Public speaker whose work was allegedly stolen says the company has ‘no respect’ for the infosec community

EC-Council pulls blog over copyright violations, promises editorial improvements

The EC-Council has pulled its entire blog due to apparent copyright violations conducted by its marketing team.

On June 20, business information security officer, hacker, and public speaker Alyssa Miller sent out a tweet saying that an EC-Council member had reworded, then republished, a feature Miller had written – titled, ‘What is a Business Information Security Officer (BISO)?’ – on the organization’s blog.

While the article has since been pulled, as noted by Attrition, an archived version of the page is still available, appearing to show heavy revisions and changes including the removal of gender-neutral language.

“Other than the marketing fluff they added, this is nothing more than a revision of my original work,” Miller said.

No citation

Miller was not credited or cited. Previous, unconfirmed claims of copyright violations impacting other authors are alleged to date back as far as 2011.

In a statement dated June 23, the EC-Council said “there is no place for plagiarism in our society”, adding that contributions to the blog are first analyzed by “industry accepted, anti-plagiarism tools”.

Read more of the latest cybersecurity industry news

The organization did add, however, that the blog post in question “lacked the proper source citation and references by the author”, leading to its permanent removal.

“EC-Council strongly respects the intellectual property rights of authors, SMEs, and thought leaders, and we pledge that any contributors to the EC-Council blog will be required to follow stricter protocols in order to be considered for publication,” the company commented.

“We apologize for any content that was published on the EC-Council blog that was too closely aligned with any previously published articles.”

‘Major overhaul’ needed

This is not the first time that Miller has held the EC-Council to account. In April, the cybersecurity expert called the organization out for the wording on a LinkedIn survey relating to women in cybersecurity that contained discriminatory and misogynistic wording.

Speaking to The Daily Swig, Miller said that she will “likely not” pursue legal action as the article has been pulled but criticized the organization’s response as “unsurprisingly poor” by issuing a statement that “refuses to acknowledge the reality of what they did [and] makes every effort to deflect blame away from them”.

RECOMMENDED New GitHub repo details legal threats and risks faced by ethical hackers

“EC-Council needs a major overhaul to their culture which means it needs to start at the top,” Miller told us.

“That executive team needs to change. They need leadership that is committed to serving the security community, not just squeezing every bit of cash they can from it.

“Their actions, the plagiarism, the sexism, all show the organization has no respect for our cybersecurity community, and that has to change. Simply addressing this issue individually is not enough.”

Lessons learned

In an update on June 27, EC-Council CEO Jay Bavisi said that an investigation “confirmed a lapse in our copy production SOP [standard operating procedure]”, as well as a “series of missteps and mistakes”.

Despite previously blaming plagiarism software, Bavisi claims that the “anti-plagiarism tools and processes that we use for our training products were not employed by our marketing department which produced the blog”, withtext the executive claiming full responsibility for the incident.

The EC-Council now intends to hire editorial experts and will establish an advisory board. The blog will stay offline until a new team is in place to handle its management.

“I sincerely apologize to all affected by this,” Bavisi says. “I take full responsibility for this and I am taking steps to make sure this never happens again.”

The Daily Swig has reached out to the EC-Council and we will update when we hear back.

DON’T FORGET TO READ Hacker community jumps on hilarious meme mocking bad infosec advice from CISOs