U.S. president-elect Donald Trump announced Thursday that former New York City mayor Rudy Giuliani would lend his expertise to the government on issues related to cybersecurity.
But many in the cybersecurity industry aren't familiar with Giuliani's work in that area, or his company, Giuliani Partners — leading some to conclude he may not have the expertise the Trump team believes he does.
Giuliani has run a consulting business since 2003, claims to offer cybersecurity services to its clients and is chairman of global law firm Greenberg Traurig's cybersecurity practice.
"I have been working in cybersecurity for 17 years and been all over the world. I have yet to encounter anyone who has had any interaction with Giuliani Partners," said John Bambenek, who manages threat intelligence systems at Fidelis Security and teaches cybersecurity at the University of Illinois.
"I don't know him or the firm," echoed Boris Segalis, a New York City-based lawyer who co-chairs the Data Protection, Privacy & Cybersecurity practice of law firm Norton Rose Fulbright. "They are certainly not huge in this space."
If you've ever worked with Rudy Giuliani on cybersecurity issues, or have any information on Giuliani Partners and its clients, you can contact CBC securely and anonymously using SecureDrop. You can also email email@example.com directly (PGP key here).
In an interview with MarketWatch a year ago, Giuliani said he entered the cybersecurity business after reading a 2003 FBI report that forecast a rise in cybercrime and national security risks.
By 2005, Giuliani said the company had begun offering penetration testing to clients, evaluating their security with attempts at breaking into their networks from the outside, and as recently as this month claimed "deep experience" in cybersecurity.
Otherwise, little else is known about the services the company offers and the clients it serves.'I've never heard of it'
Cybersecurity companies often demonstrate their expertise by publishing research and reports on new and emerging threats, appearing at conferences, providing expert commentary to media, and participating in legal and policy discussions on security matters.
But for 13 years, Giuliani Partners and its subsidiary, Giuliani Security and Safety, has remained all but silent on cybersecurity — to the extent that many in the industry were unaware of the firm's existence.
"I don't know anything [about] his company or what they do," said HD Moore, computer security researcher who created a widely used piece of software called Metasploit.
"I've never heard of it," said Mikko Hypponen, another computer security expert who is the chief research officer of Finnish cybersecurity firm F-Secure.
"I had no idea that it existed until you just said, but my bet is that it's probably congruent to the DNC or the Hillary campaigns defensive capability," said Dan Tentler, founder of the computer security company Phobos Group.
Indeed, security researchers spent much of Thursday on Twitter posting information about the security vulnerabilities they had found on the Giuliani Security and Safety website — ironic, some said, for a person who had just been chosen for his purported expertise on cybersecurity issues.
Giuliani Security:- Expired SSL- Doesn't force https- Exposed CMS login- Uses Flash- Using EOL PHP version- SSL Lab grade of F— @fienen Not a technical play
Marcus Carey, the founder of cybersecurity company vThreat, and a former researcher at Rapid7 and U.S. navy cryptologist, believes "the company clearly isn't a 'technical' cybersecurity play."
Rather, Carey thinks that "Guiliani's business is focused on corporate governance, compliance, and legal issues related to companies being breached."
Reporting by Motherboard's Jason Koebler and Lorenzo Franceschi-Bicchierai supports this view. An anonymous cybersecurity executive, who claimed to have experience with Giuliani Security and Safety, told Motherboard, "If you hired them on a cyber engagement, they are going to tell you what your legal obligations are and how to manage the legal risk related to cyber,"
The company also announced earlier this month that it is teaming up with BlackBerry to "to assess infrastructures, identify potential cybersecurity vulnerabilities, address gaps and secure endpoints," further suggesting that it may not have those skills in-house.
BlackBerry's chief security officer, David Kleidermacher, declined to comment, referring CBC News to Giuliani Partners' media contact, who has yet to respond to a request for an interview.
"We have seen a lot of politicians and military leaders use their personal brand to launch cybersecurity firms, especially based off 9/11," said Carey.
"I think that people are conflating homeland security with cybersecurity. Just because you have made a reputation in the government related to homeland security doesn't mean that transfers to the cyber realm."