Penetration Testing mailing list archives
Re: felons as pentesters
From: "J. Oquendo" <sil () infiltrated net>
Date: Fri, 03 Dec 2010 16:44:22 -0500
On 12/2/2010 11:57 AM, amir shadrazar wrote: <snip>
I have a personal friend who has recently asked for my advice. He was convicted of a felony for grand theft auto when he was 21 or so back in the early 1990's and a separate misdemeanor charge for fraud. He served his time, less than 1 year, paid restitution and completed probation successfully in the mid '90s.
His age, etc., are completely irrelevant. He was convicted of a crime period. No one is going to want to hear why. What they WILL want to know is what has he done with himself in the interim. Has he grown professionally, what has he done. Some companies are forgiving and some aren't. In financial companies where bonding is concerned, the company will have to pay a higher insurance premium so most of the times, they won't bother with felons no matter what. This is what I call "the power to punish" where no matter what someone has done in life, it will carry on forever. Regardless if it was accidental, wrongful conviction, etc., at the end of the day, no one cares - sorry this is reality.
The questions are this (answer depending on the sector you work in): Would you hire this person to work for your company providing internal security and pentest services?
Depends on his experience
Would you (as a consulting firm) hire this person to perform consulting and pentest services on behalf of your firm? Would he ever be able to receive a security clearance (even a low level secret clearance) and employment from the Federal government?
Yes he must demonstrate he is eligible for clearance. "In 1985 and 1987, the police arrested and charged Applicant with possession of marijuana, grand larceny and drug paraphernalia. He served 15 months in prison for these crimes. In 1997 and 2004, after out of control arguing with his wife, the police arrested and charged him with assault and battery. Applicant failed to list his 2004 arrest and the amount of jail time served from the 1985 incident on his SF-86. He learned the welding trade in prison, has worked regularly since leaving prison, and has been steadily employed with his current employer for five years. He and his wife are separated and he is seeking a divorce. He has mitigated the government's security concerns under Guidelines J and E. Guidelines J and E are found in favor of Applicant." http://www.dod.gov/dodgc/doha/industrial/06-19914.h1.pdf ... Applicant served six months in prison for his involvement in a car theft in 1989 and less than a year for a drug offense in 1993-1994, and was arrested for battery in February 1996 and in October 1996 for a drug offense and a handgun offense, but he later became a highly respected employee of a defense contractor. He received a Chapter 7 bankruptcy discharge in September 2003, but he still owes a child support arrearage and delinquent state taxes, which he was paying by payroll deduction until he was terminated from his latest job for lack of a security clearance. He erroneously answered "no" to questions on his security clearance application about his criminal record. The allegations of falsifying his SF-86 are rebutted, and the security concerns based on criminal conduct and financial considerations are mitigated. Clearance is granted. http://www.dod.gov/dodgc/doha/industrial/02-29259.h1.html ... Applicant's mitigated security concerns over his criminal conduct, personal conduct and alcohol issues. At each stage of the investigation from 1996 to 2005, Applicant established he had no intent to falsify: in three different security forms he repeatedly complied with his duty to disclose adverse information on his arrest record and also provided substantial adverse details in his 1998 statement. While he has multiple misdemeanor arrests from 1988 to 2004, he has no recent incidents in the past three years and has fully complied with all court-ordered alcohol education and probation requirements after his alcohol-related arrests. Clearance is granted. http://www.dod.gov/dodgc/doha/industrial/05-08486.h1.html ... Applicant is a 45-year-old mechanic who has been employed by a contractor since July 1980. He has a lengthy history of criminal activity, most of which is related to problems with alcohol. Between 1981 and 2001, he had at least five convictions for driving under the influence, which included court-ordered attendance at the alcohol safety action program each time. After the 2001 incident, Applicant decided to stop drinking and has been sober. He did not deliberately falsify a material fact in a question on his security clearance application. Applicant has mitigated the criminal conduct, alcohol consumption, and personal conduct security concerns. Clearance is granted. http://www.dod.gov/dodgc/doha/industrial/05-15659.h1.html ---------------- / End article snippets. He would have to disclose EVERYTHING he has ever done - cause guess what... they'll find out anyway no matter how silly he thinks a situation may be. As for hiring felons, it all depends on the person, the crime and a couple of other parameters. Mainly, what has he done in the meantime, how long ago was his/her crime, what did he/she learn, are they or have they integrated themselves back into a productive life. Poop happens in life, people are people. To those who wouldn't/won't hire a felon, apparently they're statistically unaware that: There are 1 in 100 adults in the United States living behind bars 2010 http://www.pewcenteronthestates.org/uploadedFiles/Prison_Count_2010.pdf 1 out of every 36 Americans either were incarcerated on probation or parole http://bjs.ojp.usdoj.gov/content/pub/pdf/ppus06.pdf http://bjs.ojp.usdoj.gov/content/glance/tables/corr2tab.cfm There will be a point in time where the numbers will be so high, many will have no choice but to review their policies. Anyway, enough polit(r)ic(k)s. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- felons as pentesters amir shadrazar (Dec 02)
- Re: felons as pentesters ByteWise (Dec 03)
- Re: felons as pentesters AK (Dec 03)
- Re: felons as pentesters J. Oquendo (Dec 03)
- RE: felons as pentesters Mark Brunner (Dec 06)
- Re: felons as pentesters J. Oquendo (Dec 07)
- RE: felons as pentesters Mark Brunner (Dec 10)
- RE: felons as pentesters Kevin L. Shaw, CISSP, GCIH, GPEN (Dec 10)
- Re: felons as pentesters jc (Dec 10)
- RE: felons as pentesters Mark Brunner (Dec 06)
- Re: felons as pentesters Kevin L. Shaw, CISSP, GCIH, GPEN (Dec 07)
- Re: felons as pentesters The Doctor (Dec 10)