Re: felons as pentesters

[ByteWise <contact () bytewise fr>]

Hi,

ye i would hire him on personal basis, actually his record is more
positive than negative - good hackers try out stuff =D (and never got
a conviction on con-fraud and all is remote in time - His offenses
seem like on the lightweight and normal side....)

For anything as homeland security tho i think would be a hindrance and
would not hire him. Cause anything goes wrong, his past is one more
thing that can be pushed against on on a bad case :/
All in all for federal/corporate stuff depends on what his file (that
i don't have access to, likely outlandish considerations) shows up,
and the balls and trust the guy in charge has (still can't be me). For
private company he could nearly boast off this past i feel...
++
PS : I don't get enough business in pentest in my company to hire, let
him bring in a couple juicy contracts or work at percentage of
business brought and he's on!
PPS: also depends on personal interview face-to-face ofc

On Thu, Dec 2, 2010 at 5:57 PM, amir shadrazar <shadrazar () gmail com> wrote:
> I have a personal friend who has recently asked for my advice. He was
> convicted of a felony for grand theft auto when he was 21 or so back
> in the early 1990's and a separate misdemeanor charge for fraud. He
> served his time, less than 1 year, paid restitution and completed
> probation successfully in the mid '90s. Since then he has not had any
> run-ins with the law with the exception of a misdemeanor drunk in
> public charge 4 years ago that was the result of unfortunate
> circumstances (he was a passenger in a car that was pulled over and
> the police officer asked him to step out of the car and then he was
> arrested) and is definitely a reformed individual. He is always honest
> about his record and has worked in state government in sensitive
> positions in IT security requiring background checks with fingerprint,
> and holds industry certifications with Ethics requirements from ISC2
> and ISACA. Both organizations were made aware of his history and after
> legal review decided to grant the credentials. His record cannot be
> expunged because there is no realistic process to do so in the state
> he was convicted.
>
> The questions are this (answer depending on the sector you work in):
>
> Would you hire this person to work for your company providing internal
> security and pentest services?
>
> Would you (as a consulting firm) hire this person to perform
> consulting and pentest services on behalf of your firm?
>
> Would he ever be able to receive a security clearance (even a low
> level secret clearance) and employment from the Federal government?
>
> Why or why not?
>
> Thanks, I know this isn't the typical question on this list but he's a
> smart guy that's learned from his mistakes and I'd like to help him
> out if I could.
>
> -Shad
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------