The “Shot Heard Round the World”
I was reading my email yesterday afternoon when a new message from ISSA International arrived. I opened and read it quickly, and then started to get back to tasks at hand when all of a sudden something at the bottom of my message caught my attention. The message announced an upcoming webcast in which a number of speakers were going to participate. One of the speakers was a convicted computer criminal.
I was initially overcome by cognitive dissonance. The fact that ISSA is a non-profit organization that has accomplished worlds of good within and outside of the information security community kept coming to mind, yet the thought of ISSA aiding and abetting those who openly brag about their sordid cybercrime accomplishments left me feeling betrayed. I sent email that expressed my concerns to ISSA International President and personal friend Howard Schmidt. The fact that his reply more or less said that sometimes things outside of the control of ISSA International occur did little to console me. I then sent a message to a number of ISSA chapter presidents and other influential infosec professionals, asking them to contact Howard to express their displeasure and also to contact their ISSA chapter members urging them to do the same.
The message I sent got all over the Internet. Unbelievably, forums and newsgroups have picked up on the issue concerning whether ISSA endorse or even announce events that feature convicted computer criminals.” I suppose I should feel good that this issue is once again in front of infosec professionals, but as Howard and I talked over the phone afterwards, I started to feel badly about the misunderstanding that I communicated. Howard had just landed from an international flight when he saw and responded to my message. That is why it appeared to me that he in effect said he could not do anything. What I did not understand was that he was going to have to do some fact-finding, so he couldn’t react right away. I have thus apologized to Howard for what I said in that message.
Howard did indeed do some fact-finding, and found that ISSA’ International’s outsourced management support team had sent out the event announcement without consulting ISSA International. Doing this is normal; what the team did not realize is that there was something controversial in the announcement that they sent out. A number of the people to whom I sent my original message suggested that ISSA International should tighten procedures concerning announcements sent out in the name of ISSA International—I couldn’t agree more. Hopefully, Howard and the ISSA International board will reach some kind of satisfactory solution to this issue.
One thing I learned is that Howard is strongly opposed to having convicted computer criminals speak at ISSA events. Not everyone within the ISSA International leadership feels this way, however. I would thus like to suggest that we as infosec professionals work on ways of flushing out candidates’ views on this issue when elections are held so that candidates who favor involving convicted computer criminals participating in ISSA and other professional events will be virtually compelled to make their views publicly known. Anyone who is in favor of involving computer criminals in infosec events will not get my vote—you can count on that.