Feeds

How to put "Stuxnet author" on your CV

"Malware is a legitimate occupation," suggests analyst

Application security programs and practises

With Stuxnet outed as a government-sponsored project by none other that one B. Obama of 1600 Pennsylvania Avenue, the world has concrete evidence that states commission the coding of malware.

That evidence led Anton Chuvakin, a research director in Gartner's IT1 Security and Risk Management group, to ponder just what the coders hired to do the deed can say about it on their curriculums vitae.

“'Malware' … is now a legitimate occupation that you can put on your resume,” Chuvakin suggests, half-jokingly, before going on to offer this format for government-directed malware authors CVs.

“2006-2007: developed ‘attack software’ for XYZ government”

It's since been suggested to us, however, that Chuvakin's suggested may not be entirely suitable, given that anyone working on this kind of thing will be asked to sign a confidentiality agreement.

Such agreements, says Peter Acheson, CEO of recruitment company Peoplebank, “prohibit them from disclosing too much about the specifics of the technology and the project generally.”

Acheson therefore suggests that those among you whose careers have wandered in this direction “discussion of the specific tasks in terms of the project rather than references to the types of technology or what the specific project was designed to achieve” on your CV. That form of words, he feels, will get you credit for shady work without resulting in a window-less van arriving outside your home at dawn.

Acheson suggests the following hypothetical format to get malware gigs onto your CV:

2009– 011 – Department of Defence – Israel Project Director – Strategic Defence project. Worked on the development of strategic defence software for Department of Defence. Project had defence classification XYZ 123. Responsible for all aspects of overseeing development of the strategic software including management of 200 people.

“Often there will be some sort of ability to check participation on the project by talking to a Senior person in Defence about their involvement in the project,” Acheson adds.

Gartner's Chuvakin also raises, in his post, the need for new langauge to describe Stuxtnet and its ilk, and his suggestions may help you to craft suitably evasive CV entries.

“What do you call 'malware' working for the good guys?” he asks. “'Attack software'? 'Sabotage-ware'? 'Good malware'? We need a whole new language to describe what we are seeing now. This is 'one man’s terrorist is another man’s freedom fighter' all over again… “ ®

The Power of One Brief: Top reasons to choose HP BladeSystem

More from The Register

next story
Microsoft's MCSE and MCSD will become HARDER to win
Redmond decides it won't replace Masters certifications, so lesser certs get more rigour
'Oh my god – Mark Zuckerberg wants to meet me'
'The Swiss have got no great interest in working with Apple'
Dammit, Foxconn: Where's our 1 MILLION-strong robot ARMY?
'Foxbots' just aren't good enough to take up the slack
Devs: Fancy a job teaching Siri to speak the Queen's English?
Spik propa lyk dis blud innit, ya get me?
Bankers bid to use offshore temp techies
WikiLeaks publishes Financial Services Annex to 50-nation Trade in Services Agreement
Hey! Where! are! the! white! women! at!? It's! Yahoo!
In non-tech jobs, that is – still mostly white men running Marissa Mayer's web biz
Non-techies: The cute things they say
'OK, smartass, the firewall is blocking the proxy server.'
Join me, Reg readers, and help me UPGRADE our CHILDREN
Think of the children? I just did, says Dom Connor
Dream job ad appears: Data wrangler for Square Kilometre Array
Curtin University seeks extreme sysadmin for Murchison 'scope
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.