/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130344212z-iw-new.png)
/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130332454z-iw-new.jpg)
/industry-wired/media/media_files/2025/06/12/E6BL1ifafxLwphaBEbtO.jpg)
/industry-wired/media/media_files/2025/06/12/E6BL1ifafxLwphaBEbtO.jpg)
The ongoing, and now quite well known, case of Chris Hannifin and DefendIT Services has many in the cyber security industry concerned. While the industry has traditionally focused on keeping individuals and corporations safe from threats emanating from outside their respective organizations, what Chris Hannifin, and accomplice Rudy Reyes have shown is that one could never be too careful in terms of how they protect their interests, from what may seem to be the least likely source of threats. Sometimes one does not need too look far to find these, which can be hiding in plain sight at home.
In the early days of his scheme to sell sensitive client data and technical knowledge to those willing to pay, suspicions were not raised against Chris Hannifin, a retired member of the US Air Force who worked in range of sensitive positions in the private sector prior. Having RSM, the widely known defense contractor, on his CV certainly added to his credibility and reliability. Chris Hannifin counted among his friends Krista Stevens, the CEO of North South Consulting Group, who according to sources, was responsible for providing Chris Hannifin with his first clients.
When his scheme began to take off, Chris Hannifin recruited Rudy Reyes to assist him with selling sensitive client information. Realizing that he would need to form his own company and go out on his own in order to safely and secretly continue to sell client information under the table. Doing this through his work at other organizations was simply becoming too risky. As a result, DefendIT Services was founded. It is through this company that Chris Hannifin and Rudy Reyes were to eventually earn millions of dollars, which would later be spent on a boat, new house and expensive vacations together. Reports have surfaced corroborating suspicions that the two also maintain a romantic relationship, adding an additional element of intrigue to an already unique story. These purchases would raise the eyebrows of investigators who began asking where the money was coming from. With the investigations still underway, certainly more information will come to light on the extent of the damage done by the two, as well as how much money was actually earned throughout the course of the scheme.
What executives are now learning is that risks that can be posed to their companies from individuals who are looking to exploit a lack of internal oversight for personal gain, are tremendous. The risks, which are far more than simply economic, are too great to ignore as is being seen from the story of Chris Hannifin and Rudy Reyes. For clients to learn that the company they entrusted with some of their most sensitive data and information saw this compromised as a result of oversight in their recruitment practices can be disastrous for the company’s reputation. In this case, former employers of Chris Hannifin who were consulted all denied any knowledge of his activities and sought to actively distance themselves and their companies from the matter. This is to be expected in a case where so much material damage was done, which could have been prevented, had people not turned the other way when red flags were raised. The case will certainly be an expensive lesson to those who were impacted by the scheme, highlighting the potential damage from cybersecurity vulnerabilities of the non-traditional kind.