Wild how I can state my intentions and then someone would just not believe me.
But seriously, it's not possible for me to frame how the researcher could improve future probability of success without framing it from the CEOs perspective. To do that I must recognize he is a human person with his own internal motivations for his behaviors, which likely are not so much monstrous as childish.
Your other comments across the larger topic refute your claimed good intentions. It's not that wild that no one would believe you, when you contradict yourself.
My thoughts on the matter may have evolved over time while interacting with other people in the thread. While I do still believe it could have been an attempt at blackmail, I think it most likely was not, even though the researcher clearly must have downloaded the entire database ahead of time based on the chronology presented. In that case, I can see how I have apparently contradicted myself. But I can assure you, I am not acting in bad faith.
I never thought you were acting in bad faith. My assumption was that you were gaslit like every other non-security person has been, where you were willing to shoot the messenger (the researcher) instead of the person creating the problem (the CEO). My problem wasn't that you were lied to, my only problem was that you were repeating a common lie that I think needs to die.
People operating in bad faith give up or hide when they notice their position is weakening, people working in good faith respond, and acknowledge the weaknesses in their ideas. Like you are doing.
But seriously, it's not possible for me to frame how the researcher could improve future probability of success without framing it from the CEOs perspective. To do that I must recognize he is a human person with his own internal motivations for his behaviors, which likely are not so much monstrous as childish.