[HN Gopher] Ask HN: Recent computer hacking convictions and empl...
___________________________________________________________________
Ask HN: Recent computer hacking convictions and employability?
I was involved in a high-profile computer hacking case in 2015
which received international interest. I eventually pleaded guilty
to charges of blackmail, fraud, and computer hacking. Following
that, I was sentenced to four years in prison. I'm currently on
probation for a year, and I'm also under the supervision of the
Serious Organised Crime Unit for another four years. I'm bound by a
number of technical constraints. The authorities in charge of my
supervision are happy for me to find legal work in cybersecurity,
but given my current circumstances, I just wanted opinions on how I
should approach this. I'm completely self-taught, and while on
bail, I did a lot of responsible disclosure. I collaborated closely
with CIRT teams, system administrators, website developers, and
government agencies to ensure the remediation of over 3,000 web-
application vulnerabilities. I wrote technical reports, provided
remediation guidance, and validated patches to ensure that security
issues were properly closed (in an informal capacity). My first bug
bounty contribution took place in 2012 which was a GET-based
reflective XSS on a subdomain belonging to Microsoft. Over 30
private and public sector entities have sent me letters of
acknowledgement. I've also been inducted into a number of hall of
fames for uncovering vulnerabilities. In 2019, I was also ranked
11th out of 25,000 active researchers on a bug bounty platform. I
can't just walk into employment with my skillset because I'm not
particularly talented, just proficient in web-application security
and various methodology used to identify vulnerabilities. This
leads me to believe that I should look for entry-level positions
but I've been told I'm overqualified. Some opinions would be
appreciated.
Author : dk79XuL9
Score : 143 points
Date : 2022-02-14 14:40 UTC (8 hours ago)
| [deleted]
| Joe8Bit wrote:
| I've hired quite a few security folks in my time (some with
| criminal convictions) but my answer is an unhelpful one: it
| depends.
|
| If you have a criminal conviction it's unlikely you'll get
| through the screening process with a regulated business (like
| banking, insurance, pharma etc) due to some 'out of the hiring
| managers hands' constraints those industries have. I've seen
| exceptions to this in the past, where a senior manager strongly
| advocated for the exception, but it's _very_ rare.
|
| I've worked with several security people with criminal
| convictions in the past at non-regulated, FAANG and FAANG-like
| tech companies. They also usually have policies in place to
| prevent hires with criminal convictions, but the exception
| process there is easier, particularly in security teams where
| these convictions are more likely to occur in strong candidates.
|
| The biggest concentration of folks with backgrounds like yours
| have been at security consultancies, in my experience. Combined
| with the experience you mentioned with bounties, that would be
| the place I'd spend most time looking. You might still get
| rejected from some, for example those with customers that require
| criminal background checks for employees or security clearance
| you couldn't get, but there are still quite a large percentage
| where you could find work. Personally, I've had conversations
| with external consultancies who say things like "I know you
| require criminal records checks on all our employees, which we're
| happy to do, but I want you know >50% of my team will fail them".
|
| A couple of other things:
|
| - No matter where you work, with your background there might be
| some kind of 'restriction' placed on what you work on and/or how
| you work (e.g. can't work on project Type X or must work from
| Office Y). If you do get through a process, ask about this before
| joining, as it might have an impact on how much you'd enjoy the
| role.
|
| - Be open about your background. You sound like you would do that
| anyway, but the more open you are the better, you don't want this
| to be a surprise to people. What you're looking for is a strong
| advocate on the hiring team, so building trusting relationships
| with people will be important.
|
| Don't be too down on yourself, you might have made some bad
| decisions, but you sound like a talented professional. The
| criminal justice system exists for people to serve their
| punishment and then move on with their lives. There are companies
| that will be delighted to hire you because of your skills. Your
| road may be a little tougher than for others, but that doesn't
| mean you can't end up professionally happy, fulfilled and well
| compensated.
| ianai wrote:
| I'd probably double down on going after any legal bounties
| corporations have posted. Whatever certs you can get too for the
| HR reps in your future. Oh and "aggressive compliance" to
| probation and any and all laws.
|
| Edit-also, you do have highly valuable skills and knowledge.
| Maybe make some 30 minute to hour long video tutorials. Then
| start drafting up a 1-2 week course plan for taking professionals
| up to your level if they start with some basic dev/ops knowledge.
|
| Think about ethical and legal ways to teach things too.
|
| Edit 2-or just go to any of the net sec teaching/tutorial
| programs and say you'd like to teach your knowledge in a legally
| viable/acceptable way within their frameworks. Etc.
| rafale wrote:
| Hacking is one thing. I understand the technical thrill. But
| blackmail and fraud? That's a human-to-human interaction, not
| human-to-machine. Once a person cross that line where you are
| harming another person at that level, there is no going back.
| [deleted]
| denton-scratch wrote:
| With blackmail and fraud convictions (and a 3-year prison
| sentence behind you), I would hope that nobody would give you a
| job with access to systems that enable you to get at personal
| information or money. That's their business, of course; but
| they'd presumably be exposed to an action for negligence if
| something went wrong as a result of them employing someone with
| that record.
|
| Blackmail and fraud are both offences that involve using others
| as means to ends, and require the ability to discount the
| damage and pain you cause to others. If I were hiring a coder
| (let alone a computer security consultant) I'd search for a
| long time before hiring someone with a record of that kind of
| untrustworthy behaviour.
|
| Sorry to be blunt; I know that some companies pay good money to
| convicted criminal hackers for their expertise. But I think
| that's a deplorable practice; it encourages the view that
| hacking/cracking, blackmail and fraud are a sensible route into
| regular employment. I think those convictions should be a
| blocker.
| yholio wrote:
| > presumably be exposed to an action for negligence if
| something went wrong as a result of them employing someone
| with that record.
|
| That's just the type of bullshit that makes pizza restaurants
| not wanting to have a person with a criminal record anywhere
| in the building. It's a form of vigilante punishment that
| continues to for the life of a felon, way past the point
| where their debt to society has been supposedly paid.
|
| Employers should be banned to ask or process such
| information. "Is currently wanted or on parole" - legitimate
| question, "was ever convicted" - No, you have no right to
| know that, except very limited cases defined by law: working
| with children and the vulnerable, large sums of cash, working
| in the financial sector etc.
| denton-scratch wrote:
| If you want work in computer security, then you really
| shouldn't have a record of fraud. If you want to make
| pizzas, then you're not likely to defraud anyone but your
| employer; so it's her lookout. A blackmail conviction is a
| danger to other staff; it's the employer's responsibility
| to protect their employees against that risk.
|
| This guy seems to be on probation, and under supervision of
| SOCA - he hasn't yet completed his sentence. Are we talking
| USA? He's a felon, and in most US states he will never
| again be allowed to vote in elections.
|
| In this country you don't have to disclose prior
| convictions to anyone, beyond a certain date - I think
| something like ten years. I agree with that. In the same
| way, expired convictions can't be taken into account in
| sentencing deliberations. I agree with that too - I do
| think convictions should expire. Past acts shouldn't follow
| you around forever. But if you're on probation _now_ for
| two serious crimes, I think it 's crazy to say that a
| prospective employer shouldn't be allowed to ask, and to
| rely on your answer on pain of instant dismissal.
|
| And FWIW I don't agree with the US practice of denying
| felons the vote.
| m0ngr31 wrote:
| Yeah, once someone makes a mistake they should absolutely be
| barred from gainful employment forever! That will teach
| them... that they should remain criminals. Yeah!
| denton-scratch wrote:
| Yeah. Well, No.
|
| A physician who harms his patients through negligence or
| malice gets struck-off.
|
| A lawyer who steals his clients' money gets disbarred.
|
| A banker who mismanages his clients' funds loses his
| banking licence.
|
| If any of those was found guilty of using information from
| their clients to blackmail them, they'd have no future in
| their chosen trade - ever.
| m0ngr31 wrote:
| Sure, but presumably they weren't working as a security
| engineer at the time.
|
| Or think of it this way...
|
| Could someone not be a doctor if they had assaulted
| someone before medical school?
|
| Would a lawyer not be able to be admitted to the bar if
| they had been convicted previously?
|
| I'm actually not sure about those, they both might not be
| allowed. I just lean on the side of forgiveness once
| you've "paid your debt to society".
| JohnBooty wrote:
| I can't just walk into employment with my skillset
| because I'm not particularly talented
|
| Maybe in the world of cybersecurity where a lot of the talent is
| (from my outside perspective) pretty top end.
|
| For _most_ tech industry jobs, you 'll be way overqualified and
| the rest of the team will be in awe.
| pjbeam wrote:
| In my experience a huge proportion of security roles are filled
| with checklist cowboys/girls. The cadre of people you're
| thinking of is a small part of the set.
| davidandgoliath wrote:
| You're quite employable, regardless of past. You goofed up as a
| teen (who hasn't) and most folks can look beyond that, esp in
| infosec.
| opheliate wrote:
| > Serious Organised Crime Unit
|
| Are you based in the UK? That's probably relevant, it seems like
| a lot of the cybersecurity sector over here is very friendly with
| NCSC & SC is required for a lot of roles.
| FastEatSlow wrote:
| Yeah I've noticed it as well. I suppose it's because the GCHQ
| can't necessarily pay enough for very talented individuals who
| are required for certain work, whereas defence companies are
| somewhat poured with funds. I've heard that a popular path is
| to start in the government, then to the private sector to earn
| bank, and then back to public.
| Terry_Roll wrote:
| I phoned GCHQ.
| eli wrote:
| Many states and cities in the US have so-called "ban the box"
| laws that prohibit employers from asking about your criminal
| history during the initial hiring process or sometimes until a
| job offer has been made.
|
| Explaining why you have a criminal record is going to be a lot
| easier to someone who already thinks they want to hire you.
| axg11 wrote:
| You need to shift your attitude towards the job search:
|
| 1) You're clearly very talented, the record you describe speaks
| for itself.
|
| 2) Use your past to your advantage. Larger more corporate
| companies might be afraid to employ someone like you (_might_!)
| but there are tonnes of startups that could see your record as an
| advantage. It's demonstrated proof of your abilities!
| rootsudo wrote:
| I don't see any issue hiring you, there is a drain of true talent
| in the field.
|
| Be upfront and spin your story like Kevin Mitnick, publish a few
| articles and maintain a blog with your name and identity.
|
| Get a polished LinkedIn and post examples of past work, or what
| if's/what would you do.
|
| You most likely will not pass a background check for
| FINRA/Insurance companies, but who cares - those companies suck
| to work for anyway.
|
| You will/can easily bypass that wall by opening up your own LLC
| and selling consulting services, and verticals like "email
| security" or just basic/stupid DKIM/DMARC/DNS setup. You'd be
| surprised how much billing hours MSP's make just doing that basic
| stuff. I bill $150-200, and SOW's I've seen have it much higher.
|
| So take that as a floor.
|
| You can walk into many employers, and own the entire staff easy,
| you'd be surprised how low the ceiling is at most companies and
| how true talent or disorganized companies truly are.
|
| I've interviewed CISSIP/Full blown cert/degree peopel that
| couldn't even parse together a hello world or explain how to do a
| HTTP GET. It's that bad out there now.
| simonbarker87 wrote:
| Apply for the jobs you want. Be honest about your background and
| circumstances, let them rule you out, don't rule yourself out
| before even giving yourself a chance.
| kerneloftruth wrote:
| Own it, and capitalize on it! You've already written the first
| sentence of your sales pitch: "I was involved in a high-profile
| computer hacking case in 2015 which received international
| interest."
|
| Continue with "therefore I know about system security...". Write
| a book, charge a huge rate as a consultant. I'm serious. If you
| act like a beaten-down person, you'll be treated as one.
|
| It's classic making lemonade from lemons, but it can really work.
| If not, you've lost nothing.
| ohwellish wrote:
| >I can't just walk into employment with my skillset
|
| sure you can, give it a try
|
| proficiency is talent on its own and being a self taught means
| only that you can learn (and being _very_ good at it, considering
| your story)
|
| nothing's wrong with entry level job though, sounds like a solid
| place to start regardless of how much overqualified for that job
| you are - as long as you'll be doing what you love and there will
| be a clear promotion path for you
|
| and even if there's none that job can still do you good if you
| threat it as a stepping stone - a warm up for better job to come
|
| our past, things that happened before are important ofc but much
| more important things that will be, things that happens next
|
| so chin up, looking forward to read your follow up success story
| in few months, best of luck!
| xwdv wrote:
| The best way to describe your past is "ethically challenged". I
| too am an ethically challenged individual but by being somewhat
| upfront about this with my managers it has made me into an asset
| the company can trust with certain projects they'd rather not
| talk about with the company at large. The team of developers I
| work with are not formally acknowledged as a team, but our work
| often involves assembling the output of various disjoint teams
| into one solution that they'd probably object to building
| themselves as a whole.
| core-utility wrote:
| On an episode of Darknet Diaries [1] (great podcast by the way),
| there was someone in a similar situation as you who goes by
| DAWGYG, who found his stride after incarceration on HackerOne
| [2]. If I remember correctly, he holds the record for highest
| single payout. You could give that a try, though income wouldn't
| be steady you'd effectively be working for yourself and utilizing
| your skillsets for good.
|
| [1]: https://darknetdiaries.com/episode/60/ [2]:
| https://www.hackerone.com/
| [deleted]
| nefitty wrote:
| My God that is impressive. You seem like you tried to make it
| sound easy with your last paragraph. Technically speaking, what
| were the top three most impactful things you mastered on the
| journey to where you are?
|
| In terms of employment, have you found it too difficult to make
| living off of bug bounties? Maybe there's crews that would see
| you as an asset. Or maybe contract based solo consultation?
| kleton wrote:
| Was this the TalkTalk hacking case?
| thom wrote:
| Hope the kid receives 1/10th of the luck Dido Harding has in
| the aftermath...
| philk10 wrote:
| seems so as the name matches the email he's put here
| inetknght wrote:
| > _I 'm not particularly talented_
|
| Stop telling yourself that. You wouldn't be #11 out of 25,000 if
| you weren't talented.
|
| As long as you're open about your past and convictions, and your
| legal standing permits employment doing the work you'd do, then
| there's nothing stopping you from applying.
|
| When you see a job posting then look at what the requirements
| are. If you fit more than half then you should apply. The things
| you don't know can be learned on-the-fly. You'll no doubt have
| interviews that try to find your strong points and weak points.
| You'll have failures. But that's not a problem: everyone has
| those.
|
| This is _your_ market: there are tons of companies that are
| hiring for your skillset and you 'll land a job quickly if you're
| good enough at the core skills that are needed... which I'm sure
| you are.
|
| Edit: I would also add that I'm also completely self-taught. The
| only computer class I've taken was typing... and I got kicked out
| for cheating because it was boring. I've been employed in
| software for over 20 years and currently make $160k salary in TX,
| USA building software for drones. There are a lot of people in
| the computer industry who are self-taught. Don't let that stop
| you.
| DrBoring wrote:
| > Stop telling yourself that. You wouldn't be #11 out of 25,000
| if you weren't talented.
|
| I like this advice.
|
| I used to think I wasn't as good a programmer than a friend of
| mine because he had a larger breadth of skills than myself.
| Then I actually saw the code he was producing professionally
| ... and it was crap. It was functional sure, but not
| maintainable at all (if the business rules changed, then
| rewrites were awful).
|
| Where I work now, the developer team that I joined were a bunch
| of amateurs pretending to write business applications. Their
| code (which I'm still refactoring 10 years later) is awful. I
| seemed like a super star to my managers because they never knew
| the difference from a good and bad coder.
|
| That last paragraph wasn't meant to be employment advice. My
| point is, you never know how good you really are until you see
| how bad other people are. Couple that with the general self
| doubt we all sometimes experience, and you end up feeling like
| the worst in your field.
|
| I'm self taught too. I started coding at age 7. We're the best
| because we love our particular skill so much that we made a fun
| hobby out of it. We stayed up way late into the night honing
| our craft. Etc, etc ... other inspiring reasons why we're
| awesome at what we do.
|
| Edit:
|
| > Edit: I would also add that I'm also completely self-taught.
| The only computer class I've taken was typing... and I got
| kicked out for cheating because it was boring.
|
| Ha, I wrote my comment about being self-taught before you made
| your edit.
|
| On the topic of cheating: In 6th grade spelling class, we had
| to write out our weekly spelling words 5 times each. We were
| allowed to handwrite, or type it out on a computer and hand in
| the printout. I wrote a computer program where I would input
| the spelling words as an array (only typing them once), and it
| would output a text file for me to print out and hand in.
| vxNsr wrote:
| > _On the topic of cheating: In 6th grade spelling class, we
| had to write out our weekly spelling words 5 times each. We
| were allowed to handwrite, or type it out on a computer and
| hand in the printout. I wrote a computer program where I
| would input the spelling words as an array (only typing them
| once), and it would output a text file for me to print out
| and hand in._
|
| Wow, I wonder what the goal of that exercise was. Copy/paste
| has been part of windows since at least 95, no? Regardless,
| I'd think the main goal of forcing repetitive writing is
| improving handwriting and word recognition, which require a
| pen(cil) and not a keyboard.
| HWR_14 wrote:
| > Wow, I wonder what the goal of that exercise was.
|
| Clearly, to learn to spell words. In much the same way that
| kids have to practice arithmetic and saying "I just used a
| calculator to get the results" is fine in real life but not
| when you want to learn what addition is.
| DrBoring wrote:
| :) While writing my original post, I tried to mention that
| copy/paste wasn't common knowledge at the time, but
| couldn't form a communicative sentence on the matter. I
| certainly didn't know how to copy/paste at the time.
|
| This was in the days of Windows 3.1, and I was programming
| in QuickBasic 4.5 on DOS.
|
| I think the word processor I used when typing may have been
| Word Perfect.
|
| > Regardless, I'd think the main goal of forcing repetitive
| writing is improving handwriting and word recognition,
| which require a pen(cil) and not a keyboard.
|
| I think the goal was for us to memorize spelling of the
| word. Maybe improved handwriting was a sub-goal, I don't
| know. By that age, I don't think teachers really focused on
| our penmanship. I consider word recognition to be more of a
| reading skill.
|
| I was a lazy student. Spelling was never a priority for me.
| I never did well on tests because I never studied my
| spelling words. I was more into math and science. My
| parents never hassled me about my bad spelling test grades.
| abotsis wrote:
| I did this in WordPerfect in dos, even though I could
| program in pascal. Getting a compiler on the same computer
| as a printer back then was the biggest chore :)
| Cullinet wrote:
| I wonder if the "not very talented" self depreciation might
| mean talent with soft / people / social skills (the
| depreciation does strongly point to this) and therefore suggest
| that getting some education and training / experience in these
| soft skills might be the key to finding employment.
|
| certainly there's a inevitable associated presumption that
| criminal behaviour is caused by poor social awareness and so
| addressing the general area would also indirectly attack the
| unfortunately undeniable connected human behavioural profile
| that needs to be overcome.
| bladegash wrote:
| "As long as you're open about your past and convictions"
|
| 100% this. We had someone who hid that he was previously gone
| to prison for robbing banks. He used his dad's SSN and slipped
| through the cracks. He was terminated immediately when a girl
| who was mad at him called our company to let us know to get
| back at him.
|
| You can't know for sure if people will look past your history,
| but I can guarantee you don't want to hide it and have them
| find out later or someone hold it over your head.
|
| The place that is meant for you will be the one where you are
| accepted for who you are.
| notch656a wrote:
| Sounds like place he was at accepted him just fine until dumb
| bitch ratted him out for something that happened outside of
| work. Dude got a good run at least. Not lying about
| convictions sounds great from the pious ivory tower or from
| seasoned professionals who may have enough experience that
| others are able to look beyond their past.
|
| Dude already did his time, in my book the conviction doesn't
| exist anymore. My honest advice for ex-crims is to find small
| shops that don't run BG check (yes these places do exist) and
| never mention their crimes. After a 3-5 years in industry
| your past will be far enough behind you can get into most
| small businesses positions you are qualified for.
| tcgv wrote:
| I see your point, and I'm in favor of inclusion in the
| workplace, but it's not all black and white.
|
| Would you allow a convicted sexual offender who did his
| time in jail take care of your child in a day care facility
| to which he got employed and didn't disclose his past
| conviction?
|
| Things need to be put into perspective, and evaluated
| carefully.
|
| With that said I don't think immediate termination was the
| right decision to make in that situation the parent comment
| described. Inclusion requires consideration and empathy,
| the company didn't demonstrate that.
| syshum wrote:
| >>>Things need to be put into perspective, and evaluated
| carefully.
|
| And leading with hyperbolic "Think of the children" hand
| waving pearl clutching does nothing to put "things into
| perspective"
|
| In the context of this thread we are talking about
| someone convicted of hacking wanting to work in IT again,
| not a child molester wanting to babysit your child.
|
| So yes lets keep things in perspective shall we?
| tcgv wrote:
| You're right. I'm sorry if I was disrespectful with the
| participants in the discussion and the OP, that wasn't my
| intetion. It's indeed a completely different situation.
| notch656a wrote:
| I've not run a BG check on anyone who takes care of my
| kids. Sometimes we also hire babysitters to come take
| care of my child, I don't run BG check either.
|
| I probably wouldn't like it if I found out they raped a
| (actual, not like statutory w/ a lying 17 y/o with fake
| ID like happened to Cody Wilson) child, because I believe
| the appropriate solution for that is the death penalty,
| and thus I don't see them as having completed their
| sentence. But if someone is out in society, I treat them
| based on the way I have observed them to treat myself and
| others, rather than what the government says. A lot of
| sex offenses are total BS such as someone urinated in
| public (which is socially acceptable in many places of
| the world).
| btilly wrote:
| Are you aware that an estimated 1/4 of all registered sex
| offenders were themselves minors when they committed
| their offense? And age 14 is the single year that you're
| most likely to become a registered sex offender?
|
| I fully understand and appreciate the purpose of our
| laws. The practice, however, is a different story. And
| unless we stop including as crimes things that I'm not
| willing to consider crimes, I can't support the way that
| "registered sex offender" is routinely used to destroy
| lives over childhood mistakes.
| withinboredom wrote:
| Or the number of registered sex offenders for peeing on
| the side of the interstate.
| tcgv wrote:
| I wasn't aware of that, it's suprising and sad. Thanks
| for pointing that out.
| btilly wrote:
| It is not so surprising when you consider how many laws
| have fixed age limits. For example a 13 year old sends an
| intimate picture to a 14 year old friend, the 14 year old
| has just committed a crime by having that picture.
|
| The law is intended to target adult pedophiles. But when
| the people involved are basically the same age, it isn't
| pedophilia!
| notch656a wrote:
| Yeah not to mention no mens rea is needed for statutory
| rape. That is a 17 y/o could show you a passport and DL
| with her age as 18, and tell you and look like she is 18,
| yet you would still be convicted. Hardly any other crime
| has this kind of strict liability where honest and
| thorough due diligence doesn't absolve you of the crime.
| d4mi3n wrote:
| > Not lying about convictions sounds great from the pious
| ivory tower or from seasoned professionals who may have
| enough experience that others are able to look beyond their
| past.
|
| Sadly--and I do mean this, I agree with your sentiment--
| what we believe and what is required by an organization in
| a sensitive industry (finance, education, defense) are
| different things. For example, if you want to operate as a
| public company in finance with industry-standard
| certifications, you _must_ perform background checks and
| reject candidates with a criminal history involving
| financial crimes.
|
| Schools and other educational institutions likewise are
| require to reject candidates with a criminal record that
| includes charges of violent crime, sexual offenses, or
| similar.
|
| Lying about charges that aren't relevant to the filtering
| criteria will be noticed in such industries and be a big
| red flag to any HR rep or hiring manager reviewing an
| application. This also shields you from a situation where
| some other employee learns and disseminates unflattering
| information--if one's manager and HR has cleared that info,
| it's nobody else's business and you have avenues _and_
| support available to you to prevent discrimination due to a
| criminal history.
| syshum wrote:
| >>what is required by an organization in a sensitive
| industry
|
| That really is not a factor, I have worked for a number
| of organizations that would never higher anyone convicted
| of a felony who did not have any sensitive requirements,
| were not dealing with money, or personal info, or
| anything important really
|
| There is just a huge stigma when it comes to criminal
| records, which is doubly painful in a over criminalized
| society like we have in the US.
| notch656a wrote:
| I'm a huge believer that if people can't be trusted in
| society, they should be in jail, executed, or banished to
| someplace like Namibian desert / Siberia. A free man
| (after prison/probation) should be free; their conviction
| behind them and essentially erased. A free man can easily
| rape/murder/steal regardless of any BG check you put in
| place. If you're free, you have the full rights and
| priveleges of a free man including bearing guns or taking
| care of children or being CFO of a finance firm.
|
| Fuck any half-way system where you're released of all
| judicial punishment but you can't work, vote, or own a
| gun. THAT is cruel and unusual punishment.
| kuhewa wrote:
| Why is it important that a convicted child abuser be free
| to take care of children once their punishment is over?
| There are plenty of other fields in which they could find
| employment.
| notch656a wrote:
| I don't believe in having multiple classes of free
| citizens. If a free person wants to, they could easily
| abduct a child, barring them from taking care of kids is
| a laughable feel-good policy that insults the notion that
| there should be no free second class citizen.
|
| If someone can't be trusted to not abuse children, they
| need to be jailed or on probation until they can be
| trusted. Those people can't be trusted in public. If
| they've abused children through rape of small children or
| serious violence against the weak, just execute the low
| life. Children are everywhere, the idea an abuser is just
| fine being tempted with children everywhere, from the
| street to playground, except they'll be nice and honest
| and use their real SSN and identity when applying to work
| with children is a hilarious notion.
|
| And frankly, unless proven otherwise, I assume sex
| convictions are something like pissing by the side of the
| road or a 19 year old banged their 16 y/o girlfriend. The
| government loves to imprison people for insane reasons
| and sex offender registry is a poor guide as to whether
| someone can be trusted with children.
| Tepix wrote:
| There is a huge grey area. Statistically, people who have
| committed a crime are more likely to commit crimes again
| than those who haven't.
|
| That makes for a good argument not to trust them as much,
| generally speaking.
|
| On the other hand, integrating them back into society
| (something that's lacking in the US) works well for most.
| notch656a wrote:
| Which do you think is harder though, adbucting some kid
| into a stolen untrackable vehicle and go out into the
| wilderness where there's no chance in hell you'll be
| caught, or going to the trouble and length of becoming a
| childcare worker where your face and likely other details
| are exposed? Someone who is free can easily do the
| former, and with a stolen SSN and identity (this is
| laughably easy to get if you've ever worked in many
| factories you'll see tons of illegal immigrants with
| stolen SSN) can also easily do the latter.
|
| The whole premise is just laughable at face.
|
| This think of the children trope is just bait IMO to try
| and get us to accept that there are second class
| citizens, and allow us to put restrictions and loss of
| freedoms on people who have completed their judicial
| punishment. If we can accept this we might accept ending
| their constitutional rights such as the right to vote,
| bear arms, or speak freely.
|
| I understand the desire to protect children in this
| manner, I just think it's misguided and philosophically
| inconsistent.
| syshum wrote:
| Well that depends on the crime, and a whole host of other
| factors including the fact that it is ciruclar logic.
|
| We cant trust them because they re offend, but they re
| offend because of lack of opportunities created by
| society not trusting them....
|
| It is certainly true for property crimes, drug crimes,
| and other such actions.
|
| Violent crimes may be an exception to this, but then to
| the OP's point, if they are violent why are they out in
| the population to begin with?
| noasaservice wrote:
| Vouched because of the good conversations going on
| downthread. Parent is pretty crude. I can live with
| crudeneess and bring the quality of the conversation up.
|
| Anyways, I've wholeheartedly recommended lying in certain
| situations on employment. (Don't lie about
| certified/licensed/bonded jobs, dont like to the
| state/feds, dont lie about stuff you cant do.)
|
| A while back (2009), I was in a very bad run. Got laid off.
| Didn't have a job for 1.5y . And it's hard to get back in
| work without already having a job... You get the side-eyes
| of "why werent you working this time???" crap.
|
| So, I started lying on my resumes. I found a company that
| went bankrupt 2 towns over, and put them as employed in a
| role I'm easily capable of. Am I lying? Absolutely. Can I
| do the role? Absolutely.
|
| I got the job, unsurprisingly enough. And I was there for
| 1y, enough to get a better work history to get out of the
| rut I was in. And I hopped from there to a better position,
| all the while slowly cleaning up the fakeness from my
| resume all the while generating a valid work history.
|
| It sucks, sure, that there's no good way to break in the
| work-world if you've been ejected. (Que entry-level jobs
| that require 5y experience...) Frankly, vs starvation,
| homelessness, destitution - you damn straight I'll lie. And
| if I have to, I will definitely do it again. Capitalism is
| stone-cold and heartless. And if that's what I have to be
| to survive in the work-world to make money, so be it.
| notch656a wrote:
| Yeah when I wound up homeless, I started applying for
| lots of wage labor. I quickly found out they had no
| interest in hiring a college educated white-collar
| worker. I may or may not have discovered* that if I were
| to have changed my resume to all shit / labor jobs (while
| keeping everything else the same so I could remember the
| companies well), they would employ me. I would have been
| able to dig myself out of my rut and get stable
| employment in a factory until I could get back into tech.
|
| After working in factory few months, I was able to get
| apartment. With apartment, I was able to get myself nice
| looking and clean and tech job.
|
| My process from day labor/ homeless (save up enough for
| airbnb/hotel) -> wage job (save up for apartment) ->
| professional job at this point is pretty much a well
| oiled machine. Sadly the first two steps basically
| require dishonesty. I've only been through this a couple
| times in my life and hope not to again.
|
| *This is all fiction, of course.
| [deleted]
| ianai wrote:
| I think they meant for the usual jobs unemployment would
| attempt to match with an ex-con.
| dazhbog wrote:
| Given your skills, I would recommend a startup or a consultancy
| (anything self-employed). This way you shield yourself from
| having to worry about disclosing your past to others, worrying
| about background checks, or the self-taught part (which should be
| irrelevant but oh well). Plus you grow in whatever direction you
| wish.
|
| If you want the job route then you need to apply to as many
| things as possible and find a story version that wont scare
| people off. Don't lie, just give them a well packaged insight
| into what happened in the past. You also have humility which is a
| great start.
|
| Good luck!
| WestCoastJustin wrote:
| 100% agree re: anything self-employed. You are master of your
| own destiny then. Speaking as someone else who is self-taught
| without a degree that opened many door. It's not easy but
| you're forced to figure it out. OP definitely sounds like they
| have the work ethic and can put in the time to figure it out.
| lordnacho wrote:
| Your issue is not competence, nobody will doubt that you are
| capable.
|
| What you need is to show people that you're not going to cause
| trouble for them, which is more of a social skill that you
| demonstrate at the interview. Try to acknowledge that you did
| something bad, don't use words that diminish it, and try to
| explain that you want to move on and you now want to be a
| positive force.
|
| There's going to be some natural questions that everyone will
| ask, so consider them as set-pieces and practice your answers.
|
| The market is hot now, so get some interviews and see what comes
| up.
| huhtenberg wrote:
| Yep, the main hurdle here is the need for the OP to demonstrate
| that they left past _ethics_ fully and firmly behind.
| megous wrote:
| Demonstrate ethics? They'd have to be hired for that, I
| think.
|
| Otherwise how do you demonstrate ethics to someone who
| doesn't know you, yet? :) Certainly not in a interview,
| that's just talk and smiles and promises.
| feoren wrote:
| I think the OP's 2nd and 3rd paragraphs are good
| demonstrations of their ethics. A track record of "doing
| good" and having lots of others vouch for you is a good way
| to demonstrate ethics to someone who doesn't know you yet.
| lordnacho wrote:
| All you can do is give a good talk about why you're
| reformed. One thing that does work for you is that firms
| that decide to interview you must have given it some
| thought already, so there's got to be a chance.
| 0des wrote:
| Become a developer, never mention your struggles again post hire.
| geraldwhen wrote:
| I've never worked anywhere that would hire an ex con. Have you?
| [deleted]
| nraynaud wrote:
| I have never been asked this question for employment. In my
| country being forbidden to work in some area is an extra
| sentence that the judge would impose (it's mostly around
| being forbidden to manage a company, being elected, or using
| weapons) and would be checked by the probation officer, not
| the employer.
| webmaven wrote:
| It isn't a matter of being forbidden to work in an
| industry, but rather that some companies may be forbidden
| to employ you (and even then, the restrictions may only be
| for certain roles).
|
| Let's ignore the computer/security aspects of this
| particular situation, and come up with other examples.
|
| If you are convicted of a financial crime, for example, you
| are not barred from working as an accountant. You can even
| get a license and work as a CPA.
|
| But some companies may not be able to employ you _as an
| accountant_ due to your conviction.
|
| And, it is worth noting, you can certainly _lose_ your
| license if you commit a relevant crime after getting your
| license (or for failing to report some other felony to the
| licensing board).
|
| All the above varies considerably in the details between
| countries, and in the US between states (eg. in some states
| a conviction for a felony requires a hearing before the
| certification board before being allowed to take the
| relevant exam, and the board may not decide in your favor).
|
| Circling back to computers and security, the situation is
| _much_ more forgiving since there is no relevant licensing
| barrier; nevertheless, some companies may be restricted
| from employing people convicted of certain categories of
| crimes in particular functions: think of having access to a
| bank 's or credit company's customer information and
| accounts, or a health provider's patient data. But even
| organizations that are subject to such restrictions have
| plenty of roles (potentially even security roles) that
| aren't affected by these restrictions (except by their own
| internal policies, anyway).
| nraynaud wrote:
| We have a famous example here of someone who is forever
| forbidden to work around financial markets, that include
| the IT systems and network equipment.
|
| But I don't think companies here are ever barred to go
| further than the law. If employees have to be vetted,
| there is a department in the Ministry of Interior that
| does just that, they say yes or no without any detail as
| to why (and there is an appeal process that still doesn't
| involve the employer).
|
| But here if you cook the books as a CPA, you will
| probably be barred from the job for at least a few years.
| mtnGoat wrote:
| The vast majority will, some won't. Some aren't even allowed
| to based on their investors, client set or subject matter.
|
| The longer it is in your past, the easier it is to overlook.
| It's more about the actual charge than anything. Obviously
| some charges are harder to justify ignoring.
|
| Source: I'm a felon. Been there, done that.
| throwawaynay wrote:
| Yes, 100% of the places I worked at didn't care. the USA are
| a crazy place
|
| That's what remote work is for
| Taylor_OD wrote:
| I'm not an expert but your best bet is likely to double down on
| the bug bounty work.
|
| There are people with lessor convictions from further back than
| you who still have issues finding full time jobs because of
| background checks.
| spullara wrote:
| Kevin Mitnick is running a cybersecurity business right now.
| Maybe reach out to him.
| powerslacker wrote:
| You might want to apply to work at GiveSendGo. They just got had
| a newsworthy data breach and could probably use your talents.
| 3pt14159 wrote:
| Apply for everything. Let other people say no for you. If people
| find out about your past be 100% straight with them, but you
| don't need to be the one to bring it up. Work your hardest to
| provide value, ask for feedback and correct where necessary.
| You'll be fine. There's a lot of work in cybersecurity these
| days.
|
| Also, you should list the country you're in. Who knows, someone
| on HN could reach out with an opportunity.
| emeraldd wrote:
| This seems very appropriate and relevant:
|
| "By the time I was fourteen the nail in my wall would no longer
| support the weight of the rejection slips impaled upon it. I
| replaced the nail with a spike and went on writing."
|
| -- Stephen King, On Writing: A Memoir of the Craft
|
| https://www.goodreads.com/quotes/848294-by-the-time-i-was-fo...
| thekiptxt wrote:
| > Let other people say no for you.
|
| Wow. Upvoting because this is such a succinct and powerful way
| to say this, and I've never heard it before. i. e. It's not our
| job, domain, or in our interest to reject ourselves from a job
| we're interested in before applying
| jedberg wrote:
| Yes! I recently told this to a friend of mine. She kept
| saying "I won't apply for that job because I'm sure there are
| more qualified people applying" and I kept telling her "let
| them reject you, don't reject yourself".
|
| Finding a job and finding a romantic partner turn out to be
| really similar processes -- it's a numbers game and you can't
| sit around waiting for the perfect opportunity.
| donkeyd wrote:
| I recently told my SO this exact thing. They were doubting
| whether to apply for a higher position because they might be
| rejected. I told them that not applying would definitely mean
| they wouldn't get the job, so at least applying means there's
| a chance.
| [deleted]
| iJohnDoe wrote:
| 100% this.
|
| Everything you described about yourself would make you an
| excellent employee to have on hand at many cybersecurity firms.
| Create your resume and have a few people review it.
|
| Also, review your appearance and language skills. Make sure you
| are presentable in an enterprise or conference room setting. If
| a cybersecurity firm hires you, don't make them regret it if
| you can't hold yourself in a professional environment.
| colechristensen wrote:
| >you don't need to be the one to bring it up
|
| Yes, you do. I don't know about other countries, but everywhere
| in the US runs a background check. You will get a reasonable
| "no" rate, but telling people your situation is very much
| better than looking like you were hiding it when they
| eventually find out.
|
| OP probably would have the most success with a pen-testing firm
| or similar.
| 3pt14159 wrote:
| Nope. The only background checks I've ever had working for
| Americans was law enforcement / intelligence agency software
| (I was working for a Canadian company and they sold to them)
| and a contract for the Nasdaq.
|
| Other than that, it's just been straight skills and
| reputation. Even if it did come up he could always say that
| he assumed they would ask for a background check if they
| cared about this type of thing. Just let the man get some
| work and move on with his life.
| spullara wrote:
| Every job that requires SOC-2 compliance, which is most
| SaaS services, must require background checks for new
| employees.
|
| https://secureframe.com/blog/soc-2-background-checks
| gtaylor wrote:
| I've seen background checks at most of the mid-to-large
| sized tech companies I've worked at.
| 3pt14159 wrote:
| I believe you, but I haven't. Though I haven't done much
| large sized tech company work other than the Nasdaq gig I
| mentioned, which was background checked.
|
| I think the overall point doesn't really change. Apply.
| Let other people dismiss.
| abakker wrote:
| I think it might be fair to point out that just because
| they ran a BGC on you, doesn't mean your current employer
| told you they did. Background checks are incredibly
| common and the low-stakes kind are pretty cheap to just
| run ad-hoc.
| vageli wrote:
| Doesn't an employer need your consent to run a background
| check on you?
| archi42 wrote:
| It seems you did BB stuff before, but ended up on the dark side.
| If you want to avoid sliding in there again, a "regular" security
| job might be a good idea.
|
| It sounds a lot like pentesting in a web-focused team would match
| your skill set very well. But I suppose you already know that? I
| would not interview for Junior roles if I were you, or only if
| you're rejected higher p the latter. And if they tell you that
| you're overqualified, but the position and compensation appeal to
| you, just tell them you don't care and would be looking forward
| to work with them.
|
| Regarding your conviction: This is most relevant if the clients
| require some sort of clearance. Also your employer needs be able
| to trust you, which means you have to demonstrate that you can be
| trusted (and add to that some blind trust from the would-be
| employer, but you not influence that too much).
|
| There are also other security related positions, which you might
| enjoy. You already had contact with some large corps, maybe you
| could interview there?
| zeepzeep wrote:
| Do you know @thedawgyg?
|
| I guess blackmail & fraud are a problem but if it was related to
| hacking I guess you'll still find a job. It's gonna be hard, but
| there are companies that care about your hacking skills, not
| about your past.
|
| > This leads me to believe that I should look for entry-level
| positions but I've been told I'm overqualified
|
| You sound like a senior pentester if you'd ask me...
| rodolphoarruda wrote:
| Are you sure you want a typical job? To me, you look like an
| accomplished professional ready to run his own gig either by
| himself or by employing a handful of people. Find a market niche,
| work on your personal brand, advertise and get to work! I have no
| doubt your personal satisfaction will be equal or even greater
| than working for somebody else via a regular job.
| dk79XuL9 wrote:
| happy to have a chat with anyone that's interested:
| danielkelley@email.com
| andi999 wrote:
| Try for a while the other advises, but also consider switching
| careers. Companies who pay for security are sometime paranoid and
| might not like a background like this. What about looking for
| entry level software development.
| Terry_Roll wrote:
| What was your motive?
| dk79XuL9 wrote:
| My first offence occurred when I was 13 years old. I'd chalk it
| up to inexperience and a lack of ability to anticipate the
| consequences of my actions. I was really self-absorbed. I'm not
| the same person I was back then. It has almost been a decade.
| Terry_Roll wrote:
| Things are more joined up than you realise here in the UK.
| You know it was me who phoned GCHQ?
| SirChainsaw wrote:
| Don't worry about the official criminal record. I've been a
| software developer for just over 20 years....had a DBS check
| once. Just once.
|
| You clearly are talented so stop telling yourself that.
|
| Have you thought about starting your own security consultancy?
| Cullinet wrote:
| the quandary of either hiring employees whose hacking efforts
| on my company's infrastructure I can defeat / defy and hiring
| someone who I can't protect myself from is going to come down
| to some very individual assessments that I don't believe a DBS
| check can help me with.
| 1970-01-01 wrote:
| Your (unstated) goal is to rebuild trust and rebrand yourself. If
| I were you, I would start a small pentesting business. It's not
| trivial and isn't for everyone, but it would be the easiest
| (IMHO) path to that goal. There are thousands of books on how to
| begin that journey. Kevin Mitnick took this path.
|
| https://en.wikipedia.org/wiki/Kevin_Mitnick
| ttGpN5Nde3pK wrote:
| pre-apologize if you are looking to move beyond your past and I
| completely understand/please disregard my suggestion if that is
| the case... but tbh you sound like an ideal candidate to market
| _you_ as a brand. I'd keep doing bb and contact the platforms you
| are working on with your story. bb seems to be all about telling
| the story of how they can help people move out of doing things
| illegally and still make great money.
|
| There are also a lot of podcasts/etc that would be happy to have
| you tell your story. Huge upside to that IMO with reach and
| sharing to help keep future people out of trouble.
| samwillis wrote:
| I may be wrong but if he is who I think he is I suspect he may
| want to keep a lower profile due to the nature of the
| convictions. I suspect in his case shouting "hey, I did x"
| loudly on blogs and podcasts may be detrimental.
|
| I truly believe people should be forgiven for past deeds and
| given the benefit of the doubt. I'm sure he will find good
| employment and I hope he has a good career in the security
| industry. He clearly knows his stuff.
| Macha wrote:
| If you do run into trouble finding a job, you might have better
| luck in consulting or similar. My previous employer, employees
| are vetted by HR and (once your conviction would be raised) legal
| who would reject you for your record, but "independent security
| consultants" were vetted by the security team who were actually
| more understanding in that regard.
| [deleted]
| inglor wrote:
| A bunch of friends just look for and then sell vulnerabilities
| (the good ones to bug boundary programs the less ethical ones to
| governments or companies).
|
| The price of a zero day exploit is quite high (for both sides)
| and I have friends who make much more money than I do doing this.
|
| That said they mostly work alone or in small groups in their
| basement rather than at a large security company.
|
| I would hire (or at least interview you) with a prior conviction
| though I am not hiring for a security role.
|
| I don't think the conviction is a serious impediment for
| employment in this particular field (since it's for a non-violent
| crime) though it might warrant supervision on your employer's
| side and I can definitely see the larger companies not wanting to
| take the risk.
| bink wrote:
| As someone in the security field, please don't sell exploits to
| brokers. Aside from the moral and ethical implications it's
| also doing a disservice to the industry in general.
| jnwatson wrote:
| Compare that to the ethical implications of megacorporations
| expecting private individuals to work for free or peanuts.
|
| A rational individual should look at bug bounties and exploit
| brokers and use the highest bidder.
|
| I'm a security professional, and I think brokers are a net
| positive to the industry. The more that market makers expose
| the real price/cost of security flaws, the more investment
| will be made in defensive measures.
| texasbigdata wrote:
| Just out of curiosity what's "high"'
| inglor wrote:
| 500k-2m depending on severity is a good ballpark figure for
| numbers I've heard of
| FastEatSlow wrote:
| Very high, zerodium [1] offers from $10k to $1mil depending
| on the exploit.
|
| [1] https://zerodium.com/program.html
| programmarchy wrote:
| This reads like an elaborate humble-brag. You'll have no problem
| finding a senior position in cyber security if that's what you
| want. Like others have mentioned, sounds like you could probably
| do a lot of good (for the public and yourself) hunting bug
| bounties.
| lifeplusplus wrote:
| Open a company and offer webinars and get security contracts.
| Make millions.
| pain_perdu wrote:
| I've been in tech for years but my background was also 'non-
| traditional' (I didn't commit an crimes but definitely didn't
| have a relevant degree or connections etc) I would be happy to
| help you with some intro's to startups who would consider a
| candidate with your background.
|
| Feel free to email the address in my bio and I can see if you're
| interested in talking to anyone in my network.
|
| Good Luck!
| wonder_er wrote:
| I bet there's lots of companies that would hire you, based on
| this particular HN thread alone. Here's what could be worth
| doing, and wouldn't take much time at all:
|
| 1. put together a one-page website, on a domain like
| firstnamelastname.com 2. Add a link to this page 3. Put a link to
| your website in your email signature
|
| Done! Now everyone you ever email, if they want to know more
| about you, will know that you're _deeply_ proficient in certain
| domains, and it'll be up to them to decide that you might be a
| good fit.
|
| Since you've got this particular charge against you, and the US
| makes it nearly impossible for people who have run afoul of the
| state to legally be paid, but you _might_ be able to open up a
| Stripe account, and create a "payment link"
| (https://stripe.com/payments/payment-links) for a one-off
| "roadmapping sessions"
| (https://doubleyourfreelancing.com/roadmapping/) where a
| company/team pays you $10,000 and you'll visit them (virtually or
| in person) for a day or two to talk about their thorniest
| security problem.
|
| "The system" wants you to apply to (and be hired into) an entry-
| level position, but that would be a giant waste of your time and
| everyone else's.
|
| I wrote this article for eager bootcamp grads, looking for their
| first job. You're not a bootcamp grad, but it _might_ be helpful
| to you: https://josh.works/remote-job-resources
| Cullinet wrote:
| straight up I have something UK based that I can propose that
| might get you set up as a independent consulting business
| timescale early this summer, might even know the right people for
| your situation as long as you are groovy with learning along the
| way with some steep curves. email address to reach me in my
| profile in a mo.. Very best luck with everything don't let 'em
| get you down!
| YesThatTom2 wrote:
| As someone who hires many people it comes down to whether or not
| you are humble about it. Or, to be more blunt: if you're as ass
| about it.
|
| Humble: "I have a bad thing on my record. I understand what I did
| wrong and want to move forward with my life, doing good work, and
| being a responsible citizen."
|
| Jerk: "I got busted but those jerks din't see that I was helping
| them! It was all BS, dude!"
|
| I'd gladly interview someone that got in trouble but shows
| humility about it.
|
| Tom
|
| P.S. I hate that this is true, and people will probably flame me
| for saying this. I don't know what you look like or how you
| dress, but you'll get a lot of mileage out of dressing and
| looking neat. (no tshirts, hair trimmed and not sloppy, etc.)
| endorphine wrote:
| Off topic but I have to ask, sorry: Are you MySpace's Tom?
| shiado wrote:
| Trace your family ancestry and look for any types of citizenship
| by descent you are eligible for. If you can get another passport
| leave, then change your name and start fresh. If you have the
| means you could even try citizenship by investment. For a few
| hundred grand you can get a new passport, but it might be tricky
| if they look into criminal past. Move to the Caribbean and work
| remotely.
| jamal-kumar wrote:
| Man it's not even that much money to get the new passport.
| Depending on where, but there is options well under that which
| will get you around (Panama for one)
|
| It sounds like their problem at this point is probably travel
| restrictions.
| yrral wrote:
| Have you looked into auditing decentralized finance (defi)
| protocols? There is currently a huge demand and very low supply
| of good auditors. I believe there also are very many "anon"
| auditors in the space, so your past would not be a big problem I
| don't think.
| ceva wrote:
| Why don't you continue to do white hat hacking, and chase for bug
| bounties? Why would you ever want to be employed by some
| corporation?
| high_byte wrote:
| dude why don't you just continue working on bug bounties? #11
| should be able to make 6 figures easy, probably 7 figures a year
| in bug bounties.
|
| if maybe that's not your thing and you want "a job" I'm sure many
| people will be willing to help, me included. feel free to contact
| me on Twitter @high_byte
| throwawaynay wrote:
| employability? lmao
|
| smart employers would kill to get someone like you
|
| I personally know a guy who got convicted at an early age for
| similar stuff, he never had any trouble finding work, even worked
| for some governments
|
| any decent security startup would do anything to get you
|
| bro I'm actually jealous
|
| also: freelancing of course, rarely seen background checks for
| freelancers
| d4mi3n wrote:
| My company is hiring. I'm a firm believer that folks shouldn't be
| punished by the US justice system, but instead reformed.
|
| I can't speak to your circumstances, but my team is hiring for
| folks like you and barring any policies I'm unaware of I'd be
| happy to help you make a connection. Details in my profile if
| you're interested.
|
| On a more general note, there's currently a high, steady-state
| demand for AppSec, CloudSec, NetSec, and generalist technical
| security specialists with software backgrounds. There is work out
| there and I don't believe you'd have to accept an entry-level
| position to get it.
| czbond wrote:
| Following on - OP could also take an advisory role in a
| consulting firm - potentially in office strategy and
| implementation of penetration testing, etc.
| CyberBank wrote:
| Where are you based?
|
| Happy to have a chat -- I run VM for a large tech company and
| have a lot of openings
| hirundo wrote:
| A former coworker of mine was a convicted "hacker" who did time
| in federal prison for it. Part of his story was told in Clifford
| Stoll's The Cuckoo's Egg. The coworker told me that he had stuck
| at the current company for many years because he felt that his
| reputation, including a Wikipedia page, would prevent him from
| getting another good job. I told him I thought it might help him
| more than hurt him, and he just shook his head sadly. But then a
| year later he did start a job hunt, and found an excellent high
| level position at a large successful outfit almost immediately.
| He's still there. They knew who he was and what he did. I think
| that rep helped him more than a little.
|
| It depends what you did of course. In his case the only plausible
| "victim" was AT&T, and he disputes that too.
| conductr wrote:
| This is probably unhelpful but you should consider just being a
| consultant for hire. I think your abilities will speak for
| themselves and your reputation will speak much louder than your
| lack of official training. I doubt you'd even need to disclose
| your criminal history for most clients.
|
| Also you may find it better to network with hiring managers vs
| filling out online job applications. The HR screening is going to
| bury you many times where a human could help you side step it.
| cushychicken wrote:
| One of my main consulting clients is always looking for people
| who are interested in or experienced in cybersecurity research.
|
| https://www.riverloopsecurity.com/careers/
|
| I can't guarantee anything, but just from what you've written
| here, I think they'd be interested in a conversation.
| runjake wrote:
| - Stop with the self-deprecation BS. It's hurting you, in the
| eyes of yourself and others. But don't be cocky, just be humble.
|
| - Own your past. You've paid the price to society. Go public and
| tell your story -- be it a sentence, a tweet, a paragraph, an
| article, a podcast episode[1], or a book. Putting it all out in
| the open will make you more hireable.
|
| - Don't fsck it up. Grow your integrity and ethics, or at least
| maintain them and keep them impeccable. Keep that old saying[2]
| in mind, it's so very true in a case like yours.
|
| - Connect with others in areas you are interested in. (Twitter
| seems to be great for cybersecurity)
|
| - You did the blackmail thing as part of your crimes, so realize
| it will take time and effort to gain trust.
|
| - If you have that particular hacker mindset, you can quickly
| acquire the modern skill sets.
|
| 1. Maybe Jack might want to have you on Darknet Diaries at some
| point, if your story is interesting enough? He does it in a
| story-telling style that takes the pressure off the guest that
| they would normally have in an hour-long interview format.
|
| 2. (NSFW quote about bridge building)
| https://www.quotes.net/mquote/73833
| sys_64738 wrote:
| For sure, corporate America is all about background checks so
| maybe being an independent contractor or consultant is the way
| forward?
| werber wrote:
| If I was in your position I would post your contact information,
| even a throw away account on this post as you're on the front
| page of hn and you might never get to have this great of an
| opportunity again to find legal employment.
| tgflynn wrote:
| If you've done so well with bug bounties do you really need a
| job, can't you make a living doing that ? I'm personally very
| interested in the answer to that question because that's a route
| I'm considering pursuing myself, being for a variety of reasons,
| outside the window of traditional employability. But if with your
| skills you can't make a living at it then I certainly don't have
| a shot.
| kelnos wrote:
| Not the OP, but personally I'd be worried about the
| inconsistency of income. Maybe in the span of 4 months you make
| $100k off various bounties, but then in the next 4 months you
| only make $10k.
|
| Then there's also the extra taxed you have to pay when you're
| self-employed, and the cost of health insurance (assuming US
| here, OP didn't say where they're from). Some people just like
| the security of full-time, salaried employment, with benefits.
| jll29 wrote:
| Doing consulting as has been suggested sounds a good idea.
|
| You could also write a book telling your story (if you're not a
| talented writer, there's ghost writers to assist) or do a Ph.D.
| with Ross Anderson and beccome a security researcher.
___________________________________________________________________
(page generated 2022-02-14 23:01 UTC)