Thanks to the efforts of Attrition.org, we’ve known for years that LIGATT Security and Gregory Evans can’t be trusted.
That article includes a long list of examples where Evans has committed plagiarism and threatened those who question his credentials as a hacker. There are court documents on the Internet that add to the evidence.
I won’t go into the full summary of misdeeds here, because veteran security professionals have heard and seen it all before. Besides, I can’t do it any better than Attrition.org already has.
Despite all we know about Evans, the mainstream news media has remained clueless, having him on their broadcasts and accepting him as the real deal.
Whenever we see it happen, we groan and tweet about how dumb those journalists are.
But my good friend Martin Fisher, veteran security practitioner and host of “The Southern Fried Security Podcast,” has shown it IS possible to educate the media and right some wrongs.
Thursday, he was listening to his local NPR station, WABE 90.1 FM, when a report came on about the Home Depot data breach. The station’s guest to discuss the news: Gregory Evans.
Martin contacted the station and sent them the Attrition.org material on Evans, and the station, to its credit, scrubbed the Evans quotes from its text and audio reports.
This tale is really about something bigger than Evans.
When it comes to security, the mainstream media get it wrong on a daily basis. I don’t hold it against them because the material is usually produced by general assignment reporters who don’t have a feel for the industry or the issues. I was a general assignment reporter once, and I sometimes got things wrong for that very reason. Whenever someone contacted me and provided evidence that my information was wrong, I promptly corrected the record. That’s what good reporters do.
But if we don’t let them know they’ve made a mistake, the bad information won’t be removed because the reporter isn’t aware of the mistake.
Martin’s story shows that when we reach out to news stations and let them know of errors, they will do the right thing.
About now you’re thinking that’s ridiculous, that it’s the responsibility of the journalist to do their homework and get it right the first time. It is.
But in the heat of deadline, when you have to report and write something in a hurry, mistakes happen, even when the reporter checks their information repeatedly.
That’s when we, as security professionals, can extend a helping hand and put them on the right track.
Very true and a very good message, Bill. It is a reporters responsibility to do their homework, but sometimes they aren’t given time – and if they see “So and So is an expert with umpteen years as a security consultant,” they go with it because there’s no time for vetting.