Yesterday we spent the day on Twitter, talking to members of the infosec community who vocally, vehemently disagreed with our decision to have Gregory Evans, president and CEO of Ligatt Security International, speak at our international conference this September.
It started this week when our public relations consultant, reviewing the speaker list for people and topics to promote on our blog, recognized Evans’ name from Twitter activity, in which infosec professionals had called him out for being a fraud.
Research showed extensive online accusations of plagiarism, lying about CISSP and CEH certifications, physical threats, and securities fraud. Evans had already served time for wire fraud and conspiracy felonies.
Reviewing these data, the conference committee came to two conclusions:
- However compelling, the online evidence had not been authenticated, and so could not be considered more than well-put-together hearsay.
- Evans had not done anything to betray the HTCIA’s trust, including claim certifications or – to our knowledge – plagiarize his presentation. He had, however, served his time, and appeared to run a legitimate corporation; and law enforcement is hardly unacquainted with learning from ex-cons.
Our decision to keep Evans on the roster while we investigate has not been popular. However, we ask community members to remember that from our perspective, we just found out this week about something a large group of people (online, no less) believe to be true.
That the information comes from the infosec community carries more weight than if it came from, say, a street gang. But many appear to believe that we should just take the community’s word for it, which we cannot do.
In fact, we know online evidence including screenshots and IP addresses can be doctored. We have no way to authenticate what we see pasted on a website, thus we seek corroboration. (It does help that Attrition.org links to its sources.)
Our conference is open to all. Our speaking slots have historically been open to all, and likely still will be, though we may begin to vet non-member speakers. We welcome concerns and opinions, and indeed, we never would have engaged via Twitter if we didn’t care what the community had to say – if we did not intend it to help us make a final decision.
That decision is still forthcoming. We appreciate the community’s patience while we work towards a resolution.