The Federal Government's Cyber Talent Pipeline May Have Been Compromised

TLDR: 

I discovered a security vulnerability at Royal Bank Canada (RBC) that allowed financial theft, which they classified as "intended behavior" while simultaneously requiring that I refrain from public disclosure. When I posted about this contradiction in CyberSci's Discord server where RBC was actively recruiting, my message was silently deleted without explanation.

CyberSci is a Canadian organization that serves as a cyber talent pipeline for national security agencies such as the Communications Security Establishment (CSE) and the Canadian Security Intelligence Service (CSIS). An organization fulfilling this critical role should actively encourage speaking out about security issues, particularly when vulnerabilities affect critical systems.

When I contacted CyberSci founder Tom Levasseur regarding the message deletion, he admitted that the organization avoids any criticism of its sponsors. He claimed that moderators had mistaken me for "some immature student," despite my name appearing on their contributor board as a CTF designer. He then accused me of making "threats" when I stated that I would document how different organizations handled this security disclosure situation.

The document highlights poor treatment of contributors and highlights how oligarchs can influence government decision making in democratic countries. 

Given that Canadian national security agencies recruit cyber operators from CyberSci, Canada's national security training pipeline may have been compromised by financial relationships that prioritize sponsor comfort over legitimate security discourse and effective talent development.

The following is a purely academic analysis and makes no accusations:

https://hkohi.ca/uploads/The-CyberSci-Incident.pdf 

In a time when we are being tariffed to death, raising awareness about threats to our national security is the duty of every Canadian. We must stand together.