In this edition of Coffee with Calyptus, we’re talking to @0xSorryNotSorry, who swapped the sea for the world of Web3 and hasn’t looked back! He shares how his time as a ship captain prepped him for the challenges of blockchain security, his journey to earning $150k in just six months, and why humour is his secret weapon for tackling tough DeFi topics. Tune in to find out how he’s bringing a fresh perspective to smart contract security!
Your transition from sea life to Web3 security seems to have been life-changing. What prompted you to make that leap, and how has your previous experience shaped your approach to auditing and security in the Web3 space?
Transitioning from a life at sea to the realm of Web3 security was driven by a desire for new challenges and the excitement of emerging technologies. Being a ship captain taught me the importance of meticulous planning, adherence to protocols, and the ability to navigate unpredictable environments—all of which are directly applicable to cybersecurity. The maritime industry, much like blockchain technology, operates on complex systems where small oversights can lead to significant consequences. This background instilled in me a disciplined approach to auditing and a keen eye for detail, which have been invaluable in identifying vulnerabilities and ensuring robust security in the Web3 space.
You’ve mentioned making over $150k in your first six months, mostly from private audits. What strategies or mindset shifts helped you achieve such rapid success, and what advice would you give to those starting in Web3 security audits?
Achieving rapid success in Web3 security auditing was the result of relentless learning, networking, and seizing opportunities as they arose. I immersed myself in understanding the intricacies of blockchain technologies and smart contracts, which allowed me to provide valuable insights during audits. Building strong relationships with projects and delivering quality work led to word-of-mouth referrals, significantly boosting my client base. For those starting out, I recommend focusing on developing a deep understanding of blockchain security principles, staying updated with the latest vulnerabilities, and actively participating in the community. Patience, perseverance, and a commitment to continuous learning are key to making a mark in this fast-paced industry.
You often engage with humorous takes on DeFi and governance issues. From your perspective, what are the most critical problems DeFi projects should address when it comes to user trust and security?
While humor helps in engaging the community, it also serves to highlight serious underlying issues in DeFi and governance. The most critical problems include smart contract vulnerabilities, lack of transparency, and inadequate security practices. DeFi projects must prioritize rigorous security audits, implement robust testing protocols, and ensure clear communication with users about potential risks. Building user trust hinges on demonstrating a commitment to security and being proactive in addressing any vulnerabilities. Additionally, fostering an open dialogue with the community can help identify issues early and promote a culture of collective responsibility.
You’ve participated in major bug bounties like Immunefi and Cantina. Can you share any lessons learned from working on these challenges, and how aspiring security researchers can prepare themselves for such high-stakes projects?
Participating in high-stakes bug bounties has been both challenging and rewarding. One of the key lessons learned is the importance of a methodical approach—thoroughly understanding the project's architecture before diving into code can uncover hidden vulnerabilities that others might miss. Time management and persistence are also crucial, as some exploits require extensive testing and validation. For aspiring security researchers, I recommend starting with smaller projects to build experience, continuously honing your technical skills, and studying past vulnerabilities to understand common patterns. Engaging with the security community through forums and workshops can provide valuable insights and support.
Web3 is constantly evolving, and you've been active in the space for a year now. What have been the biggest challenges you've encountered, either personally or professionally, and how did you overcome them?
One of the biggest challenges has been keeping pace with the rapid advancements in Web3 technologies. The constant evolution requires continuous learning and adaptability. Personally, shifting from a maritime career to a tech-focused role meant acquiring new skills and adjusting to a completely different industry culture. I overcame these challenges by dedicating time each day to study emerging trends, clicking almost everything that I don’t know, and trying to understand gigabrains’ reports in the field. Professionally, building credibility in a new industry took perseverance and a commitment to delivering high-quality work consistently. Embracing a growth mindset and being open to collaboration have been essential in navigating these challenges.
