I recently spoke with Sajjad Rehman, the VP of Revenue at Immunefi. Sajjad has many years of experience building teams and businesses in Fintech, SoC, B2B SaaS, Gaming, Live Streaming, and now Web3. In our conversation, we discussed Web3’s security challenges, bridging the demand-supply gap for security expertise, and his advice for others building in the Web3 space right now.
Hello, Sajjad. Thanks for making the time to have this conversation. To start, can you please tell us a bit about yourself?
Sure, of course. Thanks for having me. Can’t wait to dive deep into Web3 security, Immunefi, and more.
I’m Sajjad Rehman, a design engineer turned venture builder and GTM leader. That’s how I like to see myself after 15+ years of building and managing 50+ teams across multiple industries, functions, and continents.
I got an MS degree in Management Science and Engineering from Stanford University and an MBA in Finance from the University of Cambridge. But to be honest, most of what I’ve learned came from working with industry leaders like Amazon, Twitch, Jagex, Unstoppable Domains, and now Immunefi.
Joining Immunefi came at the back of some deep personal transformations, though, about which I’ve written on social media. It not only made me a better leader, but also increased my ability to contribute in the way of making Web3—the world’s digital future—more resilient and secure. So, yeah—that’s me.
Given your work to make Web3 more secure for projects and end-users, can you shed some light on the current state of the industry?
Web3 has a major security challenge to overcome. Let’s face it upfront so we can make choices to solve the issue. There’s no point in sugarcoating this fact.
In October, specifically, 73.7% of the attacks were hacks, while 26.3% were frauds. And almost 100% of these attacks targeted DeFi protocols.
Looking into these nuances is very important. They help us see the areas that need focus from a security perspective. It’s the best way for the industry to carve its way forward, as we are already witnessing with the increasing number of projects launching bug bounties and engaging whitehats on Immunefi.
Overall, I’d say the focus is steadily shifting towards baking in security from the get-go, unlike the trends we saw during the last DeFi Summer. We’re becoming more sensible, as you’d expect from any industry that’s moving from hype obsession to maturity. Things are great overall, and I’m very bullish.
Now, coming to Immunefi, please tell us about the key problems you’re solving and how. I’d also love to hear about your latest innovation, Vaults.
Immunefi is positioned as a leading bug bounty platform. From that vantage point, the biggest problem we solve is that of persistent security through a project's lifecycle. That’s fairly obvious. But in my view, what is more important to note is how we approach this mammoth task.
On the one hand, you have Web3 projects facing a limbo when it comes to finding security researchers who are in the know of the industry’s trends and also have a vast skill set. The challenge here is that most white hat hackers have a legacy mindset and aren’t 100% efficient in discovering Web3-native threats that are becoming increasingly complex by the day.
On the other hand, there are highly skilled Web3-native security researchers who, before Immunefi, didn’t have a dedicated platform to discover projects that would properly value and reward their efforts. They also faced various issues with payment disbursal and reliability, besides the lack of incentives to hunt on emerging projects.
So, in all, you can say we’re solving a classic demand-supply matching problem for the Web3 security landscape. And in doing so, we’ve built Vaults to improve our value proposition 10/20/30x. It’s basically a smart contract wallet that projects can use to pay security researchers directly without doing it manually for each report or payout.
Vaults will unlock a cutting-edge Proof-of-Funds mechanism, making bug bounties on Immunefi faster, more transparent, and hassle-free.
Last but not least, we solve for building white hat communities around new projects. When new projects launch with nuanced tech, they won’t have eyes on code at the outset. This is not an easy problem to solve. It involves not just creating the right incentives but disseminating education the right way to build an informed white hat community around a project’s code that protects it. The launch of our bounty-boosting product is the first step of many in that direction.
How can someone check out Vaults if they want to? Also, given your focus on the sales and revenue side of things, how do you see the ecosystem panning out now that we are hopefully recovering from a year-long winter?
Setting up your Vault is super easy. Any Ethereum-based project can do it in under 10 minutes. They can simply head over to our
Okay, now for the revenues, I think the good times are coming back. They never really left, actually. The solid projects, with strong foundations and clear goals, continued to receive support from investors of all kinds, retail and institutional. Of course, there wasn’t all the pomp and show about it, as you’d expect in a bear market.
With BTC breaching the $34K mark, the buzz of a bull market is returning. It’s a good sign, overall, since more money will start flowing into the industry and help projects scale their efforts. But to consider things with more nuance, one must realize that the industry has been recovering steadily since the past quarter or so, with the number of daily Unique Active Wallets (dUAWs)
Moreover, though it’s counterintuitive, a rise in the number of hacks or fraud attempts is actually a sign of a better revenue influx. One mustn’t undermine our adversaries, especially when it comes to seeking out opportunities to make profits. It’s an uncomfortable but necessary truth.
So, from now on, if you see a rise in malicious activities in any industry, understand that more money is flowing into that space, which the attackers are chasing. Of course, you’ll do whatever it takes to win the race, which is why platforms like Immunefi and a prolific, driven community of security researchers exist.
Before we conclude this discussion, what’s your best advice for projects and teams building in the Web3 space right now?
I’d say two things. One, focus on building a strong foundation: robust security, genuine utility, rich UX, etc. These are the aspects that’ll ultimately float your boat, no matter if the markets are up or down. Your customers or community will choose you to get their problems solved. Disappoint them, and they’re gone forever. But even if your token’s price stays low for a few quarters, it can go right back up again.
Two, be ready to play the long-term game. It’s not about surfing the short waves alone, even if you make tons of money in the process, especially if your goal is to build a future-proof business capable of making ripples and becoming a pioneer.
Web3 is an emerging industry that needs leaders who set examples and build standards. Not inheritors of legacy wealth or influence but real, driven, action-oriented entities. Make sure you fit the bill if you want a chance to succeed and dominate your industry five to ten years down the line. And if you don’t, someone else will—it’s about time.