Career Advice Tuesday – ” Yom Kippur Addition”

October 11, 2011

Dear Infosecleaders:

My question deals with a touchy topic. I am an IT and Infosec veteran with a 16 year old felony for crimes related to moral turpitude (theft). The state I was convicted in does not have any mechanisms for expungement, short of a pardon.

I won’t make excuses, and never have but suffice to say that I made some stupid mistakes as a kid in the military and have learned my lesson. I’ve been fortunate enough to work for a few employers in state and local government who saw fit to give me a chance and I have really excelled. I’m active in the infosec community, have earned a college degree and a ridiculous number of certifications and have started to develop a name for myself in the community. My personal branding strategies seem to be really taking off.

The issue I’m running into is that I’m looking for greater challenges and my background has created some roadblocks for me. I’ve been turned down for a few opportunities but my fear is that if I apply and get turned down at too many more I will start to develop a “rep” as that felon who thinks he can work in IT security. The information security community is relatively small and this would create significant challenges for me. I interview extremely well and I have recruiters beating down my door, at least 12 unique hits every week but the my past becomes a real stumbling block.

Should I count myself fortunate to have a job at all even if I’m not happy there or run the risk of further exposure with employers and the development of a “rep”? At this point I’m starting to get discouraged. Yes I made a mistake 16 years ago but I could really use some advice for moving forward with my career.


A. Tony Ment


Dear Tony:

I would tell you that the first thing that I would do, would be to think of myself as an Information Security professional, who made a mistake early in their lives, as opposed to a felon, who has taken up information security as a profession.

From a self esteem perspective, I do not think it is healthy to view yourself this way, especially with how far that you have come in the past 16 years.

From what you have shared, you have a great deal to be proud of – including your education, your certification, the development of your personal brand, and industry standing.   My feeling is that you should be more focused on your accomplishments as opposed to your transgressions, and you should use this as an opportunity to demonstrate personal and professional development to others whom you encounter.

That being said, I understand how a previous mistake that you made as a younger person, can come back to haunt you in the development of your professional career, and can become an obstacle in your pursuit of loftier information security career goals.

Here are some things that you may want to consider along your way to minimize this:

1)    Do Not Worry About Group Think -  Plain and simple, I do not believe that many people in the information security community will ostracize  you for a mistake you made in the past.  First of all, most of the information security pros that I know are not that judgmental and are a pretty accepting bunch.  Secondly, many of them are going to be understanding, as they were young once, and may have done some things that could have been construed as “grey” hat, in their earlier days.  The only thing that may differentiate you from them, is the fact that you got caught –and fortunately their actions went unnoticed.

2)    Control Your External Exposure -  When someone tells me that they have their resume posted and that they have been contacted by over a dozen recruiters, my first reaction is that they are not effective in managing their careers.   Placing yourself in the public eye, forces you to create a more public persona, and reveal both favorable and unfavorable attributes to  larger audiences.  In your case, this is not a good thing, because many recruiters who’s primary source of candidates are “job boards” and “social networks” – are not adept enough to handle your specific situation or to address it with people empowered to make a decision about your future as an information security professional.  You need to manager your job search process, and that means utilizing someone who understands how to manage and communicate your profile to others, including your felony.

3)    Be Up Front – But Not Too Upfront -  Personally, I think that there is a time and place to reveal an unflattering past, whatever it may be.  Usually, I believe this to be sometime shortly after a relationship has been developed – after one or two phone conversations.  This will enable the other party to be able to formulate an opinion based on facts and talent, as opposed to jumping to conclusions that are associated with a term, like “convicted felon.”   After that has been established, and before anything gets to far (i.e. a recruiter making an introduction, a first level interviewer introducing you to a supervisor, or the incurring of any expense (money or time) for an interview) you should reveal your “Scarlet Letter”.   When you reveal it, I would begin by letting the other party know that it took place over 15 years ago, but nonetheless it happened, and you have paid your debt and have  taken responsibility for your actions.

4)    Demonstrate “Community” Service -  This is my personal belief, but I think it is the most important thing that you can do.  It is one thing to attempt to improve your own life, but by helping others improve their’s, from the lessons learned by your own mistakes, takes it to another level.  What I would do, would be to figure out a way to do this on a regular basis – this can be in the form of speaking to youth groups (Hackid) , donating your time to information security causes (I Hack Charities, the EFF), or non Infosec causes that benefit some of the people that you may have previously hurt.   By doing this, it will show others that you are indeed remorseful for your actions and offers a form of restitution that can be measured and referenced.

In closing, these are some general ideas that may help you overcome this obstacle.  In the end, you will definitely encounter both individuals and companies whose policies will prohibit them from considering your candidacy.  Unfortunately, you will need to accept this.

That being said, over my years of working in the industry, using these methods, I have been able to secure employment for information security leaders who found themselves in similar situations.  The process is never easy, but it is definitely possible

Hope this helps,

Lee and Mike


Posted by lee | Filed Under Advice, Behavior, Career Advice Tuesday, Planning, Position Selection, Recruiting, Security Industry 


One Response to “Career Advice Tuesday – ” Yom Kippur Addition””

  1. OEM Adobe Web Premium CS4 on October 21st, 2011 12:47 pm

    Hey! You’ve got a design here that’s not too flashy but makes a statement as big as what you’re saying. Great job, indeed!