The global Security BSides team is working to rebuild trust in BSides Cleveland. BSidesCLE’s organizer was very forthcoming, detailed how the incident occurred, and volunteered to step down. If new organizers come forward and volunteer to take over the conference, we will help facilitate a smooth transition.

Understanding the global Security BSides mission and goals

Security BSides exists to support the BSides community, provide assistance to organizers, and in situations like this one, investigate and resolve incidents involving events bearing the BSides brand (like this one).

The BSides Cleveland Incident

• Chris Hadnagy was originally on the BSidesCLE agenda as far back as the fall of 2021.
• After DEF CON’s announcement that they were implementing a lifetime ban for Hadnagy due to code of conduct violations, Hadnagy communicated to BSidesCLE that he would not be speaking.
• A few months later, after Hadnagy showed interest in trying speaking again, the BSides Cleveland organizer invited him to speak at BSidesCLE.
• The organizer made the decision to make Hadnagy’s appearance a surprise.
• This did not go over well with the community, and several speakers cancelled their talks.
• The organizer has taken full responsibility for this incident and has announced that he is stepping down and will assist with the transition to new organizers.

His statement follows:

To all of the Infosec community,

The decision to include Chris Hadnagy in the 2022 BSidesCleveland event was my decision. Furthermore, the decision to keep the opening speaker slot as Special Guest instead of naming Chris specifically was also my decision. I am apologizing to everyone that my decisions harmed, whether strangers, family, sponsors, or friends, and I am deeply sorry for that. I understand that my decisions may have destroyed the trust that I have built over my years in the BSides community, and I accept accountability for my actions. Effective immediately I resign from BSidesCLE leadership.

With all sincerest apologies,

Rockie Brockway

Trust and BSides’ Role in the Community

BSides was originally founded out of a need for a venue for interesting talks that didn’t fit larger conference themes and agendas. These days, many BSides events are the only security or IT event in a region and represent a central rallying point for the local community. BSides events are often our industry's first impression on folks entering the security industry, or curious about it.

Is it possible to host controversial speakers at a BSides conference? Absolutely, but there’s a right way to go about it. Organizers should discuss among themselves. They should seek input from their community. The details of the controversy should be considered, including both the benefits and drawbacks of allowing a controversial figure to speak. All volunteers, sponsors, and attendees should be notified and given ample time to decide whether to participate.

The BSides team should be prepared for potential fallout. They may have to replace speakers, refund tickets, or possibly walk back the decision to allow the controversial speaker to attend and speak if the impact to the conference is too serious.

Moving forward

2022 was the first year BSidesCLE had a two day event. It was well attended and successful by any metric, up until the morning of day 2, when Hadnagy was revealed as the morning’s surprise guest. Cleveland has a sizable security community that can continue to benefit from a healthy BSides. To make this happen, SecurityBSides believes the best path back to a trusted and healthy event requires:

• at least 4 organizers with diverse backgrounds and experience
• assistance with the transition (SecurityBSides will assist as needed)
• guidance on processes for selecting speakers (SecurityBSides will assist)

Conversations and debates will continue and wounds will take time to heal. This is only the first step in moving BSidesCLE into its next chapter.

with love,

the SecurityBSides crew (Adrian Sanabria, Ian Amit, Joshua Marpet, Jack Daniel, Kelly Gardner, and Russ Rogers)