This story deals with lying, theft, social networking, law, mystery, and an uncertain outcome. My longtime friend and colleague, the distinguished security-awareness expert K Rudolph of Native Intelligence tells a tale of horror and mayhem suitable for Hallowe'en reading.

* * *

It was a dark and stormy night, or it should have been. Tuesday night, Sept. 23, 2008, around 7 p.m., I visited the (ISC)2 Cyber Exchange Web site established to celebrate the upcoming National Cyber Security Awareness Month. I wanted to help make the world cyber safer by entering awareness materials in the (ISC)2 annual contest. In addition to use in the contest, (ISC)2 makes the submitted materials available for download as useful awareness tools and as the contest voting mechanism. The contest submission downloaded the most for each category (posters, brochures, presentations, and videos) wins the submitter fame and fortune - well, $1,000, anyway.

I chose a poster to enter and wanted to see how it compared with what had already been entered.

The loud “ka-clunk” that you might have heard about 7:15 that Tuesday was my jaw hitting the floor when I discovered that someone had already entered the poster that I was planning to enter - a poster I developed and for which I hold the copyright. He entered it with my copyright notice removed and he claimed ownership of the work. He entered it under his own name, which I will refer to as “Mud.”

Mud had chosen well, but not wisely. He entered the Dumpster Diver poster. Created in 2001, the Dumpster Diver was one of the first posters my company developed. This poster didn’t originate in a computer; it was drawn by hand, inked, scanned into electronic versions, colored, and finalized. Our professional cartoonist, Charles Filius, created that poster. I have copies of the original pencil sketches and ink drawings. Charles has the originals.

I googled for Mud and found that he had studied law for several years. Mud had worked for a famous high technology firm for nearly a decade as an information security manager. Mud listed ethical hacking as one of his skills. His profile showed that he claims three certifications: CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), and surprisingly, the CISSP (Certified Information System Security Professional). [I have deliberately obscured the details to prevent anyone from homing in on Mud’s real name through data aggregation.]

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.