Haaroon - Potential Candidate for Security Council!
I am Haaroon Yousaf, and I am running as a contender to join the Security Council for Sept 2023. I believe my background in blockchain security and analytics, as well as my passion for Arbitrum, would make me a strong member of the Arbitrum Security Council.
Qualifications and relevant experience
I was very fortunate to work with amazing people, obtained a PhD from a top university in the United Kingdom, and have published multiple papers at top tier security conferences worldwide. This allowed me to gain deep insights into various blockchain tech and vulnerabilities. These of course all resulted in favourable outcomes to the ecosystems. The core of my work is on privacy, security and scams. Below is a short selection:
- (Privacy/Security) An Empirical Analysis of Zcash - The first published work on analysing the security and participants of ZCash, detailing how the privacy features could be abused
- (Privacy/Security) Tracing transactions across cryptocurrency ledgers - We analysed multiple blockchains, identified ways to track wallets across ledgers and exposed scammers
- (Privacy/Security) An Empirical Analysis of Privacy in the Lightning Network - We developed techniques in order to see how payments are pathed
- (Scams) Forsage: Anatomy of a Smart-Contract Pyramid Scheme - Exposed one of the largest pyramid schemes in the world hosted on Ethereum
I currently work in Research and Development as a co-founder at Pometry developing state-of-the-art graph analytics tools. My work revolves around analytics and software development primarily on graphs and blockchains. We’ve done work on Sybil detection with Gitcoin and hunted NFTs used in pump and dump schemes. I am also on the technical committee for the IC3, where I help organise our bi-annual events and hackathons.
You can find a fuller list of my qualifications here with links to all of my works: https://www.haaroonyousaf.com
I started my cryptocurrency journey back in 2016 whenever I tried to buy L$ on the Virwox (now shut down) exchange, either I placed the wrong type of market order or got scammed. This experience spurred my interest in cryptocurrency, I wanted to do something about it.
My thesis was simple, there are insane amounts of tech being made, I believe if there is an attack then someone evil is probably already exploiting it. Thus, I wanted to find and bring exploits to light so they can be fixed to improve the security of the ecosystem. This was why I obtained a PhD and committed to work on blockchain security.
Real world security - Outside of crypto I have real world experience in development and security, I have worked at security company in the past (MWR), was a developer at Goldman Sachs and obtained a bug bounty (NDA’d)
Arbitrum - I have been active within the arbitrum community, usually by speaking to developers or researchers in the space. You can see an example here, where I discussed transaction ordering on the research forum last year Hybrid transaction ordering policy - sequencer - Arbitrum Research
Security Council Criteria
- Availability - Being responsive is a key trait, but being calm in a crisis is non-negotiable. I pledge to be accessible both during emergencies and regular operations, as well as being calm in a matter of emergency. This I have experience in when working for TradFi in the past where critical financial systems had issues and I had to give support.
- Teamwork - I strongly believe that outstanding work is done as a team, and having mutual respect and collaboration has been a guiding principle when working in a team.
- Transparent - I genuinely believe in Trust but verify and commit to stay on top with the DAOs reports and security council related docs. I also welcome questions, and will gladly answer any below.
- Secure Operations - Given my security and academic background I assure you that I prioritise high levels of security. With this engagement I will purchase extra phone contract lines and keys to ensure availability is at its highest level, with the most updated and secure devices and careful management of security matters.
Blockchain Security + Tools
I believe the council should be made up of extremely tech savvy individuals who all must have a security mindset. My experience and track record show that I have those qualities.
- I can read and write Solidity - which is necessary for understanding potential actions taking place
- Extremely familiar with using blockchain explorers, such as EtherScan, or obtaining data and analysing it myself - necessary for understanding and comprehending an ongoing attacks, postmortem analysis, verifying code and analysing address behaviours
- Used hardware wallets - which is necessary for private key security
- Personal security - I actively use 2FA, ensure my device hard drives are encrypted and almost all of my social media (excluding LinkedIn) are set to private
- Understand Gnosis safe - how it is necessary for co-signing security council transactions
- I have accounts on both the Arbitrum foundation and research forums, and understand tools such as Tallyand Snapshot are used as voting mechanisms
I am sincerely excited about joining the Security Council, given the chance to uphold the responsibilities that accompany this role.
I welcome any questions, feedback and conversations from anyone in the community. We can all work towards keeping Arbitrum secure. If you would like to contact me, please feel free to DM me on the forums here or post a question in this thread.
I hope this post inspires your confidence to vote for me as a nominee on the 15th.
I originally had links to all works and citations, but unfortunately am limited by the security of the forum