DEF CON bans social engineering expert Chris Hadnagy

The DEF CON cybersecurity conference banned a former speaker and event organizer from the show for misconduct.

DEF CON organizers announced on Thursday that Christopher Hadnagy has been banned from attending any future DEF CON events. Hadnagy had spoken at the annual conference several times and was the head of the event's Social Engineering Village, a specialized area of the Las Vegas conference that focuses on social engineering threats.

"We received multiple CoC violation reports about a DEF CON Village leader, Chris Hadnagy of the SE Village," organizers said in a post on the conference's transparency report, referring to Code of Conduct violations. "After conversations with the reporting parties and Chris, we are confident the severity of the transgressions merits a ban from DEF CON."

In addition to his work with DEF CON, Hadnagy founded Social-Engineer LLC, a consultancy focused on user education and security awareness training. He also authored several books on social engineering threats and is an adjunct professor with the University of Arizona's Cyber Operations program.

It's unclear what allegations were made against Hadnagy or what kind of misconduct he allegedly committed.

Neither Hadnagy nor DEF CON founder Jeff Moss could be reached to provide further comment on the matter.

UPDATE 2/11: A spokesperson for Hadnagy directed SearchSecurity to a statement he made via Twitter Friday afternoon. 

"Obviously many of you have questions -- as do I and my team," Hadnagy wrote. "The problem is someone has made accusations about me, but DEF CON has NOT me told what they are or presented any evidence to support them. DEF CON's code of conduct addresses harassment and discrimination, and I can say with 100% certainty that no one has ever come to me with accusations of harassment or discrimination -- not a single person.

"We will continue to try and get information and release it as we can. All we can ask is that you wait for details and facts before jumping to conclusions. Thank you."

In addition to banning Hadnagy from the event, DEF CON organizers said they would be disbanding the DCG414 group after its members were found to have violated conference Code of Conduct rules.

Members of the group had been associated with, among other things, building inappropriate conference badges and harassment.

"Code of Conduct violations by the group's primary Point of Contact and subsequent mishandling of the event left us without confidence in the group's leadership," DEF CON organizers said.

The bans come amidst efforts by a number of security conferences to crack down on harassment, misconduct and general bad behavior by attendees and staffers. In 2019, the organizers of the DerbyCon conference opted to shut down the gathering after multiple allegations of misconduct by attendees.

News of the ban generated a measured response from those in the infosec community. Infosec professional Alyssa Miller told SearchSecurity she had mixed feelings about the news.

"The transparency is wonderful as well, because it removes much of the aura of distrust and skepticism that has surrounded complaints about situations like this in the past," said Miller, who also sits on the board of the Blue Team Con and CircleCityCon security conferences.

"On the flip side, it's sad to see people that were trusted as leaders in our security community continue to be involved as bad actors in these situations," she said. "These are people that others count on, who have position that gives them a certain power dynamic in the industry."