The chief executive of a top Irish cybersecurity firm has said a former employee’s claims about a supplier having links to Israeli military intelligence were “James Bond stuff” and that he did not want other staff members to feel uncomfortable “because we had an anti-Semite in our midst”.
Edgescan CEO Eoin Keary told the Workplace Relations Commission he formed the view that the worker, computer engineer Cian Ó Laoi, was an “insider threat” to the business, which he said suffered no data breach.
Ó Laoi, who is pursuing claims of whistleblower penalisation and constructive dismissal against BCC Risk Advisory Ltd, trading as Edgescan, denied that his remarks, sent in an internal email to the CEO, were inappropriate.
He said he was voicing concerns about supply chain risk in view of what he said was a “revolving door” between the Israeli tech sector and the nation’s military intelligence agencies when he made a protected disclosure to Mr Keary on 2 July 2024.
In the email, he said DoIT, an “Israeli company with an Israeli CEO” had “full admin access” to Edgescan’s Amazon Web Services (AWS) account for over a year and that he suspected “social engineering” was at play.
Ó Laoi went on to state his objection to the firm doing business with an Israeli firm with reference to “watching them genocide Palestinians”.
Keary said in evidence to the WRC that the email was “alarmist, emotional, certainly xenophobic”, Mr Keary said.
“Just because people are from Israel doesn’t mean they’ve malicious intent,” he said.
He said he responded to say “shut them off completely” because it was “standard operating procedure if you see something like an anomaly, you contain and isolate”.
Counsel for the respondent, Mary-Paula Guinness BL, appearing instructed by Byrne Wallace put it to him that Ó Laoi said the CEO had been “very angry” on a conference call the following day.
“I was upset because I was told we had a cybersecurity breach. Obviously this was an error, retrospectively, it was an error,” he said.
The matter was examined by his fellow co-founder, Rahim Jina, whom he said was highly experienced in digital forensics, and by his chief technology officer, Eoin Mooney.
“[They] are very skilled operators as well. They couldn’t find any evidence of any breach,” he said.
On the 3 July 2024 call, Keary said Ó Laoi expressed the view that DoIT was “a mass social engineering experiment hiding behind Google and AWS certifications and was “masquerading as a real company but they’re actually Israeli military”.
“We had to take issue with, one, that anybody from Israel is a bad person, and, if you follow that chain of thought, you have to accept that accusing people based on their nationality or their hereditary, it’s borderline, well it is, xenophobia,” he said.
Keary went on to say: “I did not want other staff members in my business to feel uncomfortable because we had an anti-Semite in our midst.”
Ó Laoi told the WRC he did not believe what he said was “inappropriate” and that any mention of Israel was “in relation to the supply chain risk of Unit 8200”, an Israeli military intelligence unit.
Keary and Jina told the WRC in their evidence this week they had never heard of Israel’s Unit 8200 before Ó Laoi brought it up in July 2024.
In an email of 20 September 2024 to Keary, Ó Laoi said he was considering taking a case to the WRC, and sought an apology in writing, the reimbursement of legal fees, and “fair compensation” of €10,000 which he said he would donate to aid agency UNWRA.
Keary said the email convinced him Ó Laoi was “an insider threat to the business” and ordered his access shut off.
“It was a shakedown, in my view, we were being blackmailed,” Keary said. “The apology could have been arranged, there could have been a kumbaya, but he went nuclear,” Mr Keary said.
Ó Laoi quit the following month.
Counsel for the complainant, Cillian McGovern BL, appearing instructed by Crushell & Co Solicitors, put it to the CEO in cross-examination that there were statements in correspondence to his client contradicting the firm’s position that no breach took place.
“You said the incident was a ‘bad joke’; the [chief financial officer] said the access was ‘excessive’,” McGovern said. “I said it was a ‘bad joke’; what I meant was the absurdity of accusing a company like DoIT because they have some Israeli founders that they’re part of the IDF military complex and the whole company is a social engineering experiment, what Cian said to me, that’s a bad joke – that’s James Bond stuff,” Keary said.
Adjudicator Penelope McGrath said it seemed to her from the wording of Keary’s email that it was “the level of access given to DoIT was a bad joke”.
“I’ve told you what I meant. What I said is this whole thing is a bad joke, this third party access issue is a bad joke. The fact we’re being accused of being hacked by Mossad,” Keary said.
“There’s nothing in there that suggests that,” McGrath said.
“I wrote it,” the CEO said.
“Everything Mr Keary put into his evidence-in-chief was a PR spin. He sought to smear Mr Ó Laoi,” McGovern later said.
Edgescan’s chief operating officer, Mr Jina, said “any kind of breach or hack” would leave behind “artefacts” but that he investigated personally and found “nothing suspicious at all”.
“I did ask Cian to several times to provide me with any evidence of a breach … everything came back to the fact they were Israeli – as if being Israeli was the evidence,” Jina said. “[It was] not just his language, but his tone was completely unprofessional, completely inappropriate. I’m going to have to imitate, it was also the way he said ‘Israeli’, like with proper venom,” Jina of the conference call on 3 July.
He accepted Edgescan failed to adhere to its own disciplinary policy when he gave Ó Laoi a formal reprimand in September 2024 for “discriminatory conduct … specifically in relation to comments on Israel”.
The company’s chief security architect, Eoin Mooney, said the arrangement with DoIT in May 2023 was a “very effective way” to cut its cloud hosting bill with Amazon Web Services (AWS). The level of access was the industry practice at the time, he said.
The adjudicator, McGrath, has concluded hearing evidence in the case and will hear the parties’ closing legal submissions next month.
Click Here For The Original Source.
