Ask HN: Recent computer hacking convictions and employability
26 by dk79XuL9 | 22 comments on Hacker News.
I was involved in a high-profile computer hacking case in 2015 which received international interest. I eventually pleaded guilty to charges of blackmail, fraud, and computer hacking. Following that, I was sentenced to four years in prison. I'm currently on probation for a year, and I'm also under the supervision of the Serious Organised Crime Unit for another four years. I'm bound by a number of technical constraints. The authorities in charge of my supervision are happy for me to find legal work in cybersecurity, but given my current circumstances, I just wanted opinions on how I should approach this. I'm completely self-taught, and while on bail, I did a lot of responsible disclosure. I collaborated closely with CIRT teams, system administrators, website developers, and government agencies to ensure the remediation of over 3,000 web-application vulnerabilities. I wrote technical reports, provided remediation guidance, and validated patches to ensure that security issues were properly closed (in an informal capacity). My first bug bounty contribution took place in 2012 which was a GET-based reflective XSS on a subdomain belonging to Microsoft. Over 30 private and public sector entities have sent me letters of acknowledgement. I've also been inducted into a number of halls of fame for uncovering vulnerabilities. In 2019, I was also ranked 11th out of 25,000 active researchers on a bug bounty platform. I can't just walk into employment with my skillset because I'm not particularly talented, just proficient in web-application security and various methodology used to identify vulnerabilities. This leads me to believe that I should look for entry-level positions but I've been told I'm overqualified. Some opinions would be appreciated.
0 Comments