felons as pentestersDec 02 2010 04:57PM amir shadrazar (shadrazar gmail com) (4 replies)
I have a personal friend who has recently asked for my advice. He was
convicted of a felony for grand theft auto when he was 21 or so back
in the early 1990's and a separate misdemeanor charge for fraud. He
served his time, less than 1 year, paid restitution and completed
probation successfully in the mid '90s. Since then he has not had any
run-ins with the law with the exception of a misdemeanor drunk in
public charge 4 years ago that was the result of unfortunate
circumstances (he was a passenger in a car that was pulled over and
the police officer asked him to step out of the car and then he was
arrested) and is definitely a reformed individual. He is always honest
about his record and has worked in state government in sensitive
positions in IT security requiring background checks with fingerprint,
and holds industry certifications with Ethics requirements from ISC2
and ISACA. Both organizations were made aware of his history and after
legal review decided to grant the credentials. His record cannot be
expunged because there is no realistic process to do so in the state
he was convicted.
The questions are this (answer depending on the sector you work in):
Would you hire this person to work for your company providing internal
security and pentest services?
Would you (as a consulting firm) hire this person to perform
consulting and pentest services on behalf of your firm?
Would he ever be able to receive a security clearance (even a low
level secret clearance) and employment from the Federal government?
Why or why not?
Thanks, I know this isn't the typical question on this list but he's a
smart guy that's learned from his mistakes and I'd like to help him
out if I could.
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
convicted of a felony for grand theft auto when he was 21 or so back
in the early 1990's and a separate misdemeanor charge for fraud. He
served his time, less than 1 year, paid restitution and completed
probation successfully in the mid '90s. Since then he has not had any
run-ins with the law with the exception of a misdemeanor drunk in
public charge 4 years ago that was the result of unfortunate
circumstances (he was a passenger in a car that was pulled over and
the police officer asked him to step out of the car and then he was
arrested) and is definitely a reformed individual. He is always honest
about his record and has worked in state government in sensitive
positions in IT security requiring background checks with fingerprint,
and holds industry certifications with Ethics requirements from ISC2
and ISACA. Both organizations were made aware of his history and after
legal review decided to grant the credentials. His record cannot be
expunged because there is no realistic process to do so in the state
he was convicted.
The questions are this (answer depending on the sector you work in):
Would you hire this person to work for your company providing internal
security and pentest services?
Would you (as a consulting firm) hire this person to perform
consulting and pentest services on behalf of your firm?
Would he ever be able to receive a security clearance (even a low
level secret clearance) and employment from the Federal government?
Why or why not?
Thanks, I know this isn't the typical question on this list but he's a
smart guy that's learned from his mistakes and I'd like to help him
out if I could.
-Shad
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]