In the midst of the volatile and advanced encryption market, encryption exchanges face a larger discount designed to relinquish user and money data. We sat this week with the chief information security personnel at Flipster (CISO), Justin Hong, to conduct an exclusive interview. Hong has opened on how to fortify the encryption trading platform through certificates, innovation of products and respond to the actual threat.
According to Hong, Tightness He laid more than 15 product security updates this year alone. These updates, associated with its ISO/IEC 27001 certificate and “AA” classification from CER.Live, confirm to users of a safe and safe trading environment.
Work in Flipster
Q: Hello Justin, please start telling us a little about yourself, and your role as an information security employee, and why it is necessary for web3 companies.
A: I spent the past sixteen years in cybersecurity, with experience throughout banking services, technology, and Blockchain. It brings every space of its challenges, and together they formed how to deal with security, especially in Web3, where the risks are uniquely high. The level of exposure here is different from anything in traditional financing. There is more user control, more innovation, and unfortunately, more attention from bad actors.
In Flipster, I lead the global security function, which covers everything from risk management and compliance with accidents and include international frameworks such as ISO/IEC 27001 in our operations. The encryption moves quickly, and threats develop at the same speed. We build with this into consideration – thinking about the future, not just a response.
Q: What is the form of work in Flipster in the world of fast -dangerous coding platforms?
A: There is a lot on the line, which is exactly what makes the work very permissible. Security in this space is not negative. You are against some of the most creative and firm opponents in technology. It keeps you sharp, and forces you to continue to develop.
What stands out in Flipster is the extent of everyone align. The task is clear: We are here to create a safe and reliable trading platform that people can rely on. You see this focus in the way we work – cooperation, rapid feedback rings, and a continuous test.
Q: How do you define confidence in Flipster, and how does your team work to build and preserve it?
A: Confidence is based on time through consistency – in a clear, clear and accountable state. We connect how to manage risk, protect user money, and respond to accidents. If something happens, users deserve to know what happened and how it is treated.
On the back interface, we manage zero confidence. Each system and user are treated with the same audit, internal or external. This mentality helps us stay in hunting threats and other risks from the inside. But security cannot come at the account of the user experience. We constantly improve the features to make things more secure and easier. When these two things work in harmony, users do not have to choose between safety and ease of use.
Flipster’s ISO/IEC 27001 and Cer.Live Certificate
Q: The encryption platforms have become “hot” for safety accidents, which in most cases lead to a loss of large sums of money. While working in Flipster, did you face such an attempt, and how it continued to contain it?
A: We have seen our share of accidents – DDOS attacks, hunting campaigns, and suicide attempts, to name a few. These threats are real and fixed.
Take DDOS, for example. The attackers tried to disrupt our platform and even attempt to ransom tactics. But we have controlled control and mitigation controls in each layer, and our response teams are trained to act quickly. In hunting scenarios, malicious actors were launched as job applicants or partners to try to deceive our team in opening harmful files. Our systems are designed to pick up these threats quickly, and we are following the deep analysis after cases to harden our defenses further.
Q: Flipster recently received AA certificate from Cer.Live. What does the certificate involve, and what does it mean to users?
A: Since 2018Cer.Live evaluated hundreds of stock exchanges using a strict method based on 18 security indicators. It is one of the most reliable independent standards in space.
For users, this type of certificate is a clear signal. It tells you that a third party has examined our statute and has been validated by the quality of our safety. Poison it with ISO/IEC 27001 certificate, and start seeing a picture of a company that takes confidence seriously, not only in what we say but also how we work.
Q: Beyond CER.Live certificate, what are the main practices or protocols that Flipster recently carried out that users should be aware of it?
A: We have offered more than 15 safety features this year. Some main promotions include Key Key support, clouds locks, and white menu address. Each one gives users more control and adds another layer of protection.
I always recommend that you enable both the corridors and the addresses of the clouds. These simple steps make a real difference. We also build new devices management tools that allow users to track and manage devices to reach their accounts – another way that we help them control them.
Q: Some platforms have achieved the CER.Live classification. Is this a goal for Flipster? What security measures do you work on to get there?
A: It is on our radar, and we are making a steady progress. We are now focusing on promoting server protection, offering anti -fishing tools, and giving users more control through improved equipment management features.
At the end of the day, we do not pursue the badges, but we are chasing what actually improves the statute of our users. If something added a real value and enhances our defenses, we build it. AAA classification is a milestone, not the finish line.
Insect features and safety features
Q: How does Flipster guarantee that the infiltrators of white graves are stimulated in a way that is in line with the goals of trust and transparency in the long term of the stock exchange?
A: We work with Hackeenprooof On the General BUB BOUNTY program, researchers give a clear and reliable way to share their results with us. Their team reviews the presentations for influence and quality, and we offer fair rewards on the basis of intensity.
Besides finding errors, it comes to involving the global security community in our mission. When the researchers know that their work is appreciated and disposed of, they are more likely to help make the ecological system stronger. It is a victory for everyone.
Q: As CISO and an intellectual leader in space, what advice do you give to other companies that improve their security standards?
A: Get the basics correctly. Most violations are caused by basic supervision – projection corrections, open permissions, weak arrival control. Get this right, and you will eliminate a large part of your risk.
Beyond that, invest in your employees and operations. You can get all the tools in the world, but if your teams are not trained or your play books are not tested, you are weak. Building a culture where security is everyone’s function, not just CISO. The mentality may take this time, but it is worth every effort.
Q: Finally, social engineering attacks also spread in space. What measures have you applied to ensure that users are protected, or aware of attempts to waive their accounts?
A: We consider social engineering in two Dlnots: calculations and fraudulent transfers. First, we have built strong protection such as corridors, 2FA, login alerts in actual time, and processing the white menu. Soon, we will add device management as well.
User education plays a big role in preventing fraud. We share regular security updates and we develop tools that are like fraud or well -known headlines. The goal is to give users the knowledge and tools needed to stay safe. The enlightened user is one of the best defense lines.
