|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Sunday, 23 January 2000||Author: Jobs Staff|
|Published to: interact_articles_jobs_ask_staff/Ask the Jobs Staff||Page: 1/1 - [Std View]|
Ask the Jobs Staff: Past Mistakes
Dear Jobs Staff: I found a security problem with the school's computers and I played around with it for fun and then let the real sysadmin know but I got expelled for 'hacking'...
I have a job interview coming up in a week but there's a problem I hope you can help with. I've been working with Linux and other OS's at home a lot, and have even had a paying job as sysadmin for my brother's isp, but the problem is my education. When I started going to college last year, I found a security problem with the school's computers and I played around with it for fun and then let the real sysadmin know about it but I got expelled for 'hacking.' Now I don't know what to say when they ask me why I'm not in college or why i dropped out??? I'm afraid that they won't want to hire me if I tell them I got expelled, but I don't know if I should lie about it or not bring it up or what?
Whew! That's a bad one. First of all, there are a lot of people with a similar story. Of course now you know to never play with security holes except on *your* systems, and always put things back the way you found them! The unfortunate truth is, one time out of a hundred the real sysadmin will think of you as a hero for pointing it out, and the other 99 times, they'll try to get you kicked off the net or even put in jail. The thing about it is, a lot of folks feel extremely threatened when you point out a hole on their system, especially if you've taken advantage of it even just a little. Think about how you'd feel if you left your keys in your car and some rowdy got in and drove it around the block a few times yelling, "Your car is insecure! Your car is insecure!" Okay, lecture mode off!
With that said, you need to know that some employers will actually consider this a good thing, or if not entirely good, at least a desirable qualification. After all, if you were not maliciously trying to crack the system but were just trying to help make it more secure, well, then, you're obviously on your toes at least a little security-wise, and that can be an advantage. It's very important to be honest about the incident if it comes up, though, because if you lie and get caught later -- well, that will cause even more problems. On your next job interview you'll have to lie about being expelled *and* about being fired for lying about being expelled. You can see how that can snowball.
The key here is that you need to be calm, organized, and not in any way defensive, since if you get defensive about it, well then, they'll think you have something to defend and it follows that if you have something to defend, you did something bad. Our best suggestion is that you explain the situation as well as you can, and emphasize that you did not have any malicious intent -- you just wanted to prove that there was a problem so it could get fixed for everyone! It probably won't hurt to admit straight out that if you had it to do over, you would have notified the sys admin *before* you "played with it." (You would have, wouldn't you?) This not only shows that you can admit where you've been wrong, but that you're willing to rectify your mistakes. It'll help a lot if you can write down your explanation for yourself too...so you're not flustered when it comes up.
There are quite a few people out there who have done similar things. We won't lie to you, it may hurt your chances of getting a job, especially when you're dealing with recruiters or very conservative companies. If possible, it may be better to leave it until the interview, when you'll presumably be talking to a human being. One last thing to consider: companies who appreciate creative and self-motivated people will be the ones more likely to overlook this incident as a problem and see it as an asset, whereas the more conservative companies won't. If you do get rejected from these types of companies, think about whether you really want to work for a company like that. It's possible that they may not appreciate someone who works "outside the lines" and thus, you might not be happy there anyway. Food for thought...good luck!