If you’ve spent more than a few minutes in the cybersecurity industry, you know that credibility is everything—or at least it should be.
That’s why the news that Mark Lanterman, a well-known cyber forensic expert involved in over 2,000 cases, is under FBI investigation is a gut punch to many of us. Brian Krebs’ report lays it out: serious questions are being raised about whether this guy, who was trusted by courts, law enforcement, and the private sector, actually earned that trust.
Now, I’m not here to pile on. He’s innocent until proven guilty. But this story—true, false, or somewhere in between—should force every one of us to ask some uncomfortable questions.
How the Hell Did We Get Here?
Simple. We’ve built a culture that confuses credentials with character.
A few fancy letters after your name. A couple high-profile cases. A slick PowerPoint or confident testimony. And boom—you’re an “expert.” People stop asking questions.
But here’s the uncomfortable truth:
We’ve been too lazy—or too scared—to verify the people we rely on.
When someone like Lanterman walks into a courtroom or consults on a breach, most people just assume, “This guy knows what he’s doing.” Judges don’t know better. Lawyers don’t know better. And sadly, a lot of cybersecurity people don’t know better either.
The Real Danger: Blind Trust
This isn’t just about one man. It’s about the system that allowed him to rise unchecked.
In security, we scream about “zero trust” in tech—but we don’t apply it to our people. We blindly trust self-proclaimed “thought leaders,” “influencers,” and “experts” without ever validating their experience, skills, or—let’s be honest—their ethics.
Let’s be clear: every case this guy touched is now tainted. Thousands of victims, defendants, families, and businesses may be affected. Some of them won’t ever get justice. All because too many people assumed trust instead of proving it.
So What Do We Do Now?
- Stop worshipping credentials. CISSP, CCE, CEH—whatever. These are just signals, not guarantees of competence or integrity.
- Ask harder questions. Where did this “expert” get their experience? Can you verify it? Do they walk the walk or just talk the talk?
- Normalize pushback. If someone gets defensive when asked to prove their expertise, that’s a red flag—not a reason to back off.
- Hold people accountable. The damage isn’t just reputational—it’s legal, ethical, and human. If someone lied to gain trust, they should be exposed and dealt with accordingly.
- Clean up our industry. We say cybersecurity is about protecting people. That means rooting out the liars, grifters, and posers—no matter how famous or well-connected they are.
This Lanterman story isn’t over, but the lesson is already clear:
Don’t trust people just because they say they’re trustworthy.
Don’t assume integrity. Demand it.
And for the love of all things secure—do your damn homework.
—
Evan
🎙️ Join Me Live for Episode #29 of InfoSec to Insanity
We’ll be diving deeper into the Lanterman case, the credibility crisis in cybersecurity, and what we need to fix—together.
🕘 Thursday @ 9PM CST
Agreed Evan – We desperately need more accountability and more transparency.