Building a Safer DeFi Together

Speaker: Dacian Abstract: Many critical bugs found in security audits could have been identified earlier by developers with targeted fuzz testing. This workshop highlights the importance of bringing security closer to the development process, raising the standard across the space. Through simplified examples from real audits, participants will see how developers—or auditors—can create effective fuzz tests that reveal these vulnerabilities. By showcasing real-world vulnerabilities and the fuzzing approaches that catch them, this session provides a hands-on learning experience for developers aiming to strengthen their code. The workshop will utilize the Chimera framework, enabling attendees to write fuzzing tests compatible with various fuzzers, offering a robust and versatile approach to fuzz testing.

Speaker: Jonas Surmann Abstract: Each security review starts with a deep dive into the project and it’s smart contracts. While the documentation often is not sufficient, this is the first opportunity where SRs can benefit from visual mental models and diagram to fully grasp the reviewed project. Depending on the size/LoCs of the reviewed project, today SRs often need days to get a full understanding and many draw manual maps or create a mental model of the contracts and its interdependencies.This practical workshop is aimed at learning new mapping techniques as we navigate different projects and contracts and map them visually to pinpoint and identify security issues effectively in a matter of minutes. We will delve into advanced visualization techniques in an interactive LIVE analysis while we conclude with a challenge, which will include spotting vulnerabilities by means of mental models/diagrams. Pls don’t hesitate to reach out for any questions.

Speakers: Wolfgang Grieskamp & David Wolinsky (Aptos) Abstract: Join us for a walkthrough of the security aspects of Move on Aptos. We plan to cover Move’s type ability system, bytecode representation and runtime verification approach, formal verification with the Move prover, asset based programming model and frameworks, and new features in Move 2 like permissioned signers and resource access control. No particular knowledge of Move is expected, but familiarity with general concepts of smart programming will be helpful.

Speaker: Raoul Schaffranek Abstract: Join us for an in-depth exploration of Solidity, delving into its inner workings. We’ll examine compiled smart contracts and dissect the generated code, focusing on ABI encoding, jump tables, and variable allocation strategies. Our session will cover essential EVM data structures, including storage, memory, and the stack. We’ll also analyze calldata, returndata, invalid opcodes, and overflow checks, providing a comprehensive understanding of Solidity’s mechanics. This workshop is ideal for developers eager to deepen their knowledge of Ethereum’s underlying architecture.

Speaker: Assaf Eli – Co-Creator Venn Abstract: This workshop will guide participants through the fundamentals of firewall technology and its role in network security.

Speaker: Joran Honig Abstract: You’ve probably read about bounty hunters becoming millionaires on Immunefi, the billions of dollars secured. The millions of $$$ whitehat rescued. This is just half of the story! In this talk we’ll avoid those successes and look at what can and will go wrong in crowdsourced security. After this talk you’ll walk away with some of the hard lessons learned by both security researchers and product teams.

Speaker: Haim Krasniker Abstract: Drawing upon two decades as a cybersecurity leader—including many years in Web2 Security and the past two years navigating the “”crypto-sphere””—I share personal insights into the challenges that make securing organizations in the decentralized era anything but a “”block party.”” This presentation explores the strategic and tactical tasks essential for a CISO in the blockchain-powered world of Web3.

Speaker: Shahar Madar Abstract: Angel Drainer, a notorious Drainer-as-a-Service kit, has stolen millions of dollars through its highly effective obfuscation techniques, making reverse engineering and detection challenging for researchers and security tools. In response, we developed automated deobfuscation and detection toolkits by analyzing common patterns and identifying known obfuscation methods. These toolkits allow for a deeper understanding and improved mitigation of Angel Drainer’s techniques. This presentation will explore our research process, the obstacles faced, and the key takeaways from tackling this evolving threat.

Speaker: Markella Gioka Abstract: We discuss how we use off-the-shelf large language models for various smart contract analysis and automated comprehension tasks. An important element concerns the level of abstraction of the LLM input. We have found that excellent results can be achieved (for tasks such as public function similarity) by normalizing the input through decompilation up to an almost-Solidity-like level, together with simple tree-shaking algorithms. The resulting normalized code can be used both as training input and as input for computing embeddings.

Speaker: Assaf Eli Abstract: We will present findings from a study that examined how execution layer protection can prevent financial losses in decentralized systems. The study analyzed 60 incidents from the Ethereum mainnet, reflecting diverse financial impacts and project types. Each attack was simulated to replicate blockchain states at the time of exploitation, assessing the system’s capacity to block malicious transactions without interfering with normal operations. The experiments, repeated under varying conditions, offer insights into how combining off-chain detection with on-chain intervention enhances security by addressing vulnerabilities in real-time without disrupting system

Speaker: Anto Abstract: AVSs, or Actively Validated Services, use crypto-economic networks like EigenLayer to establish credible commitments. In this talk, we will explore the following topics that will help you build a Secure AVS: 1. What are credible commitments, and how do they work? 2. The roles of stakers, operators, and AVSs in credible commitments. 3. What is slashing, How does it work and how to secure your slashing logic. 4. Crypto-economic attacks against AVSs 5. Essential Web2 security for your AVSs.

Speaker: Denisa Diaconescu Abstract: INTMAX2 is a blockchain scaling solution for payments that uses a fixed 4-6 bytes of data on-chain, giving an upper limit of 7500 transactions batches per second on Ethereum, where each transaction batch can transfer an unlimited number of tokens to an unlimited number of recipients. INTMAX2 enables stateless and permissionless block production, and provides privacy properties using zk-proofs. The censorship problem is solved intrinsically by INTMAX2 as any user can be an aggregator. In this talk we discuss how we formalised the INTMAX2 protocol in the Lean proof assistant and mechanically proved the security theorem that guarantees the key economic safety property of the protocol.

Speaker: Luis Quispe Gonzales Abstract: In this talk, we’ll explore how hackers approach Rust-based blockchains, the common vulnerabilities they target, and the surprising ways things can go wrong. If you’ve ever wondered how even the most robust code can be broken, this session will shed light on that… and what can be done to stop it. It’s a journey into the hacker mindset, packed with real-world insights and stories!

Speakers: Mehdi Zerouali, Pablo Sabbatella, Peter Kacherginsky, Anto, Andrew MacPherson Moderator: 0xRajeev Abstract: Web3 security is typically associated with smart contract security. The biggest Web3 hacks have however involved traditional Web2 vulnerabilities and attack vectors. So is Web3 security really a revolution or repackaging of Web2 security principles? This panel proposes to debate on the similarities and differences between Web3 vs Web2 security with some leaders in this space towards the goal of highlighting the current status, historical lessons from Web2 security and future challenges for a safer Ethereum ecosystem.

Speaker: Nat Chin Abstract: Instead of debating between formal verification or fuzzing, this talk introduces a paradigm shift: building invariant-focused codebases to streamline the integration of both methods. While each approach has strengths—formal verification for rigor and fuzzing for speed—the real goal is maximizing bug discovery, minimizing attack surface, and reducing vulnerability to exploits. I’ll share insights from building robust invariant-driven testing suites, such as a 216-invariant fuzzing suite for Curvance and a 50+ suite for Primitive Finance, drawn from over four years of experience. This talk covers practical guidelines for embedding invariants from the beginning of the software lifecycle, ensuring a smooth transition to comprehensive testing that combines the best of both worlds. Together, we’ll explore how the industry can reduce friction around testing tool debates and instead make testing a seamless and powerful part of code design.

Speaker: Emilio Frangella Abstract: The talk will highlight security practices adopted with the development of Aave V4 and provide comphrensive development update on the new protocol iteration.

Speaker: Ernesto Boado Abstract: DeFi systems are ever-changing, including the infrastructure they live in (L1s, rollups). However, the size of financial software living in them like Aave, seem to require slower pace of progress. In this talk, from our perspective as core maintainers of the Aave protocol, will present practical examples on how decision-making is done in a daily basis, touching aspects like: When/how new features are added into a multi-billion production system? Practical examples. Balance security considerations (and development) with time-to-market. Redirect innovation to “boring” parts of the tech, with underlying quality as an important target. Defense-in-depth on the application layer, with Aave virtual accounting as an example

Speaker: Hudson Jameson Abstract: The Shanghai Attacks were a series of attacks against the Ethereum network during Devcon2 in Shanghai. I will retell a first hand account of those harrowing nights where the power of client diversity saved the Ethereum network from halting. I will go over a timeline of the attacks and explain the technical details of the exploits and the 2 network upgrades that had to be executed to remedy the damage. Note: I was coordinating the response to these attacks in-person and co-running Devcon2 in China during the attacks so I have special insights and resources I can offer to provide a very entertaining and informative talk on this subject 🙂

Speaker: Tarun Chitra Abstract: As restaking networks grow and generate fees, a natural question is how their dynamics evolve. Recent research from Durvasula and Roughgarden, as well as from Chitra and Pai, demonstrates that there is a natural graph structure between restaking services (such as EigenLayer AVSs or Symbiotic Networks) that controls the security of the network. This talk will demonstrate an empirical analysis of the true amount of security held within live restaking networks and compare live network security parameters to theoretical bounds. Our work will demonstrate how active rebalancing from node operators is crucial to practical restaking security.

Speaker: Carlos Salort Sanchez Abstract: To stop exploits from happening, we need to detect automatically when a transaction is malicious. We will present a couple of AI approaches to tackle this problem: Using deep learning to analyze the traces of a transaction, and using unsupervised learning to identify anomalous transactions within a protocol. These methods, when paired with a transaction delaying mechanism, are fast enough not to disrupt the normal operational flow of the blockchain, and can stop protocol exploits.

Speaker: Thibault de Lacheze-Murel Abstract: As web3 adoption grows, integrating embedded wallets into dApps streamlines user onboarding. These wallets offer web2-like ease of use with one-click account creation and recovery options while upholding web3 principles of ownership, trust minimization and decentralization. However, designing such wallets introduces novel security challenges and attack vectors. This talk explores these challenges and mitigation strategies for wallet providers and dApps to safeguard against key security risks.

Speaker: Kirk Baird Abstract: The talk is aimed to explore commonly found bugs in bridges. This would include bridge implementations themselves as well as protocols which utilise bridges. The focus of the talk would be on the solidity /smart contracts side of the bridge but may be expanded to include offchain code if there is sufficient time. The talk would cover iterate through bugs in a sufficient level of detail for listeners to fully understand and hopefully identify in the wild. Therefore, the target audience would be proficient in programming with a preference of solidity. Some examples of vulnerability classes are message replay attacks message validation signature issues access controls external function calls token manipulation DoS vectors

Speaker: Heidi Wilder Abstract: Join us for a practical session on using blockchain analysis to: Detect and investigate exploits – Strengthen preventative measures Improve incident response Protect your users and your project Safeguard your own security

Speaker: Merlin Egalite Abstract: This talk will explore strategies for isolating risk in decentralized finance, focusing on both architectural and code-level approaches to managing smart contract and economic risks. In the first part, we’ll delve into protocol architecture: simplifying design, separating components, and externalizing risk management to improve resilience. We’ll analyze examples from protocols like Symbiotic and Morpho, highlighting their approaches to mitigating risk. The second part will cover secure coding practices, such as scoping variables, managing external interactions, applying timelocks, and structuring roles to limit edge cases. Using examples from Morpho vaults, we’ll discuss practical ways to reduce vulnerabilities at the code level.

Speaker: Viktor Yurov Abstract: In this presentation, I will discuss the complex mechanisms of liquidations in various decentralized finance (DeFi) protocols. Liquidations play a crucial role in maintaining the stability and solvency of DeFi platforms. I will address challenges such as market liquidity constraints, cascading liquidations, and high market volatility. Additionally, the focus will be on cross-chain swaps, different oracle architectures (Chainlink, PYTH network), transaction execution delays during network congestion, and the handling of bad debt. Using well-established protocols like AAVE, Compound, and Gearbox as examples, I will first examine typical liquidation module architectures, before moving on to modern innovative approaches. I will start by discussing the partial liquidation mechanism of Curve’s crvUSD and then delve into the architecture of Fluid Vault, which implements position grouping into ticks and bad debt absorption. In the final part of the presentation, participants will be introduced to some of the most interesting vulnerabilities identified in real-world audits. This session will be valuable for auditors, developers, and DeFi enthusiasts.

Panel with: Michael Lewellen Abstract: In this talk, I’ll speak about the security processes being utilized in securely passing proposals on multiple DAOs including Compound and Arbitrum. We’ll cover the types of proposals that require security review, how each type of proposal should be reviewed and the different strategies employed to enforce a QA process while maintaining decentralization throughout the lifecycle of a proposal. This is a follow-up to a prior talk from DSS 2022 that covered DAO security. This talk will cover more recent updates and dive deeper into the technical processes that are utilized and can be used by others: https://www.youtube.com/watch?v=RGhedegBejE&t=23s

Panel with: Sara Reynolds Abstract: Well not really 500 days… As we end 6 months of intense security work on Uniswap v4, we plan to do an overview of the security processes we used to secure Uniswap v4 (we hope), and the bugs that we uncovered at each stage. Including: community contributions, fuzzing, ffi testing, SEAL wargames, formal verification, 8 audits, a competition, and a bug bounty.

Speaker: Qi Su Abstract: This talk will describe the attack-defense game in the MEV world. First it will briefly discuss MEV transactions and how it can protect projects from hackers. Then it will delve into attack-defense games between MEV bots. Finally it will discuss our latest observations and direction in this cat-and-mouse game.

Speakers: Hari Mulackal, Wolfgang Grieskamp, Dave Grantham Moderator: Mehdi Zerouali

Speaker: Jack Sanford Abstract: The audit contest space looks very different than it did one year ago. Conditional pots are the norm instead of the exception. Many different approaches to judging are taking place. And two distinct types of contests have emerged.

Speakers: Sara Reynolds, Ernesto Boado, Erik Arfvidson, Merlin Egalite Moderator: Hari Mulackal Abstract: Building and maintaining a successful DeFi protocol is incredibly challenging. Billions of dollars are on the line with absolutely zero tolerance for mistakes. The panel will bring 4 security-minded engineers from top DeFi protocols to share their thoughts on building and securing a successful crypto protocol. They’ll be asked to share practical tips and challenges they faced.

Speaker: Pablo Sabbatella Abstract: 80% of the funds lost during the last twelve months was not due to hacking smart contracts. It was about hacking people. A wave of web2 criminals are coming to Web3 and we are not prepared to deal with it. I will show how Web3 projects are being hacked using web2 hacking techniques and how this attacks can be avoided. I will talk about attack surface, social engineering, 0-day exploits, dns hijacking, simswaps, malware, private keys leakage and much more. I will show real cases and stats.

Speaker: Peter Kacherginsky Abstract: Despite the wider adoption of code audits, 2024 saw a staggering increase in security breaches, with four times as many compromises and twice as many losses compared to the previous year. To address this alarming trend, we will explore how the DeFi threat landscape evolved in 2024, focusing on the most dangerous threat actors and their successful exploitation techniques. Next, we will adopt an intelligence-driven approach to build a resilient DeFi security program that extends beyond traditional code security measures. DeFi developers and security practitioners will gain not only practical advice they can implement immediately but also insights into the future of DeFi security over the next 5-10 years.

Speaker: Victor Petrenko, Eugene Kolpakov Abstract: Off-chain oracles pose risks due to permissions, trust and security. ZK-based oracles provide a solution, but they are complex and costly. Solving this problem required efforts from Lido contributors, ZK Oracle providers and independent developers. Finally, the mainnet launch of the first ZK Oracle for the Lido protocol is scheduled for November 2024. This talk explores the potential of ZK Oracles to be trustless, permissionless, robust, and cost-effective — the hiking challenges in the search for improving protocol security and the road ahead (using Lido’s oracle as an example).

Speaker: 0xmonsoon Abstract: Defi has slowly been moving towards pull oracles like Pyth, RedStone and more innovative solutions like Oval. These oracles provide more recent price for a whole lot more pairs. But is it all roses and butterflies?What additional risks do these oracles bring for the integrating protocols, from integration errors, price manipulation or bad data altogether. This talk will dive deep into it. And can push oracles be simply replaced by pull oracles in old protocols like Compound without code change?

Speakers: Taylor Monahan, Robert, Alice Charm. Moderator: Kurt Barry Abstract: Among the many initiatives spearheaded by the cross-ecosystem Security Alliance (SEAL), one of the most ambitious has been the White Hat Safe Harbor. SEAL worked for over 24 months with dozens of lawyers and security experts from across the ecosystem to create a legal document that aims to protect white hat hackers from legal repercussions from white hat rescues and allows for projects to quickly and verifiably recover rescued funds. This panel consists of those who were deeply involved in the legal, technical, and implementation work of the White Hat Safe Harbor.

Speakers: Yannis, Josselin & Mehdi Zerouali. Moderator: Michael Lewellen. Abstract: This panel brings together seasoned smart contract auditors for an unvarnished look at the realities of blockchain security reviews. Moving beyond polite audit reports, our speakers will address persistent issues they encounter: from developers pushing unrealistic timelines that compromise security, to projects treating audits as marketing checkboxes rather than crucial security processes. The discussion will explore how incomplete specifications and documentation create hidden vulnerabilities, why some common architectural patterns are fundamentally risky despite their popularity, and what actually keeps auditors up at night about the projects they review. Through specific examples, panelists will illustrate how communication gaps and misaligned incentives contribute to security failures, and propose practical ways to improve the audit process. Join us for an honest (and maybe spicy!) conversation about strengthening the relationship between development teams and their auditors.

Speaker: Kelsie Nabben & Isaac Patka Abstract: Hear from SEAL’s Wargame team with a year’s worth of hands-on experience and ethnographic observation wargaming cyber attacks on cryptocurrency and blockchain projects. Our incident response experts will share critical insights into the vulnerabilities and defensive strategies that have emerged through rigorous simulated attacks. We’ll combine a technical perspective with a unique lens on the human and organizational dynamics observed during these exercises, highlighting the interplay between technology and culture in crypto. You’ll get a comprehensive analysis of the lessons learned and actionable recommendations to enhance resilience for crypto and blockchain security.

Speaker: Arbaz Hussain Abstract: The agenda of the talk is to guide whitehats in submitting better bug reports by enhancing the quality and impact of bug submissions in bug bounty programs. We’ll draw on real-life examples from our Immunefi platform to learn how to create detailed reports that facilitate faster triage and higher rewards.

peaker: Jota Carpanelli Abstract: In this session, we’ll dive into Uniswap v4 hooks, focusing on the key security considerations developers need to keep in mind. We’ll discuss common mistakes, explore potential attack vectors, and share tips on how to avoid scams and vulnerabilities. Whether you’re building or auditing, this talk will give developers with practical knowledge to enhance the security of their projects using that integrate with Uniswap v4.

Speaker: Phillip Kemper Abstract: Sequencer-Level Security” is a concept that can prevent hacks on L2s. A sequencer enabled with this architecture analyzes transactions before their inclusion in blocks, and actively blocks those that are malicious. In this talk, we share learnings and experiences with building and operating such a sequencer from the Zircuit network. We will discuss challenges, design choices, successes, as well as failures, and focus on the practical impact on the L2 equipped with such a sequencer.

Speaker: Mooly Sagiv Abstract: DeFi Security Summit was born from a need to address critical security gaps in decentralized finance. This talk explores the origins of DSS, the challenges we set out to tackle, and how the summit has evolved to foster collaboration and innovation in DeFi security. Join us to learn the story of DSS and its mission to build a safer, more resilient DeFi ecosystem.

Speaker: Tomer Ganor Details: Are you ready to showcase your skills in writing secure, correct Solidity smart contracts and get rewarded for it? Join our three-day competition, starting November 7, to deepen your expertise in Solidity and formal verification, either in person or remotely. In this challenge, you’ll receive a smart contract interface, a multi-sig wallet, and a formal specification in the Certora Verification Language (CVL), containing rules and invariants that define the contract’s behavior. Your task is to reverse-engineer a Solidity contract that efficiently satisfies the specification. Run the Certora Prover to ensure all rules and invariants are verified in your implementation. This competition is an opportunity to sharpen your skills and dive deeper into formal methods for Solidity. Start Date: Nov 7 End Date: Nov 9 Rewards: The first 3 submissions that verify all rules and invariants will be rewarded $1000. If no person or team manages to verify all rules, the person or team satisfying the highest number of rules and invariants will be rewarded $1000. If multiple people solve the highest number of rules using different original solutions, they will all be rewarded. Github Repo: https://github.com/Certora/CaptureTheSpec/tree/main

Speaker: Jakob Von Raumer Abstract: We’ll walk through examples that showcase Lean’s potential, especially in formal verification.

Speakers: Jonatas Martines Abstract: As blockchain ecosystems diversify, developers are often faced with the challenge of learning new stacks to stay adaptable. This talk will explore how a Solidity and Ethereum background can be leveraged to quickly master a new blockchain stack, specifically Rust and Solana, while laying a framework that can apply to other chains as well. Attendees will gain a foundational understanding of Rust and Solana’s principles, illustrated through direct connections to Solidity and Ethereum. By focusing on core concepts that translate across chains, this session offers a practical roadmap for developers looking to expand their skills beyond Ethereum.

Speaker: Elliot Friedman Abstract: In this workshop, participants will explore secure development practices for building robust smart contract systems. We’ll start with a high-level overview of the security stack and move into hands-on coding by building an example application. This process begins with intentionally buggy code containing subtle vulnerabilities, giving attendees the chance to identify and resolve issues step-by-step. The workshop will cover a range of security tools, starting with unit and integration testing for easily detectable bugs, and progressing to advanced techniques like fuzzing, symbolic execution, and formal verification for harder-to-find vulnerabilities.

Speakers: Juan Conejero Abstract: Join us to formally verify real-world code in our Kontrol-by-example workshop! We share insights and techniques used by Runtime Verification to achieve top-notch smart contract security. Learn to write symbolic Foundry tests with Kontrol, all within Solidity. This hands-on session covers tips and tricks for using Kontrol on large-scale projects, math functions, and common smart contract code. Attendees will get actionable knowledge of using formal verification for the best security guarantees.

Speakers: Desmond, Joran, Nat, 0xRajeev Abstract: Billions of dollars are at risk, and protocols spend millions on security through audits and bug bounties. Have you ever wondered how you can become a top security researcher securing these billions? In this workshop, 4 recognized security researchers share their experiences on smart contract security with practical tools & techniques to find & report vulnerabilities. Security researchers, even aspirational ones, can take away some key advice to improve their smart contract security skills.

Moderator: Kurt Barry, Security Researcher, Fixed Point Solutions LLC Panelists: Fraser Brown, CTO, Cubist and Assistant Professor, Carnegie Mellon University Ghila Castelnuovo, R&D Director, Certora Grigore Rosu, CEO, Runtime Verification Jon Stephens, CTO, Veridise JulianSutherland, Head of formal verification, Nethermind

Moderator: Mudit Gupta, CISO at Polygon & Technical Partner, Delta Blockchain Fund Panelists: Hugo Philion, Co-Founder & CEO, Flare Network Irene Wu, Head of Strategy, LayerZero Labs Robert Chen, CEO, OtterSec Valerian Callens, Senior Research Engineer, Quantstamp Yosuke Aramaki, Optimistic x Liquidity less bridge, Pheasant Network

Moderator: Rajeev, Founder, Secureum Panelists: Gonçalo Sá, Co-founder, Consensys Diligence Hari Mulackal, Co-founder, Spearbit Jack Sanford, Co-Founder, Sherlock Josselin Feist, Engineering Director, Trail of Bits Mehdi Zerouali, Cofounder & Director, Sigma Prime Mitchell Amador, CEO, Immunefi Sock, Primary Sock, Code4rena

Moderator: Francesco Andreoli, Developer Relations Manager, ConsenSys/MetaMask Panelists: Clément Bihorel, Product Lead, Safe (Core) Dima Kogan, Cofounder & CTO, Fordefi Riad Wahby, CEO, Cubist & Assistant Professor, Carnegie Mellon University Shahar Madar, Head of Security Products, Fireblocks Taariq Lewis, Founder & CEO, Volume Finance Yoav Weiss, Security Fellow, Ethereum Foundation

Moderator: Fraser Brown, CTO, Cubist and Assistant Professor, Carnegie Mellon University Panelists: Bhargav Bhatt, Research Engineer, Web3 Foundation Gary Thung, Software Engineer, Electric Capital Nat Chin, Senior Security Engineer, Trail of Bits Patrick Ventuzelo, CEO, Fuzzinglabs Uri Kirstein, Developer relations and developer, Certora Yannis Smaragdakis, Co-Founder, Dedaub

Moderator: Tarun Chitra, CEO, Gauntlet Panelists: Alex Marx, Web3 Risk Consultant, former Analyst at Coinbase Marijo Radman, Co-Founder & CTO, Solity Network Primoz Kordez, Founder, Block Analitica Yaron Velner, Founder, B. Protocol

Moderator: Curtis Spencer, Co-Founder, ElectricCapital Panelists: Chris Hart, CEO, Civic Technologies Liyi Zhou, Co-founder, D23E Joe Van Loon, CEO, Auditware Lucas Martin Calderon, Founder & CEO, Pentestify