Security BSides commits to greater conference diversity after speaker backlash

A close up of a man stood at lectern speaking at business conference
(Image credit: Getty Images)

Security BSides has promised to bring greater diversity to the organisation of future conferences after the secret booking of a banned conference speaker prompted anger among the security community.

The two-day US-based BSides Cleveland cyber security event hosted Chris Hadnagy, a social engineer previously banned by DEF CON for undisclosed misconduct claims, as a mystery guest speaker on its second day.

Hadngay gave his talk at 9am, with the event’s digital schedule only revealing his name after his talk had ended. This prompted a number of prominent cyber security experts to pull out of the remainder of the event, with many claiming the event had manipulated attendees.

Hadnagy was originally billed to speak at BSides Cleveland as far back as autumn 2021, but pulled out following the DEF CON controversy.

See more

BSides has now promised that a team of four organisers will run each Cleveland event, with the team made up of diverse backgrounds, rather than just the one organiser. Security BSides will also step in to assist the organisers with logistics and advice on how to book guests.

The lone organiser tasked with running the most recent BSides Cleveland later apologised for the booking and has now stepped down, the organisation said.

“The decision to include Chris Hadnagy in the 2022 BSides Cleveland event was my decision,” said event organiser Rockie Brockway. “Furthermore, the decision to keep the opening speaker slot as special guest instead of naming Chris specifically was also my decision. I am apologising to everyone that my decisions harmed, whether strangers, family, sponsors, or friends, and I am deeply sorry for that.

“I understand that my decisions may have destroyed the trust that I have built over my years in the BSides community, and I accept accountability for my actions. Effective immediately I resign from BSidesCLE leadership.”

Following up on Twitter, Security BSides did not confirm if Hadnagy or similarly divisive speakers would be banned from other BSides regional events.

The organisations said it was a decentralised movement and that there is no central governing body that can prohibit future event organisers from selecting individual speakers. It conceded that the BSides Cleveland event “will likely inform others’ decisions”.

“2022 was the first year BSidesCLE had a two-day event,” said Security BSides in a statement. “It was well attended and successful by any metric, up until the morning of day two, when Hadnagy was revealed as the morning’s surprise guest. Cleveland has a sizeable security community that can continue to benefit from a healthy BSides.

“Conversations and debates will continue and wounds will take time to heal. This is only the first step in moving BSidesCLE into its next chapter.”

Who is Chris Hadnagy?

Hadnagy is a widely referenced expert on social engineering and author of a book on human hacking. Most recently in February 2022, he was banned from the prominent cyber security conference DEF CON for violations of its code of conduct, the nature of which have never been made public.

It is a rare occurrence that a cyber security conference bans individuals from speaking at events. Although the nature of the accusations against Hadnagy are not public knowledge, those with inside information believe the ban was justified.

See more
See more

In a follow-up statement regarding his banning, Hadnagy dismissed the allegations of misconduct as sexual in nature, having been told by organisers this was not the case, though he also said “I still don’t know what the accusations are”.

Hadnagy had previously been criticised for insulting a non-binary individual online, and used a previous BSides appearance to apologise for it.

He also said he has drawn criticism from his training courses between 2015 and 2017. Without drawing examples himself, notorious reviews included one from a blind person seeking advice to access one of Hadnagy’s courses but received unsympathetic responses from the social engineer.

Hadnagy said in his post-DEF CON statement that he was sorry for any offence caused and that he does not discriminate against anyone on any characteristic or trait.

At the most recent BSides Cleveland event, he delivered the same talk as the one he gave at the BSides Idaho Falls event last year. The talk’s topic was on cancel culture. The title of the talk at both events was also exactly the same: ‘Who needs a court of law? I have social media”.

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.