Charlatans do not appear overnight. While they may be unheard of one day, and a supposed expert the next, they typically took some amount of time convincing a small group of people of their history or expertise. In some cases, the person may not even realize they are on the road to becoming a full-blown charlatan, thinking that "white lies" and half-truths are no big deal. Some glorify pedestrian accomplishments, give 'expert' sound-bytes that impart less knowledge than a fortune cookie and offer nothing new to the security community.
A note on 'establishing a charlatan': the term charlatan is a bit subjective. There is no defined standard for using the word. To attrition.org, one of the key elements is intentionally misleading or deceiving people to promote oneself. This may manifest by omission of facts, allowing third-party assumptions to give image of legitimacy or seeking levels of publicity that are not appropriate for their history or experience. Such activity is subjective; while they may think they are experts and have good intentions, others may see that activity in a different light. More importantly, this page isn't just about a security professional "being wrong", everyone is at some point(s) in their life. It is more about how the person responded; did they correct themselves? Ignore it and move on? Irrationally defend an untenable argument? Learn from their mistakes?
Unlike the main Charlatan page, this is our 'watch list'. People in the security industry that do not have a history sufficient to warrant inclusion on the main page. However, they have demonstrated some action that is unethical, suspicious, shady or triggers our bullshit detector. This page also serves to educate our industry and those we serve by helping to ensure incidents are not quietly burried and that a more complete and accurate history of a person's activity is available.
The material on this page is not complete and is not intended to prematurely label anyone a charlatan. It only serves as a place to compile information on information security practicioners that you should be aware of. The articles here represent bricks in an incomplete wall... one that may be built quickly, or never be completed at all. The line between "annoying thorn in industry's side" and full-on "charlatan" is blurry and relative at best. Regardless of the content of these pages and how definitive they may seem, the perception of "charlatan" is ours. In many cases, we were mailed with information or nomination for inclusion.
As with all things, personal bias is a fact of life. Attrition.org staff may not agree with, or like, some of the individuals that appear here. We will do everything possible to keep personal bias out of this and keep articles rooted in fact. However, some level of bias or personal opinion will undoubtedly creep in and be included as opinions and observations.
Read the material with a grain of salt; don't implicitly trust us. Make your own decisions based on all the facts you can find, not just what you read here or what you hear from the suspect directly.
|Ben Bergersen||A CISSP demonstrates he has no knowledge or expertise on 'Cyber Gangs', and no desire to correct mistakes.|
|Dustin L. Fritz||A "technical editor" that plagiarized heavily, rather than ensuring work was properly cited.|
|Shon Harris||A CISSP profits on the exam process, while casually ignoring the code of ethics.|
|Arthur 'Wesley' Kenzie
|Kenzie attempts to profit heavily off 10+ year old SMTP basics he re-branded as a "vulnerability".|
|Sahil Khan||Another "genius whiz kid" from India, Sahil Khan takes cut/paste book writing to a new level.|
|Vivek Kundra||The US Chief Information Officer does not appear to be qualified for his position in any way.|
|Zaki Qureshey / E2-Labs||Zaki Qureshey of E2-Labs does not honor partnership agreements, and then continues to use material long afterwards. In addition, E2-Labs plagiarizes content for their web site.|
|A lawyer turned journalist turned hacker that does not understand plagiarism and copyright violation.|
(aka Lou Cipher)
|A supposed "corporate vigilante", his wild and diverse claims are all unverified and hard to believe.|
|Sunny Vaghela||Yet another Indian "whiz kid", Sunny Vaghela's main road to fame was through plagiarizing security research.|
|Yousif Yalda||Surfing the wave of employment with Kaspersky, Yalda has not dropped what appears to be criminal activity during his transition into the computer security industry.|
|Manu Zacharia||MVP (Enterprise Security), C|EH, C|HFI, CCNA, MCP, AFCEH, Certified ISO 27001:2005 Lead Auditor and plagiarizer.|
Within months of each other, two people came forward with claims that they had essentially invented or been the impetus behind technology we take for granted. Unfortunately, the media took them at face value and did no research.
|Martin Leufray||Supposedly responsible for "commercialization of TCP/IP and the technical infrastructure of the commercial Internet".|
|V. A. Shiva Ayyadurai||The man who supposedly "invented email".|
There are some individuals who operate within industries that have strong ties to Information Security. The following individuals may not be InfoSec professionals, but are included here for reference and cross-industry interest.
|Dennis Montgomery||CEO of eTreppid Technologies, he sold software to the US Government after false claims of its ability to detect terrorism related messages.|
|Mark L. Rizzo||A Baptist prison minister turned gang expert, Rizzo claimed to work for the FBI and was arrested for impersonating an agent.|