Since my last story, I find myself puzzled by the lack of inaction by an industry who characterizes trust, ethics, and morals as the foundation to which its entire profession touts, stands, and is built upon. Bold statements such as “Integrity is a fundamental standard in ethical cyber security”, “Cyber ethics encapsulates common courtesy, trust, and legal considerations”, “Cybersecurity is guided by ethical principles and values, such as confidentiality, integrity, availability, non-maleficence, beneficence, justice, and respect for autonomy. These principles and values help define what is right and wrong in cybersecurity, and what are the duties and obligations of cybersecurity professionals.” and “Act honorably, honestly, justly, responsibly, and legally” are found across a multitude of blogs and websites.
There is more than sufficient evidence out there provided there is a proper venue for victims to share in a manner that would protect the multitude of victims, including those who have attempted to come forward in good faith. These individuals, while not perfect by any means, have shared concerns privately to protect the reputation of an industry and to solve a common problem.
A reader recently forwarded vBTruth a letter sent by the ISSA-LA President Richard Greenberg to the reader asking for a character reference sent January 2024. We were able to authenticate the email as a legitimate email.
I am being targeted by a misinformation campaign by a few unethical people. I would be most appreciative if you could write a character reference for me, mentioning the work that I have done for ISSA-LA and your speaking engagements with us. I have been building the programs, including personally inviting speakers, for the annual ISSA-LA Security Summits, Women in Security Forums, and CISO Forums. I created and chaired the CISO Forums and Women in Security Forums.
Please feel free to reach out if you need more information or have any questions.
This email sent by the ISSA-LA President raises several questions including:
- How many individuals has the ISSA-LA President sent this email to?
- How many victims has the ISSA-LA President mischaracterized and flat out lied as “unethical” as part of this email campaign?
- How many victims has had their reputations tarnished and possibly destroyed when individuals reached out to the ISSA-LA President for “more information” or “have questions”?
- How many individuals have written character references and possibly have inadvertently tarnished their reputations personally and professionally?
Since vBTruth first published our original piece, we have been working tirelessly behind the scenes on fact checking, finding credible sources of information. Under California’s Public Record Act, we requested the City of Santa Monica produce documents. The City of Santa Monica oversees the Annenberg Beach House and its associated operations.
Over the last several months, we have been slowly combing through the 2000+ pages produced by the City of Santa Monica. We still expect additional documents to come in the weeks ahead. Among the documents produced were several invoices and permits.
On several occasions, we observed ISSA-LA’s name co-existing with Layer 8 Masters and/or Planet Cyber across multiple documents. We also observed Layer 8 using ISSA-LA’s resources such as the Post Office Box across multiple documents.
Our public records request review has raised numerous questions, including:
- Is there confusion between ISSA-LA and these for-profit conference events?
- How severe is brand confusion between ISSA-LA and the private for-profit conference company?
- Did the ISSA-LA President and Vice-President receive non-profit discounts for their for-profit conference, potentially defrauding taxpayers?
- Are potential attendees being diverted to a private, for-profit conference?
- Are potential revenue sources from attendees, and from sponsors being redirected away from ISSA-LA members and into the pockets of the ISSA-LA President and Vice-President?
- In the process of searching for sponsors, is the ISSA-LA President and Vice-President having first pick at sponsors for their conference and leaving scraps for ISSA-LA?
- What ISSA-LA resources are the ISSA-LA President and ISSA-LA Vice-President using beyond the Post Office Box? Did the ISSA-LA board know and/or approve the usage of the ISSA-LA Post Office Box?
- Are the ISSA-LA President and Vice-President using ISSA-LA members’ money to fund and pay for their personal, private, for-profit conference? Are they treating ISSA-LA’s like their own private bank?
vBTruth spoke to one nonprofit attorney about accessing financial records and minutes. Members of a non-profit association have rights to inspect financial records and minutes. Under California Law, a member can inspect:
- Articles, bylaws, and all amendments to articles and bylaws (5160, 7160)
- Adequate and correct books and records of account (6320(a)(1), 8320(a)(1))
- Minutes of all board, committee and member meetings (6320(a)(2), 8320(a)(2))
- Member lists (6320(a)(3), 8320(a)(3))
At least one individual, who we understand is still an ISSA-LA member, has publicly stated they demanded to inspect financial records and minutes on November 19, 2023. On December 5, 2023, they have not received access to any financial records and minutes.
Ten business days passed as stated by this individual, and no financial records or minutes were provided by ISSA-LA. Why would ISSA-LA not simply open the financial books and minutes? Do they have something to hide? All of these questions are significant, especially if the ISSA-LA President and Vice-President are using ISSA-LA as their own private bank.
All of these questions are sufficient to wonder whether any character references written on behalf of the ISSA-LA President is worth the paper it is printed on.
Since no financial records were permitted to be inspected, it raises question such as “Are there financial irregularities?” The lack of transparency creates the perception that the ‘books were cooked’ because the default position was to hide. Invoices and permits produced by the City of Santa Monica suggest this could be happening given the co-mingling of the brands. Plus, these invoices are no small dollar amounts. We are talking about potentially tens of thousands of dollars per event.
The fact is there is no misinformation campaign. Just individuals trying to raise concerns. In this case, something is clearly rotten because official government records show several significant irregularities that should concern members, leaders, and anyone who is part of this profession. These official government records show that resources of ISSA-LA are being used. These official government records show that there is clear brand confusion that makes it challenging for some individuals, companies, organizations, and sponsors to differentiate whether an event is ISSA-LA organized or is a personal, private, for-profit event.
Psychologist, educator, management consultant and author Saul Gellerman proposed four commonly held rationalizations for unethical behavior:
- People tell themselves that their behavior is not unethical.
- People think that their behavior is acceptable because it is in the favor of the business.
- People think that no one will come to know about their unethical behavior.
- People think that they will be protected even after doing something unethical.
In this specific instance, the ends do not justify the means. These men are not Robin Hood and his band of merry men.
What troubles this reporter is the lack of response, the lack of any action for over a year, and the rationalization of such behavior.
The essence of ethical integrity lies in consistency across all areas of behavior. Commendable contributions should not serve as a shield for unethical practices nor be viewed to offset misconduct. The true measure of an individual’s ethical stance is reflected not only in their capacity to contribute positively to society but in their adherence to ethical principles in professional and personal dealings.
People rationalizing their participation, attendance, and engagement in any event organized by the ISSA-LA President and ISSA-LA Vice President and has conscious knowledge of what is happening is endorsing, encouraging, and excusing this despicable, unethical, immoral, and possibly illegal behavior.
It makes you wonder if the values of trust, ethics, and morals are only upheld by individuals when it is convenient. It speaks volumes about an individual’s character when considering classic sayings such as “Guilt by association” and “Birds of a feather”.
This entire incident has many similarities and hallmarks to a similar case involving former Adelphia CEO John Rigas. It does not matter what an individual has done in the past or what they can do for you. It matters whether they see the error of their ways, and are willing to ask for forgiveness, rectify, and show remorse. I will never advocate for a cancellation; I will advocate for a resolution that hopefully all stakeholders will find acceptable.
In the words of Russian anti-corruption campaigner, Alex Nalvany, who reportedly died in a Russian prison yesterday:
“All that is needed for the triumph of evil is for good people to do nothing.”Alex Nalvany