So I really want @ECCouncil to understand the damage they've done (a thread):

1. People who proudly achieved certifications are now disavowing and not renewing those certifications because of the shady practices of the org that provided those certs. All that hard work, lost.
2. People who won awards from your org are now renouncing those awards because they don't want to be associated with the practices of a company like @ECCouncil. These were accomplishments they should be able to be proud of that you've ruined.
3. Organizations and universities who've built educational programs and partnerships are being forced to review and potentially change their entire approach because they can't count on the integrity of @ECCouncil's materials.
4. People who've poured their heart and souls into organizing or being involved in conferences organized by @ECCouncil are now withdrawing their support. Abandoning that labor of love.
5. Newcomers to the #infosec industry are finding out that certifications from @ECCouncil that have been recommended to them, are now in question by the industry as a whole. They've seen toxic behavior from your org, leaving many of them to question their career path decision.
6. Those who've already been skeptical of certification vendors are now using the @ECCouncil situation as further proof that such vendors cannot be trusted. This has a horn affect on other cybersecurity vendors as well, whether they act ethically or not.
7. Practitioners who've contributed in legitimate ways to @ECCouncil's blogs, webinars, and other content are now concerned whether their integrity will be questioned because of their association with the organization.
8. Content creators, like me, are now having to take exceptional steps to make sure that we protect our works from organizations like @ECCouncil who we can no longer trust to do the right things.
9. Numerous people have had to spend considerable effort defending our industry from these actions by documenting and spreading awareness of what @ECCouncil has done to ensure others know how to defend themselves.
10. Our industry as a whole, which is already experiencing unprecedented levels of burnout and frustration, has been further demeaned and disrespected by the actions of @ECCouncil, distracting us from the real work that needs to be done to secure our society.
So, @ECCouncil, as you once again seem only concerned with denying or minimizing your actions, you need to see and acknowledge the real damage your organization is causing. You've become caustic to the #Infosec community and it's time for you to change or get out completely.
It's your move @ECCouncil, how are you going to respond? Do you really want to earn our trust, or are we just revenue generating meat bags to you? Sure feels like the latter so far. It's time for you to #DoBetterBeBetter

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Alyssa Miller 👑 Duchess of Hackington

Alyssa Miller 👑 Duchess of Hackington Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AlyssaM_InfoSec

23 Jun
So I want to make clear just how trivial it was to find repeated cases of plagiarism in the EC-Council blogs. All it took was going to recent blogs, finding a few key terms in the content and then Googling for those terms. Literally that's it. #ECCPlagiarism

With less than 30 minutes of work, I was able to easily locate the original works that were leveraged to craft two of their blogs. That time included verifying the content matched, taking screen shots, confirming the blog was cached at and posting

the details.

So consider this as you hear @ECCOUNCIL claiming that they tried to prevent plagiarism. No more than 5-10 minutes of human effort per blog and they could have avoided this mess. One has to question, since they didn't, did they really even care?

Read 5 tweets
23 Jun
OK my last tweet (ok a thread) on the whole EC-Council fiasco for the night. They've shut down their blog and someone already congratulated me.

Let me be clear, I am not happy and I am not celebrating. This is not a win. There are only losers here. EC-Council loses for

1/ Image
the obvious reasons.

However, our community loses as well. This whole thing sows distrust between practitioners and all of the educational and certification orgs we place our trust in.

Content creators lose as we realize we have to take exceptional measures to protect

our works and their copyrights.

Ultimately, I hate this whole thing. I hate that it has robbed us all of so much. I hate that the effort I put into helping EC-Council in April turned out to be a waste.

I don't know where this is headed next, but no, I am not celebrating

Read 4 tweets
27 May
"I want friends not fans" - This quote will stick in my head forever.

This sums up my attitudes toward infosec rockstar culture. IDC how many followers a person has, how many talks, media interviews, or books they have under their belts. We're all just humans 1/
and we all have something to learn from others and something we can teach others.

If you encounter a highly recognized person in this community who isn't willing to give you the time of day or who thinks their accomplishments make them superior to you, just walk away. 2/
They are not worth your time.

It hit 40K followers today, and it's shocking and humbling to know that there are that many people who find something interesting about what I have to say. But I would hope that any one of them would feel comfortable coming to me with 3/
Read 5 tweets
26 May
Let's be crystal clear about this. If your first reaction to survivors of sexual predators is skepticism or questioning, you're literally supporting and enabling sexual predators everywhere.

Here's the thing. Sexual predators pick their targets deliberately. They look for 1/
people they can manipulate or control. Most often this is due to a power dynamic in their relationship with their victim and they use fear and shame as tools.

When you question survivors, when you speculate or attack them in public discourse, you play right into what these 2/
predators are looking for. You create the very tools they use to keep their victims quiet. And victims that are too afraid or ashamed to report are what allow a Denver public school employee to rape 62 high-school aged girls, or a film producer to harass and/or assault 3/
Read 7 tweets
8 Mar
On #IWD2021 let's talk about the reality of women's experience in the professional world:

1. According to study after study, women are consistently paid less than men for doing the same job. WOC make even less than their underpaid white women counterparts.

2. Numerous studies have shown that in promotions, men are considered based on their potential to do the job while women are evaluated on whether they've already demonstrated the skills of the job (I've experienced this myself)

3. Women are consistently assumed to have lesser technical expertise than their male peers.

4. Women are far more likely to be interrupted during meetings and have their opinions minimized or ignored.

5. Women with tattoos are more harshly judged for them than men.

Read 7 tweets
29 Sep 20
I know it's easy to hop on the bandwagon of shaming #infosec in Healthcare given the ransomware news over the last two days. But please before you decide to blast your theory on how healthcare is lazy, uncommitted, etc. to security, take a few moments to consider their risk 1/
models and the unprecedented level of complexity they have to deal with in terms of technology and threats. We know the challenges of ICS systems that are built once and typically can't be easily upgraded as vulnerabilities are discovered. This is 10x worse when it comes to 2/
medical devices. Now add in the complexities of EMR systems which are managing vast amounts of disparate forms of data. Far more complex than even what we see in financial services. But the complexity doesn't end there. Consider the crazy networking infrastructures needed to 3/
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!