Fury among online community over decision to include presenter

The organizer of BSides Cleveland has stepped down after an online backlash that followed a controversial figure being invited to speak as a “surprise”.

The annual infosec conference, held last weekend (June 17-18), saw a handful of speakers walk out in protest over the appearance of social engineering expert Chris Hadnagy.

Hadnagy is a controversial figure in the hacking community and has previously been banned from DEF CON, the iconic hacking conference, due to allegations he violated the event’s code of conduct.

He had been added to the bill to speak as a ‘special guest’ on day two of the conference. However, when other community members found out he was appearing, the backlash prompted some speakers to abandon their presentations.


Read more of the latest news from the infosec community


John Strand, known online as ‘strandjs’, was due to present a talk but announced on Twitter that he would instead be leaving the event, writing online that the situation “sucks”.

Dave Kennedy, who was also scheduled to speak, echoed Strand’s thoughts, concluding it was “the right decision to pull it”. 

Rockie Brockway, BSides Cleveland organizer, has since released a statement taking responsibility for the incident and announcing that he is stepping down from the role.

Brockway posted online (non-HTTPS link): “The decision to include Chris Hadnagy in the 2022 BSidesCleveland event was my decision. Furthermore, the decision to keep the opening speaker slot as Special Guest instead of naming Chris specifically was also my decision.

“I am apologizing to everyone that my decisions harmed, whether strangers, family, sponsors, or friends, and I am deeply sorry for that. I understand that my decisions may have destroyed the trust that I have built over my years in the BSides community, and I accept accountability for my actions.

“Effective immediately I resign from BSidesCLE leadership.”

New direction

The founders of Security BSides, which does not organize local chapter events such as BSides Cleveland, have since issued a call for volunteers to step forward as new organizers.

It read: “Is it possible to host controversial speakers at a BSides conference? Absolutely, but there’s a right way to go about it.

“Organizers should discuss among themselves. They should seek input from their community. The details of the controversy should be considered, including both the benefits and drawbacks of allowing a controversial figure to speak.

“All volunteers, sponsors, and attendees should be notified and given ample time to decide whether to participate.”

Statement

Chris Hadnagy told The Daily Swig in response: “I do want to apologize to anyone who was confused or upset by the lack of advance notice about my appearance. This was simply an oversight and not done deliberately.

“The organizers of BSides Cleveland do not deserve the level of criticism they have received, a lot of which appears to be from people who weren’t even at the conference. I hope people will understand that the BSides organizers are good, hardworking people who volunteered their time to put on a great conference that tried to cover many important issues in our field. They had no ill-intent. Neither did I.

“I really do hope that we can reach a point in our industry – and society at large – where we can have open and honest conversations again, and a willingness to hear from both sides of an issue, before immediately deciding the worst about someone and reverting to online attacks and shaming.

“I have faced criticism for the last few months over a murky decision made by DEF CON that has never been properly explained by them. This has caused me, my family, my colleagues, and my friends a great deal of harm.

“I am not guilty of any crimes, but I am being treated like a criminal by some in the infosec community. I am very sorry for any trouble that my appearance this weekend caused to BSides, the other speakers, the attendees, and the sponsors.”


YOU MAY ALSO LIKE Security researcher receives legal threat over patched Powertek data center vulnerabilities