Neither breaking the law nor poor renditions of power ballads should ever be considered a qualification to speak at an IT event about computer security.