Whitehat interview - cergyk.eth
Cergyk is a Web3 security researcher finding success multiple times at Immunefi. He is a Lead Senior Watson on Sherlock as well, and a tool builder. He was kind enough to answer some questions...
1. First things first, can you briefly introduce yourself and explain what you do in the smart contract security space?
Cergyk: I am an ex-software engineer (Tradfi, adtech) turned security researcher in smart contracts since end of 2022.
I have been involved in public contests, hunting on Immunefi, and building public goods tools such as https://upgradehub.xyz.
2. Is it true that there is a secret group of security researchers trying to conquer the entirety of the web3 space and force us all to learn French?
C: We've completed first step which got everybody thinking about security models in terms of cheese:
On to the next!
3. You've achieved a great deal of success both on Sherlock contests and on Immunefi bug bounties, as well as in a recent Cantina competition.
Congrats! If you had to pick bounties or contests, what would you prefer doing for the rest of your life, and why?
C: Very interesting question. What I feel is the most sustainable long term is to build something and hunting for bounties on the side.
4. You have a brief moment to talk to Cergyk from the past and provide him only one advice for his security path. What would you tell him?
C: I would talk to him about proxies. I would tell him how sometimes they can be uninitialized. Tell him to go look up a wormhole thing on Immunefi :D
Jokes aside, I would tell him to go out of his comfort zone more, and to not be afraid to tackle the more interesting and ambitious projects.
5. It seems that 2024 is the year where we see a huge battle between different platforms struggling to attract their fair share of the web3 security talent. Where do you see this war going in the years to come?
C: It seems that every platform is attempting to get a step into the turf of their competitors be it bug bounties, competitive audits or private audits.
Reputation will play a big role in 2024.
Platforms which will enable participants to showcase strong reputation will attract the best talent, because it would guarantee business opportunities outside of it.
Sherlock has an interesting model with regards to that because not only it enables auditors to showcase skill; It also brings the interesting opportunities inside of the platform (leading contests).
6. Last year we've pretty much only had Solidity audits and bounties to grab. But now we're in February of 2024 and we've already seen many contests and talent interest in Rust, Cairo, Go.
It feels like a growing trend to diversify this offering portfolio.
In your opinion, should a researcher focus on their specialty or should they diversify and learn as many languages and technologies as humanly possible?
C: Deep expertise is definitely invaluable, with that regard one should not get distracted and FOMO into every shiny new thing.
That being said, there are definitely interesting opportunities appearing outside of the solidity/EVM realm.
They will reward handsomely the researchers putting in the time to dig deep into Solana/Cosmos/Cairo.
7. Looking into the future again, where are you going to invest your mental resources the most? Tool development? Auditing? Learning new tech?
C: Would love to follow my advice from the previous question and not get caught up into the many contests popping here and there :D
I would definitely love spending more time on long-term stuff such as diving deeper in ZKP and building a new ambitious tool.
8. We appreciate your time, sir. Where can people find you and follow your work?
C: Follow me on twitter: @cergyk1337 and farcaster: @cergyk, Cheers!