Dude I was called out by name in the report either right before you got there or the first one you were there. I was called out in the one where they got B's Audi keys in his office.

Whole thing was so dumb. A floor full of smart monitors that they could have put a keylogger on. A plethora of physical network access and I get called out for leaving my laptop on the lock screen and going downstairs for food.

And they got found out because I ran little snitch I paid for myself and it caught their hijacked chrome making all sorts of weird network calls. But I don't remember being given credit for that.

(Sips mojito)

The hero worship of him makes me physically ill, always has.

He did cost people their jobs though, so I guess he's a good person.

He social engineered your company into contracting him, and that adds to the legend, but people don't see how many other companies he failed to social engineer.

Kevin's security company is also a mess, and the training videos they produce are embarrassing at best.

I understand he probably just lent his name to the company (though he did show up in some of the videos), but still...

> "He was a hacker-turned-security consultant who, later in life, helped shape the modern white-hat."

They left out convicted criminal.

In all fairness, a genuine attacker WILL be abrasive and abusive. They WILL single out employees that are gullible and exploit them. It's not pretty because a genuine attack is not pretty. Of course a simulated attack will be indecent and discourteous in nature, that is how attacks are.