Criticism of whether former fraudster Frank Abagnale, now long time fraud prevention expert, is an appropriate speaker for security events took center stage last month when scheduled speaker Howard Schmidt, among others, announced they would not support or participate in a conference that features a convicted felon, and pulled out of the CSI Conference.
Schmidt's personal opinion, and not those of any organization he is affiliated with, is that there are plenty of other experts without a criminal background who can present the same information. After all, these conferences as supposed to be for security professionals to learn from other security professionals. Also as Howard points out, the fact that he is famous for his criminal acts supports the "crime does pay" perception.
At some level I can agree, but I also have to look at things as a whole. So I decided to talk to a variety of people involved in this issue, including Sandra LaPedis who runs the RSA Conference, Schmidt and Abagnale himself.
Frank Abagnale: Catch him if you can
The former ID thief made famous in a Leonardo DiCaprio movie wants to withdraw from the information security talk circuit after industry leaders challenge his credentials.
Frank Abagnale has been on the right side of the law for more than 30 years. His crimes were serious, but he did stop them after his first release from prison in the United States. Despite being in desperate financial circumstances, he did not go back to his old ways after his release.
Also then, Abagnale has reformed and has brought a unique skill into the check fraud arena to help law enforcement for more than 30 years. In my opinion, blackballing him from a security conference is kind of ridiculous. According to LaPedis, he is an entertaining speaker and security professionals are interested in hearing him speak. He also received great feedback for his talk at the CSI Conference.
To Abagnale's great credit, though, when he heard about the controversy, he did offer to cancel the CSI speaking engagement and pay, out of his own pocket, any expenses associated with the cancellation.
One thing that is troubling to me, though, is the portrayal of Abagnale in the movie "Catch Me If You Can," which portrayed him being released by the FBI so he could help them. However, according to Abagnale's own book, he was released nearly broke and then thought of approaching banks and other places to ask if he could lecture their people about check fraud. Apparnetly, this wasn't a good movie ending.
However, this brings up a more troubling issue -- the National Cyber Security Alliance (NCSA) naming Abagnale as their spokesperson. The group claims that it wanted a notable person for its awareness campaign. Frankly, I didn't know Abagnale by name. When I first heard about the controversy, I asked, "Who?" The reply was "the 'Catch Me If You Can' guy." This is how the public knows him.
I asked Abagnale and his people why he would be a "cybersecurity" spokesman -- which is clearly not his area of expertise -- and they told me that he's an expert on identity theft. But the general public doesn't know him for his expertise on preventing identity theft, but for committing it. Frankly, he is the poster child for identity theft, not the spokesman.
The NCSA using Abagnale as a spokesperson sends the message that if you commit a crime really well, you will be recognized and rewarded for it. If Abagnale was universally recognized for his skills as a security professional, or as a person who suffered greatly for his crimes and was ostracized from the world, it would be another story. Sadly, and again, he is believed to be let out of jail early, with a job at the FBI no less, because of his crimes.
I would, however, highlight a great irony of this sequence of events. Howard Schmidt is an employee of one of the NCSA's founding sponsors. I would recommend to Schmidt that if he is really feels this strongly, he should use his clout to influence the NCSA to do the right thing and drop Abagnale as a spokesman.
For that matter, if you want me to recommend a more appropriate spokesperson, how about one of the CEOs from NCSA's corporate sponsors, or the director of the FBI, given Infraguard is also a sponsor. After all, their organizations deal with more identity theft and computer crime than just about any other does. These CEOs are more well known than Abagnale.
I don't want anyone to get the wrong impression though. In my opinion, Frank Abagnale has been a huge benefit to the security community for the last few decades. Unfortunately, he is not famous for that, nor is he really a household name. He is only known for his felonies and the Hollywood movie ending. This regrettably excludes an otherwise honorable person from being an appropriate spokesperson in this case.
About the author
Ira Winkler, CISSP, CISM, has almost 20 years of experience in the intelligence and security fields and has consulted to many of the largest corporations in the world. He is also author of the forthcoming book, Spies Among Us.