The “Chief Cybersecurity Evangelist” for cybersecurity consulting firm Summit7 once claimed he could “doxx” the personal information of a US veteran who challenged the CMMC scheme. “Doxxing” is the act of publishing personal information about an anonymous person without their permission. When done for the purposes of harassment or intimidation, doxxing can be a criminal act.
Jacob Horne created a name for himself within the cybersecurity field after supporting the CMMC program and key Dept. of Defense personalities such as Katie Arrington. He has been one of the most aggressive supporters of CMMC, and often berates defense industrial base (DIB) companies for having failed to comply with NIST self-attestation rules prior to CMMC. Horne became a frequent speaker on CMMC convention circuit, and his industry-related appearances resulted in him being hired by Summit7. That company offers CMMC consulting services.
In an exchange on Reddit in October of 2021, after Horne had been hired by Summit7, Horne confronted a Redditor who had been critical of the CMMC scheme and who had prior knowledge of the scheme’s early development. In that exchange, posted on the CMMC subreddit, Horne said, “I think everyone would get a kick out of comparing what you’ve said over the months with what you said here, and your recent employment changes,” and that “this is a small world.” Despite the veiled threat, he then said, “I won’t doxx you,” but then suggested others might carry out the doxxing threat, saying, “I’ll leave that decision up to … others.”
Horne posted publicly under the Reddit nick “4D_Phoenicopterus” while using his own name. He used the account to promote his speeches and videos and made no attempt to hide that he owned the account.
The exchange was chilling in that Summit7’s expert on cybersecurity effectively sent a message that anyone who criticizes CMMC might be subject to a personal vendetta and that he had the capability to carry it out if provoked. Ironically, doxxing often requires criminal violations of cybersecurity laws in order to obtain the personal information that the doxxer then uses against the victim. The fact that the comment was made to a US Veteran and a former architect of the CMMC scheme suggested a troubling lack of ethics on the part of Horne.
Despite this, Horne claims to hold Certified CMMC Professional, CMMC Provisional Instructor, and CMMC Provisional Assessor certifications from the Cyber AB. That organization has a Code of Conduct which prohibits such behavior, but the Cyber AB does not enforce it. Horne also holds cybersecurity certifications from ISACA and ISC2.
