Pablo Sabbatella (pablito.eth) @ Opsek – Security Council candidate Mar 2026

Hello everyone, I am Pablo Sabbatella, also known as pablito.eth. I am a web3 operational security researcher, member of SEAL (Security Alliance) and I am applying for the security council as founder of Opsek. I also created “Blockchain Security series” podcast. I started with cybersecurity back in 1999, when I founded Hackemate and have been involved in technology since then. I am a signer in the Optimism Security Council, the Polygon Protocol Council and Everclear Security Council. I have focusing a lot in specific needs from Security councils and on how to enhance their Operational security. Motivation to sign up I am fully committed to improving the security of the ecosystem. I am totally convinced that security is the biggest issue the industry is facing right now, stopping it from achieving mass adoption. If we continue on this path, with DPRK being funded by large hacks like Bybit, we are gonna be a total failure as institutions will not deploy big capital. I know for sure that my knowledge and experience will be valuable in order to enhance the security of Arbitrum’s Security Council, infrastructure, team and community. I am fully doxxed and dedicate lots of resources to talk about the importance of Security in the Web3 ecosystem from my Twitter account with more than 80K followers and with a free Blockchain security course you can check at at Defy Education. I also create the Blockchain Security Series podcast. Security work: I founded Opsek, where we do operational security audits and training for Web3 organizations (DeFi, CEXs, L1s, L2s, VCs, service providers and HNWI). The reason behind my work and founding Opsek is very simple: 99% of funds being lost are due to operational security issues (Private key leakage, malware, exploits, social engineering, phishing, account takeovers, domain hijacking, etc) and not due to smart contract hacks anymore. My expertise is understanding an organization, defining and protecting its attack surface: what does the organization do? Who is the team? What are the tools and tack that they use? What does the day to day operation look like? What are the most valuable assets it’s protecting? Which are the biggest risks? What security measures do they have in place? Have they had any security incident in the past? We also train the teams and especially founders on physical security. Part of our auditing process includes multisigs: how were they created? Who are the signers? What’s the appropriate threshold? How are private keys generated? How are seeds handled? Are they backed up or deleted? How do you travel with your hardware wallet? Have signers developed a threat model? Hardware wallet diversity, frontend diversity, transactions verification and simulation, definition of procedures and policies, etc. I have already audited many firms (many of them we do not make public). Some of them: Optimism, Sky (ex MakerDao), Centrifuge, Contango, Midas, Aligned Layer, and many more. I have participated in many war rooms and helped many people and companies save funds during attacks (and still do this daily). Some of my presentations: Professionals hack people, not systems @ DeFi Security Summit (Bangkok - 11/2024) https://www.youtube.com/watch?v=1ZQIDkEfY5w OpSec for the Dark Forest (or how to avoid getting rekt) @ Devcon 7 (Bangkok - 11/2024) https://archive.devcon.org/devcon-7/opsec-for-the-dark-forest-or-how-to-avoid-getting-rekt/ Operational security in Web3: a review of major OpSec incidents @ DSS Webinars (Online - 04/2025) https://www.youtube.com/watch?v=GuQXUyMDd_s Physical and Operational Security 101 @ Ethereum Community Conference 8 (Cannes - 07/2025) https://ethcc.io/agenda/physical-and-operational-security-101 TOTP apps are dead and why you are doing 2FA wrong @ darkMode (Denver - 02/2026) darkmode.securityalliance.org TOTP apps are dead and why you are doing 2FA wrong darkMode 2026 I will present a summary of how 2FA works, the different methods (SMS, TOTP apps, Yubikeys, Passkeys, etc), the weaknesses each one of them have, how they are being exploited, and what we have to do in order to start using 2FA in a safe way. Web3 Operational Security 101 @ DeFi Security Summit 101 (Buenos Aires - 11/2025) DeFi Security 101 2025 - Web3 Operational Security 101 Apple Stack Hardening: Security Essenials for macOS, iOS & AppleID @ DeFi Security Summit (Buenos Aires - 11/2025) Apple Stack Hardening: Security Essenials for macOS, iOS & AppleID - DeFi Security Summit 2025 How to securely configure and use Telegram & Twitter @ Ethereum Community Conference 7 (Brussels - 07/2024) https://ethcc.io/archives/how-to-securely-configure-and-use-telegram-and-twitter Projects I created but where I am not involved anymore: I co-founded Ethereum Argentina. I created the first “Blockchain and DeFi" subject in an Argentinian University (ITBA) and served as teacher for two years. I founded Defy Education. Disclosure: I am an active signer in the Optimism Security Council, the Polygon Protocol Council and Everclear Security Council. None of them have conflicts of interest. Links: Website: https://pablosabbatella.com Opsek: https://opsek.io Security Alliance (SEAL): https://www.securityalliance.org/members/user_NOdX506vRbyrYH2U Cybersecurity alerts: https://t.me/+22LpVdgtLXs3ZjNh Blockchain Security Series: https://bss.fm X profile: https://x.com/PabloSabbatella Linkedin: https://www.linkedin.com/in/psabbatella/ Many thanks for reading 1 post - 1 participant Read full topic