3 Questions with Kraken’s CSO on Cybersecurity Journey to Co-Founding Crypto ISAC

written by: Nicholas Percoco, Kraken

Tell us about your cybersecurity and crypto journeys.

Kraken’s inception story was built upon a recognition that crypto exchanges needed to improve their cybersecurity practices to combat evolving attack vectors. Our Co-Founder, Jesse Powell, volunteered to help the Mt Gox leadership to clean up the aftermath of the infamous 2014 hack. He left that experience with a deep understanding that if crypto was ever to achieve mainstream adoption, it needed to be secure and legitimate.  

For this reason, both privacy and security are deep in Kraken’s roots and remain a guiding principle for everything we do today. Operationally, this translates into every decision, such as how we handle our client’s data, or how we communicate with external parties.

In 2018, I was hired to become Kraken’s first Chief Security Officer and to really formalize the cybersecurity, fraud and IT teams under one practice. At first my plan was to bring in the smartest minds from across my cybersecurity and ethical hacking network to enhance the knowledge base at Kraken. After that, I focussed on building out and refining our internal policies and procedures to ensure we could adapt to evolving attack vectors in the market. 

Since my appointment, we have scaled our security practice to be well over 400 people that span across information security governance, our red and blue teams, our application security, security training, as well as our dedicated Kraken Security Labs team. We have also secured many noteworthy certifications, such as SOC 2, Type I (for custody and funding services), as well as a ISO/IEC 27001:2013 certification that demonstrates how we adhere to global standards when it comes to cybersecurity and information security management systems.

What is the biggest security gap and opportunity in the digital asset ecosystem? 

The biggest security challenge for crypto companies is responding to the speed that the industry moves. In crypto, businesses need to know within seconds how to respond to a potential security breach and technological advancements, such as generative AI, make this challenge even harder. 

To date, when a potential security vulnerability has been identified it is often hard to effectively communicate these between other industry players. This has resulted in security vulnerabilities taking longer to resolve, and more value being draining from the system in the form of breaches.  

The opportunity at hand comes with the formation of this Crypto ISAC! By effectively sharing and implementing risk mitigation best practices, our industry can get collectively more secure. If done effectively over a sustained period, this will reduce losses across the crypto ecosystem, which will build long term confidence among industry stakeholders in this technology.   

Take us 5 years out - what role will security and compliance play in the space? 

First, if we look five years in the rear view mirror, we can see that significant improvements in both security and compliance have contributed to crypto becoming an asset class that the world’s biggest institutions are now investing in. Ultimately, these have always been table stakes for this industry to realize its full potential.    

Looking forward, I can only see this trend continuing. I truly believe that firms who consistently dedicate resources towards building out their compliance and security measures will have a higher chance of standing the test of time. 

About Kraken: 

Kraken is one of the world’s longest-standing and most secure crypto platforms. Our mission is to accelerate the global adoption of crypto, so that everyone can achieve financial freedom and inclusion. Globally, our clients trade more than 200 digital assets and 6 different national currencies, including GBP, EUR, USD, CAD, CHF, and AUD. Founded in 2011, we were among the first to offer spot trading with margin, parachain auctions, staking, regulated derivatives and index services under one roof. Trusted by over 11 million individuals, traders and institutions around the world, we offer professional 24/7/365 client support along with one of the fastest, most performant trading platforms available. Kraken has also set the industry standard for transparency and client trust, and was the first crypto platform to conduct Proof of Reserves. For more information, please visit https://www.kraken.com

About Crypto ISAC

The Crypto ISAC is a member-driven, not-for-profit organization that works together to curb malicious actors, address vulnerabilities, share intelligence, and move security forward to protect the crypto ecosystem. We are founded by leading crypto organizations and designed for cryptosecurity experts to address the security and trust challenges that face crypto today and shape the crypto ecosystem of tomorrow.