Second in a two-part series. Read the first part here.

Blockchain tech has inherent infosec value, Web3 isn’t just a fad, and security professionals need to start learning about these emerging technologies, as I laid out in my first post in this series. But there will be bumps on the road to securing this burgeoning ecosystem, where multimillion-dollar heists still happen with alarming frequency. Here’s how to get started:

A few years ago, when I ran a boutique cybersecurity consulting firm, I worked with several companies in the blockchain and cryptocurrency spaces. My cofounder and I typically found cultures with low respect for established program-level information security methodologies, such as NIST guidelines, which help some of the largest and most mission-critical organizations in the world keep their assets safe.

We noted an inefficient tendency to “reinvent the wheel” and often encountered resistance to proven approaches to infosec from other industries. However, the organizati…