What’s what with the who’s who? Why would anyone be so foolish to pay for inclusion in a book that no one reads.

Image for post
Image for post
Photo by James L.W on Unsplash

Times are tough, and even the extremely resilient field of information security is suffering. Plenty of articles have been written on the small things that one can do to enhance their resume and makes themselves stand out from the field. These articles list tips from creating a presence on LinkedIn to getting the CISSP certification, and more. Those who are desperate for a job will often bulk-up on these recommendations.
One thing that people have done in their professional endeavors is getting their names in a who’s who. Unfortunately, the world of who’s who is a free-for-all in which I found there are few winners and countless losers.
Through the years, I get barrages of emails imploring me to sign up for various Who’s Who registries. Perhaps that is the cost of having one’s email address in articles. I ignored the emails, but after about the tenth email, I knew something was fishy. All of the emails similarly stated that if I did not reply within a few days, my entry would be at risk.

Image for post
Image for post

Something told me that while not based in Nigeria, this was a scam. It had all the makings of a classic rip-off scheme, from the various remailers, spam-type of email addresses, to the variants of the names used and more. Some of the names were and others But not a single one had anything that would indicate it was explicitly meant for me.

Note the similar generic email from Emerald Who’s Who. The email had the subject line with a typical sense of urgency of . I don’t recollect getting any of their previous email, likely due to the excellent spam filters in place.

Also, Emerald claims in the email that all data is encrypted and safely transmitted. But the reality is the data is sent via HTTP and SSL; so much for Emerald security. Data submitted were pure port 80, and the protocol analyzer used found no SSL or encrypted traffic.

Image for post
Image for post

Google “who’s who” and there are nearly 23 million hits. itself refers to a reference book, generally containing biographical information about the person. It is important to note that the term is in the public domain and is not a copyrighted term. Anyone can create their own Who’s Who directory, which explains why there are myriad different variants of who’s who books and makes it an area ripe for scammers. In fact, you can spend all day reading about who’s who scams at Ripoff Report.

Most Who’s Who publications are simply vanity publications, where the inclusion criterion is the person’s willingness to buy the book, with the business model consisting of selling books directly to the people who are included.

Most people who pay to get their bio in a who’s who are generally so enamored by the seeming honor to be included, that they fail to do the most basic due diligence about the offer. This, combined with their high-pressure tactics and the threat of an imminent deadline used by the telemarketers, creates a perfect storm for a scam.

When I got yet another email from Heritage Who’s Who, in the spirit of accomplishment, I filled out the form. Two days later, I got a call from Matt at Heritage, who said he had a few questions about my application. Within a few minutes, Matt told me that he was proud to be able to congratulate me and that I was suitable to gain entry into the Heritage registry.

After a few subtleties, this is where the monkey business started. Matt tried to sell me the Platinum Executive program, consisting primarily of 2 wall plaques, the handsome leather-bound journal, and three press releases at the cost of $699.00. Seeing I was not interested, he suggested the gold program, the same as the platinum, except one wall plaque for $499.00. Seeing I was not about to go for that, Matt suggested the wall plaque alone for but $199.00, which he said I could proudly show to friends and colleagues.

As I contemplated the offer, Matt told me that Heritage is published in every university and that are the only legitimate who’s who. In fact, Matt said to me that as part of the membership, they would send me three press releases to send out to newspapers to announce my prestigious entry into the Heritage Who’s Who. Matt stated that no other who’s who could get my inclusion in a newspaper. “Like the ” I asked; no, he responded, “your local community newspaper.”

Anyone who thinks these press releases will do anything for them is deluding themselves. The fact that anyone would send them to a newspaper, or would proudly announce it on their web page or Facebook profile, is a good indicator that you are dealing with a gullible person.

Finally, knowing he was running out of options, Matt told me that the entry deadline that was quickly approaching and that I would need to make an immediate decision since they needed to get their edition to the Library of Congress in time. The Library of Congress has no such deadlines, and while I squandered my opportunity to get in the Heritage Who’s Who, and find immortality in the Library of Congress, others fall for these somewhat deceptive practices.

Since the term is not protected by copyright law, anyone can create their own edition. This leads to many Who’s Who directories that only serve to sell memberships to the group. They simply get a reference guide to others who were silly enough to part with their money. For a good overview of this scam, Victoria Strauss has a good write-up in Beware Who’s Who Schemes.

I searched hard for anyone who had positive things to say about Who’s Who. I posted on Twitter and LinkedIn, asking people to contact me; they had anything positive to say. Several people, including a few with thousands of followers, retweeted my request. I did not get a single reply with anything positive to say.

With that, I emailed a sampling of Heritage VIP Members asking them if they found any value with being in the registry. Of the sample, 31% of the emails bounced. Of the remaining, I received only negative replies. When asked if there was value in being listed, the director of a non-profit agency told me “absolutely not” and that he found that “anyone qualifies as long as you pay the fee for the book and plaque which no one looks at except for someone like you doing some research.”

I asked him if I could quote him by name, to which he replied, “I’d rather not as I am embarrassed for falling for this nonsense knowing all along that it is worthless. But then one day, I just had a weak day and said to myself, why not see if anything good actually comes from this, even one or two good contacts would be worth the investment”. All he had to show for his money and efforts was a dusty plaque and a canceled check.

Other direct replies from Heritage VIP Members include:

  • I never really found any benefit from it. Don’t have any idea if they really do try to generate any business. I have never had anyone, but you, even comment that they had seen me in the publication.
  • I personally do not believe the return on investment is worth the effort. I subscribed once, but will not again. I also suspect that there is an angle to get people to part with their money with minimal return from the company.
  • I signed up but have never used it. I am not sure of its value one way or the other. And no one else has ever contacted me with anything about it before.
  • Their initial call caught me off guard under high pressure, now or never, salesmanship, I allowed myself to be talked into something not worth the cost, something I have kicked myself for ever since. Only after considering it all later, did I realize their appeal is simply to one’s ego and pride. They stress the importance of their publication as being an asset to one’s business, that people will use it to check someone out and find them totally reliable — how else could they be in who’s who?! However, the book they publish has no real value at all. It is not readily available to anyone, except possibly a copy in a public library. Furthermore, their publication of the book that I was in came out two years after I was told it would be published. Over that time, my phone calls and emails for information went unanswered. Since publication, I have been harassed about purchasing deluxe copies, etc., even though on the first such solicitation, I told them I had no further interest in their product. That has not deterred them from calling several times.

Somewhat ironic to think that all of these comments are from Heritage VIP Members. But on the other side, it often shows that references are valuable, in that they will tell you the truth. On that note, when you do list a reference in your job search, make sure the people are going to say nice things about you.

As to specific corporate references, while Heritage states at their web site that their book can be referenced in libraries throughout North America. While that is technically true, it is also true for tens of millions of other books. My hunch though, is that is likely referenced (and sold) with higher frequency than that of the Heritage Who’s Who.

As to the networking capabilities of Heritage and other who’s who plans, they clearly do not match the networking potential of sites such as LinkedIn and Facebook. This is true both from the minimal search capabilities to the minimum amount of members.

So how really selective is Heritage? Based on my call and that of a few friends and the responses I got from the VIP members, they accept They simply want the person’s money, and they seemingly won’t let lack of credentials get in the way. In fact, they seem to do no verification of employment or education. When a friend spoke with Gene at Heritage, the fact that he made up an employer, and said that he had a Ph.D. in engineering from a school that has no engineering program, did nothing to preclude his admittance into Heritage’s registry.

Proof that Heritage does zero fact-checking was proven when an application was submitted for Vaughn Dortch using an address at Pelican Bay State Prison. A simple search of the address would have shown that the address was a maximum-security prison, and the person was a career criminal. That obviously was not enough of an issue to offer Dortch admission into the Heritage Who’s Who Gold Program for $499.00.

Image for post
Image for post

And this is the press release that can be sent to your community newspaper: Perhaps when Mr. Dortch is paroled in 50 years, he can make use of the press release. Unfortunately, since he is currently in the SHU (Secure Housing Unit) at Pelican Bay, his isolation from the other prisoners really makes this press release even of less value.

Image for post
Image for post

As to references, the Heritage reference page is nothing more than receipts. There are references for Brigham Young University, Brown University Library, and many others. Yet if one clicks on any of the nine links, they are not references; only IRS required receipts noting that the university received the gift. There is absolutely no indication that is was requested or used. It seems as if Heritage on their own accord mailed the universities free copies of their registry.

Heritage also failed to do a spell check on their references page as they have Northwestern misspelled as NorthWestern, and Wisconsin as Winsconsin.

Image for post
Image for post

One last note to the friendly people at Heritage, since when does one network with a dead person? Ms. Sentak died a few years ago, yet she is listed as a VIP member.

Is there a need for directories in the age of social networks?

Is there even a need for a who’s who in the age of social networks? Definitely not, as Heritage and other who’s who are utterly obsolete in the era of social networks. LinkedIn, with over 43 million members pales in comparison with Heritage which claims to have 20,000 members.

Look at it this way, in the past six months, how many people have invited you to, or said they find value with Facebook or Twitter? In the past ten years, how many people have told you of the value they get from using a who’s who?

Even if Heritage was free, it is still of dubious value. Its tiny user base, combined with limited functionality, makes the who’s who into a big .

Noted attorney and legal blogger Ron Coleman notes that he has always agreed to provide his profile to the Marquis Who’s Who publications because he is pretty confident that they are the “original who’s who.” But he notes that he has never bought the publication, and can hardly imagine why he or anyone would. As a , Ron observed that he naturally knows lots of other He comments that this has always been the case, but in the social networking era, absolutely more so.


Security professionals looking to better themselves with find greater value availing themselves of the data and contacts at sites such as the SANS Institute rather than throwing their money away for entry in a who’s who listing.

Most of the who’s who organizations are in it for the money with zero concern for the so-called honorees. Organizations such as the Heritage Who’s Who make grandiose claims in which the recipients have very little to show for it. It is incredulous that they would showcase the deceased and invite hardcore criminals into their fold.

Security professionals looking to advance themselves will find no value in having their names in a who’s who, and could, in fact, be showing their ignorance by promoting their inclusion.

Anyone who thinks there is value in such who’s who books are simply reenacting the naïve astonishment of Navin Johnson, the character played by Steve Martin in when he exclaims “the new phone book’s here! The new phone book’s here! This is the kind of spontaneous publicity I need. My name in print. That really makes somebody. Things are going to start happening to me now!”

I work in information security at Tapad. Write book reviews for the RSA blog, & a Founding member of the Cloud Security Alliance and Cybersecurity Canon.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store