Career Advice Tuesday – Does The InfoSec Profession Give Second Chances
August 11, 2009
Dear Mike and Lee:
I have not been able to get what I feel is full/good advice in my attempt to enter the Infosec career. I have a felony record here in the US. The crime was when I was younger and I have since(11years now) proven that I have changed my ways and that the whole issue actually helped me get on the straight and narrow.
My question is: Can a person in my situation expect to enter and survive in an Infosec career? I was reading a book titled “Infosec Career Hacking”. It said, if you have a felony record, you can forget a career in this field. That was not a direct quote but the point clearly stated the same thought. Is this true?
I have worked my way up the IT ladder and currently fill an Enterprise Architect position for a government contractor on a government contract. I have not achieved the clearance that I need yet. I do have a chance to voice my opinion on security issues in my current role, but I would like security to be a main focus for me. Do you have any insight into this?
Dear “Changed Man”:
You are definitely facing an uphill battle.
First of all, I think that blanket statements are bad – and I do believe that it is possible to get a career in information security even if you have a criminal record. I have seen it done before and have worked with a few candidates that have had to overcome this obstacle.
In order to accomplish this, you are going to require a combination of candor, excellent skills, reformed character , open-minded hiring managers, and some old fashioned “good luck”.
I am not saying that it will be easy, but it is definitely possible. I also believe that you may find more acceptance in the commercial/corporate world, then you would find in the public sector (Government roles).
Here are some guidelines for you to consider:
1) Full Disclosure – Make sure during the initial part of the interview process, you reveal that you have a felony. No matter how embarrassing, tell them what happened, what you learned, and how your reformed.
Many people believe that a past transgression alone will disqualify them for a position, and choose not to reveal that to the hiring party. That is the worst possible thing that you can do! More people lose opportunity due to the “cover-up” as opposed to the offense.
It turns out that many people have open minds and are willing to forgive past transgressions. When you choose not to tackle this type of situation head on and address it, you appear to be dishonest and deceitful, which are not positive attributes for any Information Security professional.
2) Demonstrate Examples From The Past 11 Years That Enforce Your Character – I would give examples of how you have given back, made restitution, and changed your life to reflect the code of ethics required to be an Information Security Professional. This is critical. It is one thing to say that you have reformed, it is another thing to have proven it with tangible examples.
One of the best ways to do this is to volunteer your time – either at schools or public gatherings, and help educate others on computer security. You can speak about relevant topics that could include on-line safety, protecting your personal information, or the negative consequences of hacking.
3) Outshine Your Competition – Because of this felony, you will have to be that much better than your competition – so make sure you blow them away during the interview. This is essential, since you enter the interview process in a less than enviable position.
As we learn by examples in society, people with special talent usually receive some preferential treatment, and are more likely to receive the “benefit of the doubt.” (I am not saying I agree with this, but it happens to be the case.)
Make sure that your talent is indeed special. Become great at something and develop expertise that can demonstrate your value to your employer. If you indeed are exceptional, chances are they may become a stronger advocate of your hiring, and you may be more than likely to overcome this obstacle.
I wish you well in your pursuits and appreciate your bravery by asking this question. I do not believe that your situation is unique in the Information Security profession.
I hope that your future employers have the ability to see the “changed man” in front of them, and not the “foolish teenager” of 11 years prior.
Good luck to you.
Mike and Lee
Posted by lee | Filed Under Uncategorized