Convicted Hackers Snubbed by Security Firms?

Esqueleto sent us an interesting story from Security Focus on convincted hackers and employment in the security field. When you get past the zillions of obnoxious frames, you'll read an article about a wierd problem: the guys who have a criminal record are tougher to hire... in this case they're talking about Mark Abene (Phiber Optik) being snubbed by @Stake, the guys who merged with L0pht. Of course this makes total sense from a corporate perspective, but considering many of the folks in the industry will admit freely to doing the same things, the conviction on your record makes all the difference.

How it has affected me

[merlyn]

My conviction, still in appeal, has been a significant detriment to my business operations. Because any "employment" would have required a note on company letterhead sent to my probation officer, and at least more than one potential client said that this would be problematic to get it through their legal department, I have had to focus on providing Perl training (which did not have the same requirement) rather than Systems and Network consulting for the past six years, which is my primary area of expertise (although I got really good at training as well {grin}).

This makes me less up-to-date on the latest technologies, and cost me opportunities to do really cool things and be part of a team somewhere, a part of my "former" life that I sorely miss.

As the requirement for a formal disclosure and acknowledgement of my current legal status ends in just a few more days, I can once again look at being involved in direct consulting, rather than training. (Although being directly employed will almost certainly still not be possible, I can look for opportunities where a company contracts with my Stonehenge company once again.) But the six years in the middle have been very tiring.

For more information about my ongoing legal battles, please visit the Friends of Randal Schwartz website or send a blank mail message to my autoreply bot.

NEWS FLASH: Real Life Not Fair!

[Signal+11]

If I were a security firm charged with taking money from banks and transferring it to a safe location every evening, would it be sane for me to hire a bunch of convicted bank robbers to do it?

It is a rhetorical question, but one HNN felt that they had to bring up. No, life is not fair. Yes, some people are wrongly convicted. Yes, there is a stigma attached to computer "crime". Regardless, these are the rules you play by.

On the other hand, who better to hire than someone who has had real experience, as opposed to a paper cert? No wet-behind-the-ears MCSE is going to know how to craft security policy, how to do risk management, and how to do cost benefit analysis and everyone in the industry knows it.

It is a calculated risk every time you hire someone who has a criminal past. As a manager, it is your job to evaluate each person one by one and weigh the benefits. Most of the time if you're doing your job right, you'll find most people have had minor brushes with the law (reckless kids get drunk, smash mailboxes, etc), and computers are no different. We may be geeks, but many of us have a reckless streak - it's called being young. To outright deny these people a job is a failing on your part as a manager. Judge each person individually, and not as a group.