An events company has been accused of implying a list of notable CISOs would be appearing at an upcoming summit, when they had given no intention of attending.
A ‘VIP invite’ to the CISO Leaders Melbourne Summit 2017, includes a list of notable CISOs and heads of security that many recipients assumed to be a roster of confirmed attendees. A number of those named have confirmed to CIO Australia that they will not be going the event.
The email, sighted by CIO Australia, boasts that the “closed door private meeting” on February 16 will feature 65 chief information security officers and IT chiefs from “every major corporate in Australia” and host keynote presentations from the likes of Telstra, ANZ Bank and Singtel.
The summit, which is free to attend by invitation only, is run by Sydney-based firm Media Corp International, who are behind similar events for CIOs, HR chiefs, OHS leaders and CXOs. These events take place throughout the year in Australia, Singapore and Thailand. Media Corp International is no way related to Singapore’s government-owned broadcaster Media Corp.
Nabbed by NAB
National Australia Bank’s CISO Andrew Dell was the first to expose Media Corp International’s practises in a LinkedIn post over the weekend, saying that he understood he had been listed as an attendee even though he wouldn’t be going.
“I am not attending and have nothing to do with this event: I'd be very cautious of the validity of the attendee list if you are approached,” he wrote.
Dell then listed a number of fellow CISOs who had been mentioned in the email he had received, including Simone Bachmann, head of information security, innovation and culture at Australia Post; John Haig, head of security, risk and compliance at Dun & Bradstreet; Stuart Harrison, head of information security at Medibank and John Taylor, CISO at AGL. Each commented denying they would be attending.
A number of security professionals joined in the conversation:
Pieter van der Merwe, CISO at Woolworths Group said: "Apparently 56 CISOs have confirmed. Mmmm, who are they? I know most and none of them are going."
Eugene Ostapenko, information security manager at Victrack said: “Got this invitation last week. Looked like somebody dumped my LinkedIn connections and used them as bait. Not going.”
Jane Falk, director technology, security and strategy at .au Domain Administration said: “And don't they realise we do all talk to each other about these sorts of things?”
Media Corp International is also understood to have called a number of CISOs in recent weeks, similarly name-checking their industry peers to attract attendance.
Others were doubtful about the veracity of the list given the event happens in the same week as the major security event, the RSA Conference in San Francisco.
CEO of Media Corp International, Tyron McGurgan clarified to CIO Australia that the list of names attached to the invite were people who had been invited, as would have been explained in a prior phone conversation with each recipient.
"As you'll see there's nothing on there saying they're confirmed. This is the invitee list. He would have spoken to him and mentioned that on the phone originally," McGurgan said.
The sender of the invite has been temporarily suspended from their duties at the firm's Loftus Street offices, McGurgan said, adding that the popularity of Dell's LinkedIn post had jeopardised potential future clients.
"It's pretty detrimental to the business to be fair," he said. "Unfortunately it was miscommunication and judgement from one guy here from the office."
McGurgan spoke to Andrew Dell this afternoon. Following the conversation Dell posted that he had been "impressed by his responsiveness and quick correction of this error".
"I appreciate it and look forward to continuing the important conversation around cyber security and safety, where the real focus needs to be," Dell added.