Penetration Testing mailing list archives
Re: felons as pentesters
From: "Kevin L. Shaw, CISSP, GCIH, GPEN" <kshaw () eeenterprisesinc com>
Date: Tue, 07 Dec 2010 18:52:43 -0700
I am of the opinion that clearances focus on financial situations now.. if you are financially discrepant they will drop you like a hot potato. -- Kevin L. Shaw, CISSP, GCIH, GPEN 240.593.4261 Sent from my Android "Fred" <kbcboy () gmail com> wrote:
For whatever it's worth ... My old boss was convicted of felony computer crimes after breaking into federally funded systems at a university, while a student in '91. He pleaded and paid a fine plus probation but still had a felony on record. Well after working at an ISP that turned into consulting company he hired me. He had a secret clearance and we worked many a pentest gig. Yes I'd hire someone with a felony. It only matters what they are doing now, not what they did ten or twenty years ago. Well he started his own company and it did well enough he doesn't work anymore. It's important to be up front with the gov't if that is the type of consulting that you are going for. They will make their own determination based on many factors. Those factors being - references, financial status, drug use, criminal record A board makes a final decision. On Thu, Dec 2, 2010 at 11:57 AM, amir shadrazar <shadrazar () gmail com> wrote:I have a personal friend who has recently asked for my advice. He was convicted of a felony for grand theft auto when he was 21 or so back in the early 1990's and a separate misdemeanor charge for fraud. He served his time, less than 1 year, paid restitution and completed probation successfully in the mid '90s. Since then he has not had any run-ins with the law with the exception of a misdemeanor drunk in public charge 4 years ago that was the result of unfortunate circumstances (he was a passenger in a car that was pulled over and the police officer asked him to step out of the car and then he was arrested) and is definitely a reformed individual. He is alwayshonestabout his record and has worked in state government in sensitive positions in IT security requiring background checks withfingerprint,and holds industry certifications with Ethics requirements from ISC2 and ISACA. Both organizations were made aware of his history andafterlegal review decided to grant the credentials. His record cannot be expunged because there is no realistic process to do so in the state he was convicted. The questions are this (answer depending on the sector you work in): Would you hire this person to work for your company providinginternalsecurity and pentest services? Would you (as a consulting firm) hire this person to perform consulting and pentest services on behalf of your firm? Would he ever be able to receive a security clearance (even a low level secret clearance) and employment from the Federal government? Why or why not? Thanks, I know this isn't the typical question on this list but he'sasmart guy that's learned from his mistakes and I'd like to help him out if I could. -Shad------------------------------------------------------------------------This list is sponsored by: Information Assurance Certification ReviewBoardProve to peers and potential employers without a doubt that you canactually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.http://www.iacertification.org------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- felons as pentesters amir shadrazar (Dec 02)
- Re: felons as pentesters ByteWise (Dec 03)
- Re: felons as pentesters AK (Dec 03)
- Re: felons as pentesters J. Oquendo (Dec 03)
- RE: felons as pentesters Mark Brunner (Dec 06)
- Re: felons as pentesters J. Oquendo (Dec 07)
- RE: felons as pentesters Mark Brunner (Dec 10)
- RE: felons as pentesters Kevin L. Shaw, CISSP, GCIH, GPEN (Dec 10)
- Re: felons as pentesters jc (Dec 10)
- RE: felons as pentesters Mark Brunner (Dec 06)
- Re: felons as pentesters Kevin L. Shaw, CISSP, GCIH, GPEN (Dec 07)
- Re: felons as pentesters The Doctor (Dec 10)