Though he's giving up security speaking engagements following criticism that his image taints the security industry, former conman Frank Abagnale will still give a keynote presentation at February's RSA Conference.
"In 2005, I intend to separate myself from your industry. I will no longer accept any engagements from computer security firms, associations or organizations," Abagnale, now a Washington, D.C., secure document consultant, said in an e-mail exchange. "RSA would not relieve me of my obligation, so contractually I will speak at their conference." His executive assistant clarified that Abagnale is not leaving the document security arena, which he has been involved in for 30 years.
"I will end my relationship with Novell and Computer Associates that I have had for a number of years," he added. "I have done all I can on my part to remedy your dissatisfaction. I just hope everyone is satisfied."
"Everyone" includes some notable security experts upset with his inclusion in the recent CSI conference lineup and upcoming RSA keynote series. Two speakers, executive consultant Bill Murray and former U.S. cybersecurity czar Howard Schmidt, withdrew from speaking at CSI because of Abagnale. Both also are board members of the International Information Systems Security Certification Consortium Inc., which is best known for its CISSP credential program sought by many security practitioners.
"We are an emerging profession, trying to deserve the trust of our employers
Chris Keating, director of the Computer Security Institute, said those concerned "are right to worry about sending the wrong signals when it comes to ethics and information security. But a speaking slot at a conference like CSI does not mean the industry is holding them up as an example. Rather, it's an opportunity to contribute to the discussions of the security industry, where not everyone is in agreement on all issues."
This isn't the first time members of the industry has expressed such concern.
"We had a similar series of events," said Linda Burton, CEO of MIS Training Institute, which manages MISTI conferences, including InfoSec World in Orlando, Fla. Last year, that flagship conference featured a keynote by convicted felon Kevin Mitnick, who is now a security consultant. "It wasn't a big outcry, just a few people from the industry." She added: "We need to let our intelligent audience decide whether what they're hearing is useful."
The controversy began when Ira Winkler wrote in an upcoming Security Wire Perspectives column that he supports Abagnale as a speaker, but not as the National Cybersecurity Association spokesperson. "In my opinion, Frank Abagnale has been a huge benefit to the security community for the last few decades," Winkler wrote. "Unfortunately, he is not famous for that, nor is he really a household name. He is only known for his felonies and the Hollywood movie ending. This regrettably excludes an otherwise honorable person from being an appropriate spokesperson in this case."
Best known for his teenaged fraud spree nearly 40 years ago in the movie "Catch Me If You Can," Abagnale's scheduled RSA presentation is billed as a talk about his redemption after forging $2.5 million in checks by impersonating an airline pilot, physician, professor and even a U.S. attorney.
He tried to cancel his agreement with RSA earlier this week, but was not successful.
"We still want him to present," said Sandra Toms LaPedis, general manager of the RSA Conference, said earlier this week. "It is within this spirit of the security community that we provide different experiences and histories through our program of keynote speakers, and we continue to be excited about the scheduled appearance of Frank Abagnale -- a fascinating lecturer and well-known expert on identity theft."
Ray Komar, vice president of business development at Carlsbad, Calif.-based Preventsys Inc., is among those that believe Abagnale's presentations teach valuable lessons for security practitioners.
"I heard you speak at the Gartner conference this year, and found it to be one of the best presentations that I had ever heard at a conference," Komar wrote in a letter to Abagnale that he allowed to be published here. "In my humble opinion, your presentation was completely relevant as it demonstrated what a talented, creative person can do to manipulate the system. What part of that story/example does not apply to infosec?"
Mitnick, another lightning rod for controversy, says excluding those with intimate knowledge of the criminal element, such as reformed hackers and ID thieves, may hurt the industry in the end.
Security practitioners "are just shooting themselves and their colleagues in the foot," he said. "Hackers get intel from any reliable and accurate source; security professionals should do the same if they want to stay ahead with current developments."