This story is part two into a several months-long investigation conducted by vBTruth. During the investigation on the accusations of fraud, malfeasance, conflicts of interest, and breach of fiduciary responsibility, we at vBTruth ultimately felt this story warranted coming out of retirement and sharing these individuals’ combined stories. vBTruth is continuing its investigation and will report subsequent updates as new evidence is uncovered.
…We have not given approval to include our name in the Eventbrite invitation and I was surprised to see it in the (Eventbrite)… I wasn’t even aware tickets were already on sale for it.
― Shannon Brewster, ISC2 LA President
As part of our ongoing, months long investigation into accusations of fraud, malfeasance, conflicts of interest, and breach of fiduciary responsibility at ISSA-LA. vBTruth recently observed an upcoming joint holiday party on Eventbrite, allegedly hosted by ISSA-LA, Women’s Society of Cyberjutsu, Open Worldwide Application Security Project (OWASP), Association of Information Technology Professionals – Los Angeles (AITP-LA), the Southern California (SoCal) Chapter of the Cloud Security Alliance and ISC2 Los Angeles.
vBTruth reached out a few of these organizations to confirm their participation and attempted to obtain copies of any agreements.
More than one organization was surprised that they were included in the holiday party because they did not give consent. Even more surprised was the fact that their respective organizations were featured as one of “six” non-profits hosting the holiday party – on both the ticket sales page and separate, sponsorship sales pages. Both ISC2 LA and Cloud Security Alliance stated that the use of their names on were unauthorized.
“ISC2 LA leadership had some informal discussions over email with ISSA-LA’s board regarding a joint holiday party. They reached out a few weeks ago and invited us to participate but we had not made a final decision. We were waiting on a written proposal and an agreement that disclosed the expected costs and responsibilities.
“Given that nothing has been finalized, we have not given approval to include our name in the Eventbrite invitation and I was surprised to see it in the (Eventbrite)… I wasn’t even aware tickets were already on sale for it.” Shannon Brewster, ISC2 LA President wrote to vBTruth.
An anonymous source familiar with the matter at Cloud Security Alliance told vBTruth that “they never agreed to participate at the holiday party and were extremely disappointed in the attempt to obligate the SoCal chapter in(to) participating and the unnecessary deception to the (security) community at large.”
Both Cloud Security Alliance and ISC2 LA have issued demands to have their names removed from any promotional material or website stating their participation in the holiday party. Both have stated they will not be participating in this year’s holiday party. At one point, the sponsorship Eventbrite page stated five non-profit organizations. It was further updated to remove ISC2 LA.
Both Eventbrite pages have been updated since the demands were made by Cloud Security Alliance and ISC2 LA.
Another recent significant update was the keynote speaker at the holiday party. On November 2, 2023, the website featured Bryan Hurd, Chief of Office, Aon Cyber Solutions (Stroz Friedberg). Fast forward to November 10, Bryan Hurd has been removed from the website and replaced with Demetrios Lazarikos (Laz).
The question we have not been able to answer is: “Why was Bryan Hurd replaced one month before the holiday party?” The only two logical conclusions were:
- Schedule Conflicts
- Unauthorized Use of Name/Attempt to Obligate
An analysis of both claims would lead us to believe at vBTruth that it was an attempt to obligate Mr. Hurd as the keynote speaker of the holiday party without his consent.
First, we have not one, but two attempts in a single event to obligate, maybe force, two independent organizations to participate in the ISSA-LA holiday party. Both organizations have issued statements to vBTruth, stating they never agreed to participate.
Next, we can assume it was not a ‘mistake’ per se, but intentional. Two Eventbrite webpages listed all organizations allegedly hosting the holiday party. It also listed the actual names and the actual number count of organizations participating. To list and name a number organizations, including two organizations who did not agree to participate, on two different Eventbrite webpages and with both having a precise count of non-profit organizations participating on both Eventbrite webpages, one must conclude that this was intentional.
Lastly, keynote speakers are typically booked months in advance. To cancel at the last minute usually means a change of schedule, or something personal is occurring. It is highly unlikely a schedule conflict occurred to force Mr. Hurd to withdraw because it is a holiday party and holiday party usually have large turnouts and a keynote speaker would set the necessary time aside and block calendars.
That leaves the last option: Unauthorized use of name and attempt to obligate. There are already two documented instances in this one event to obligate two other organizations. It is certainly not unreasonable to assume that more attempts occurred without the general public’s knowledge.
“There’s an old saying in Tennessee — I know it’s in Texas, probably in Tennessee — that says, fool me once, shame on — shame on you. Fool me — you can’t get fooled again.”
― President George W. Bush, 43rd President of the United States of America
Regardless of what happened with Mr. Hurd, it does not change the fact that ISSA-LA falsely published two organization’s participation and tried to potentially strongarm and obligate their entire organization and their respective leaders. Marketing this event to both potential attendees and sponsors of participation by organizations who did not agree to participate is duplicitous, dishonest and fraudulent behavior.
Those reasons alone puts ISSA-LA and its leaders on the naughty list and rightfully earning all of them lumps of coal this holiday season.