some startups.
The former and the latter are entirely different ballgames.
If you’re interested in developing your proof of work in the open, consider cold eye evaluating seedsigner https://github.com/SeedSigner/seedsigner/issues/391#issuecomment-1599256650
Work in the open, and generate a report you can then share with other projects and companies on nostr.
Happy to help with the above scope for seedsigner.
cc nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl
Agreed, SOC is for the more mature players which is why I’m hesitant to even offer that tbh. Consultancy and pen testing aren’t IMHO and can apply to more or less any project generally.
For the past couple years, I’ve been voluntarily testing a ton of projects/businesses (more in the Bitcoin space) and discreetly reaching out to them when I’ve found issues/vulnerabilities/logical failings. They’ve been responsive but whether there’s appetite to actually enlist people to do this professionally/regularly I’m unsure due to many of them being startups. That’s another reason why I want to enter the space because it’s so fucking expensive to get a basic security test.
You raise a good point regarding open POW. As I’ve always worked behind NDAs on projects (mainly to protect them), working open source hasn’t come second nature to me. But I definitely need to broaden my horizons more so will check out the above feature request! Cheers for being a sounding board too 😊
Awesome!
To be clear, above link to my comment is *not* a feature request.
My feedback in the linked comment is a response to a feature request urging the seedsigner team to consider the services of a security expert like yourself to verify the stateless claim.
Post review, the security findings report can be used to recommend actions, and also evaluate/validate the “feature request” (which I read as not validated, as someone without context and not involved with seedsigner).
Awesome, that’ll teach me for responding without viewing it first. Thanks for the context and for pointing me in the right direction, I’ll definitely check that out :)
It’s difficult because a lot of the above are sometimes regarded as luxuries or for really mature businesses. However (although I’m biased), I think that if security isn’t factored in from the start then there could be disastrous consequences later down the road.