Consulting
Ron Stoner (Head of Security at Category Labs, formerly CSO at Botanix Labs and Head of Security at Casa Inc.) provides senior security leadership and incident response to cryptocurrency, blockchain, and Web3 companies.
What I take on
- Incident response with a nation-state lens - Containment, forensics, and remediation for active or suspected compromises. Direct experience with DPRK/Lazarus Group/TraderTraitor tradecraft in cryptocurrency contexts, including the AppleScript-based social engineering campaigns active against crypto employees.
- Security architecture review - Pre-launch and ongoing review for protocols, wallets, exchanges, and custody platforms. Threat modeling that accounts for the actual adversaries operating in this space.
- Bug bounty program design and triage - Setup, scope, severity rubrics, and ongoing operations.
- CCSS audits and readiness - I architected the CCSSA exam and was the first person certified under it. If you need to audit to the CryptoCurrency Security Standard, or get ready for one, I can sit on either side of the table.
- Fractional / vCISO engagements - For crypto-native startups and protocols that need senior security leadership but aren’t ready for a full-time hire.
- Treasury architecture and management - Custody architecture, signing policies, and operational workflows for organizations and protocols holding significant on-chain assets. Hands-on experience helping manage billions in crypto across exchange, custody, and protocol treasury contexts.
- High-net-worth operational security - Personal threat models, custody architecture, and OPSEC for individuals with significant on-chain exposure. Direct experience from the Casa years.
Why this practice
Crypto security is its own discipline. The threat actors are different (Lazarus Group, not script kiddies), the asset class is bearer-instrument and irreversible (so failures don’t revert), and the standards landscape is sparse. Generalist firms don’t have the muscle memory. A practitioner who has spent the last decade exclusively in this space across exchange, wallet, custody, L1, and L2 contexts does.
Engagement
Retainer and project engagements both available. Incident response work is prioritized.