Hey ISC2 - Where is the Opt Out Button?

Friday, July 15, 2011

Boris Sverdlik


If you have been keeping up with my Anti-ISC2 rants lately, then you are familiar with the lame attempts that they have made in attempting to get me to remove some content that holds ISC2 in a negative light.

I guess I finally pushed them over the edge with the T-Shirt campaign that by the way is still available.

Today, I received a very interesting letter, that had essentially notified me that I am being brought up on an ethics violation because my “hack the interview” presentation that I had given at BsidesCT late last month.

The claim being made states that “This writing invites professionals to engage in fraud and deceit when dealing with prospective employers or clients and gives instructions on how to do so successfully. image  

I seem to recall a certain slide within the deck that specifically notes a disclaimer:


Hmmm. Did you miss that William Hugh Murray, CISSP? I get it, with 60+ years experience at this point the eyes must be going, or maybe it had something to do with the recent negative publicity I have been directing towards ISC2?

The one thing I found awfully humorous and libelous is the statement you made that I write under a pseudonym of “Abhaxas”, really? Where did you get your source on this?  Abhaxas is the PBS Hacker...

Are you insinuating that I am the PBS Hacker? Those are some huge unsupported allegations.  I’m assuming you just wanted kudo points for the lame attempt at reading my site.

It’s ok, I had to pump 3 quad espressos to get through the piece you call a blog. I have a question for you, how does 25 years as an MVS Administrator make you a security expert? You seem to pretty far behind the times according to your little video clip. William, unlike you I have done some research before putting together this rebuttal.  

Which by the way will be included in the letter of intent in the civil matter. I’m getting off topic; let us move on shall we? One last thing.. Why on earth would you be on cypherspace?

You state in your complaint that I had violated Canon II of the code of professional ethics: “Act honorably, honestly, justly, responsibly, and legally”.  I am a security researcher, and the deck was written to address the inherent danger of the human element, that your little certification fails to address.

My piece was written in the same form that most “pen testing” classes are. If you are naïve enough to believe that criminals don’t use security tools in their efforts, then my friend it is finally time to hang up that hat. 

Also, I’d like to touch on another point. If ISC2 doesn’t condone Blackhat, Defcon and other such security conferences than why do you reward CPEs for them? Please do not claim that you don’t, you can go ahead and look at my previous “Approved” CPEs I would hope you are wondering why I am referring to you and ISC2 as one and the same? You aren’t are you? Aren’t you on the board as well as the committee that reviews ethics complaints? Does that not violate Canon II as well?

I’m no lawyer, but that does sound like a conflict of interest to me. I know, ISC2 has a strict do as we say, not as we do mentality. With that said, I’d like to take a look at the code of ethics that I’m sure you had a hand in writing, especially after reading your extremely boring “cheating in computer science article” Provide diligent and competent service to principals.

Shouldn’t you be filing formal complaints against the 500+ CISSP holders at Booze Allen for violating the above? ISC2 does guarantee absolute competence, but the only thing you deliver on is an annual maintenance fee. Oh and by the way Dorsey, can I send you a shirt?  

I know that is what finally put you over the edge. I’m sure you had exhausted every possible avenue you could think off to limit the negative press. Did you think for a second, that this might backfire?  Treat all members fairly, seems to be one of the guidelines you had overlooked. This whole selective enforcement thing you got going is great. What is the proper route to return the CISSP to sender?

Is there an opt-out button? Apparently cigarettes aren’t as bad as some might say…


The stovetop did seem to work much better.  


I will be continuing to rant about the quality of candidates you keep polluting the industry with, and the lack of relevance your certification holds. Please, by all means take a look at the many ways you and your friend William Hugh Murray had violated the code of the ethics, you both spent time writing.

On a final note, I’d like to inform you that I have started reaching out to like-minded individuals to establish a credible open source certification.

Cross-posted from Jaded Security

Possibly Related Articles:
Security Training
Information Security
Certification CISSP Information Security Professional Security BSides Ethical Hacking ISC2
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.