Crypto security: Embracing transparency in leadership

With a background in counterintelligence for the US Army and experience of building and leading incident response and security engineering teams, Philip Martin (CSO at Coinbase) approaches crypto security with a clear vision of the threat landscape; from crypto-specific risks, to a deep understanding of the social and business challenges involved in securing crypto assets. 

Leading a team of 250+ across APAC, the Americas and EMEA for Coinbase Global Inc., Philip also finds the time to work on open source projects, and he advises and invests in cybersecurity startups.  

He’ll be sharing his knowledge at Black Hat MEA 2024 – so we caught up with him to find out what he thinks about crypto scams, and the responsibilities of crypto security leaders. 

Do you think that CSOs in the cryptocurrency space have a responsibility to be more vocal and/or transparent about how they work, in order to change public perceptions of cryptocurrency for the better?

“When opening a bank account, no one asks how secure the vault is. The reason is that over the past 100 years, we have developed a series of broadly understandable safeguards that banks follow and people trust. 

“While cryptocurrency has reached major milestones in the last few years, the truth is that it’s still early days where a lot of education and trust-building needs to happen. Security is the bedrock of trust. That’s why crypto leaders must be open about their security measures. By doing this, we can establish protocols and best practices that set the industry standard, and – more importantly – hold each other accountable.” 

Crypto hackers who steal large sums of money get a lot of air time in the media. But on balance, are crypto users really more likely to get scammed (or scammed out of more money) than people using non-crypto finance platforms? 

“While crypto scams often make headlines, it’s important to note that scams are not unique to cryptocurrency – they've existed since money itself. Only 0.34% of blockchain transactions are tied to illicit activity, and crypto’s transparent, traceable nature offers significant security advantages. 

“Coinbase, as the first and largest platform to mandate two-factor authentication, takes robust measures to protect customers and educate them about safeguarding their accounts. However, combating scams requires a collective effort, which is why we joined the Tech Against Scams coalition with other major tech companies to share knowledge and protect users across the industry.”

Is security for a cryptocurrency platform pretty much the same as security for any digital finance platform – and if not, what are the key differences?

“While there are similarities, some key differences set crypto platform security apart from other digital financial platforms. Coinbase is the most trusted place for people and businesses to buy, sell and manage their crypto assets. 

“These are a few aspects that set us apart from anyone else:

• As the largest public crypto company, Coinbase operates with more financial transparency. Aside from sharing our financial statements quarterly, we’re audited annually by an independent third-party as required by law.
• A key guiding principle is that your crypto is your crypto. We don’t lend or take any action with your assets without your permission. On top of that, we offer the most secure and multifaceted risk management programs designed to protect our customers' assets.
• We use state-of-the-art encryption and security. Our security team is constantly working to make sure you and your assets are protected from emerging threats.
• We provide powerful security features to all our users. These include auto-enrolled 2 factor-authentication (with security key support), password protection, and multi-approval withdrawals in Coinbase Vault, among others. 

“As a founding member of Crypto ISAC (Information Sharing and Analysis Center), a non-profit initiative dedicated to enhancing security within the crypto ecosystem, Coinbase helps inform the ecosystem of security threats, resolving vulnerabilities, and sharing and implementing best practices for risk mitigation. 

“However, because scammers often operate across multiple online platforms, it’s crucial to avoid tunnel vision on just crypto. That’s why broader initiatives like Tech Against Scams and our work with law enforcement agencies are essential. By maintaining a collaborative approach across industries and between the public and private sector, we can better safeguard users across the entire digital landscape.”

On a personal level, how do you manage the pressure and stress of being CSO for a high-profile crypto exchange platform? 

“A decade of being a Soldier definitely taught me how to work under pressure, but it also shaped how I structure and lead my team to take the onus off of any one individual. I am a firm believer in decentralisation, delegation, setting clear goals, and understanding the people on my team. 

“I try to empower my team to discover their own paths while maintaining a strong security posture. Operating from a place of clear intent and trust helps both me as a leader and my team to do our best work and safely secure one of the world’s largest holdings of cryptocurrency.”

Finally, why are events like Black Hat MEA valuable to you and your work? 

“Events like Black Hat MEA are invaluable because they foster essential collaboration and information sharing within the cybersecurity community. 

“Our security team is constantly advancing Coinbase’s security measures to stay ahead of threats and provide peace of mind to consumers. These events provide an opportunity for us to learn from others, while also sharing our own insights and techniques as a leader in safeguarding one of the largest holdings of cryptocurrency worldwide. 

“The networking and exchange of ideas that occurs at Black Hat MEA is crucial in driving innovation. It helps enterprises and governments stay ahead of emerging threats, and ultimately, create a safer digital environment for everyone.”

Thanks to Philip Martin at Coinbase. Register now to attend Black Hat MEA 2024 and learn directly from the world’s leading cybersecurity experts.