@stake is a security company. They are in the business of selling TRUST. For the company that knows little about security, it's less of a question of @stake's technical ability (which I'm sure is top-notch), than whether or not they can be _trusted_ to secure a company's network. It's obvious that they feel that people can trust the L0pht folks on their merits, but not necessarily other hackers. They're drawing the line at people with criminal records. Not because they aren't able individuals. Sure, they probably are. But people don't trust hackers with a record. That's understandable. It doesn't matter what the folks at @stake personally think about people with records. They can't sell people with records to the suits at big company.

It bothers me that people here are accusing the L0pht folks of being untrustworthy and criminal "but just didn't get caught so they're being elitist". Wake up and smell the coffee. People are innocent unless proven guilty in this country.

And @stake can't hire everyone that comes through their doors. Two people with the similar technical acumen, one without a record, with with a record. Who's going to get hired? It's an easy choice. It's just not worth the risk. And yes, everyone who works at a consulting firm runs the risk of a background check. Not by the company, but by their clients. And when a million dollar deal goes sour, because some chump got busted kicking around a phone switch five years ago, it really fucking sucks.

It's just not worth it. It sucks, but that's the way it is.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/79/3314#3314