Fake Security Firms Will Be Exposed
Contributed By: Boris Sverdlik
Thursday, June 09, 2011
UPDATE: BlackbergSecurity is NOT A DEFENSE CONTRACTOR according to E-VERIFY.
I’d like to preface this again by saying I don’t condone the activities of Lulzsec. I do fall into the crowd of security professionals who Patrick Gray described as secretly loving him. Patrick has written a great piece on the awareness the group has brought to the weaknesses in information security.
I suggest you go out and read it immediately and you’ll see why.
Attrition.org broke a story back in February on how Joe Black has used social media to create his “Security God” image. Needless to say, they debunked the entire image.
Unfortunately, real security guys are the only ones who actually read Attrition, and Joe Black was able to continue in his path to self proclaimed security god.
In his efforts to legitimize his site, he has built a reputation around certifications and misinformation. He has a very interesting career, that we can trace back to his days at Wright Printing in 2005 according to his LinkedIn Profile which is also about the time he was supposedly enrolled at ITT in his Bachelors degree program in Omaha.
Calls to ITT have not been returned as of this writing, but Joe did post his associates degree on his flickr page. While we are on the topic of education, his profile also states that he is expecting to complete his Masters in Security Management at Bellevue University in 2013.
According to the registrar he has withdrawn from every single course he had enrolled in since January of 2009. Guess the worlds greatest hacker, didn’t realize information is public. Oh well.
With his reputation on the line he had called out our neighborhood Lulz maker with the following message on his website:
“Cybersecurity For The 21st Century, Hacking Challenge: Change this website’s homepage picture and win $10K and a position working with Senior Cybersecurity Advisor, Joe Black.”
Guess what happens next?
Again, not that I condone any of this, but you know me any chance to prove that security certifications are useless can’t be ignored. Wow, look at all of those interesting certifications on his website.
This guy must be a Security Megastar. Lets see what he has:
All can be seen thanks to our brainiac on his Flickr:
Project+ COM70010068307772 A+ 1/08
Remote Support COMP001006830772 1/09
Security+ COMP001006830772 1/08
Network+ COMP00100683C772 1/08
Linux+ COMP001006830772 2/08
CEH ECC926927 09/08CISSP 318010 12/08
What I don’t see is the ISACA CISM & CISA certifications.
Please Joe, if you have them send the numbers my way…
So are we still confident how certifications do not equate to competency? This is just another example of false advertising, and I’m glad it has been brought to light. Black has even used Facebook to advertise his services.
I love his About statement “At Black & Berg Cybersecurity Consulting we leverage our close relationship with the Federal Government to give our small business clients a Cybersecurity posture that equals or exceeds that of the NSA and Department of Defense.”
Wait speaking of his federal contacts he does have a CAGE# on his LinkedIn Profile. Wow, legit eh… EXPIRED.
In closing I’m sure you paper security guys would be more than happy to hire him, real security guys well we don’t find our vendors at bus stops.
Direct Link: https://www.infosecisland.com/blogview/14302-Fake-Security-Firms-Will-Be-Exposed.html