Feeds

How to put "Stuxnet author" on your CV

"Malware is a legitimate occupation," suggests analyst

SANS - Survey on application security programs

With Stuxnet outed as a government-sponsored project by none other that one B. Obama of 1600 Pennsylvania Avenue, the world has concrete evidence that states commission the coding of malware.

That evidence led Anton Chuvakin, a research director in Gartner's IT1 Security and Risk Management group, to ponder just what the coders hired to do the deed can say about it on their curriculums vitae.

“'Malware' … is now a legitimate occupation that you can put on your resume,” Chuvakin suggests, half-jokingly, before going on to offer this format for government-directed malware authors CVs.

“2006-2007: developed ‘attack software’ for XYZ government”

It's since been suggested to us, however, that Chuvakin's suggested may not be entirely suitable, given that anyone working on this kind of thing will be asked to sign a confidentiality agreement.

Such agreements, says Peter Acheson, CEO of recruitment company Peoplebank, “prohibit them from disclosing too much about the specifics of the technology and the project generally.”

Acheson therefore suggests that those among you whose careers have wandered in this direction “discussion of the specific tasks in terms of the project rather than references to the types of technology or what the specific project was designed to achieve” on your CV. That form of words, he feels, will get you credit for shady work without resulting in a window-less van arriving outside your home at dawn.

Acheson suggests the following hypothetical format to get malware gigs onto your CV:

2009– 011 – Department of Defence – Israel Project Director – Strategic Defence project. Worked on the development of strategic defence software for Department of Defence. Project had defence classification XYZ 123. Responsible for all aspects of overseeing development of the strategic software including management of 200 people.

“Often there will be some sort of ability to check participation on the project by talking to a Senior person in Defence about their involvement in the project,” Acheson adds.

Gartner's Chuvakin also raises, in his post, the need for new langauge to describe Stuxtnet and its ilk, and his suggestions may help you to craft suitably evasive CV entries.

“What do you call 'malware' working for the good guys?” he asks. “'Attack software'? 'Sabotage-ware'? 'Good malware'? We need a whole new language to describe what we are seeing now. This is 'one man’s terrorist is another man’s freedom fighter' all over again… “ ®

3 Big data security analytics techniques

More from The Register

next story
From corporate bod to startup star: The 10-month gig that changed everything
What I learned as a techie in my time away from globo firms
Facebook snubbed Google's Silicon Valley wage-strangle pact, Sheryl Sandberg claims
Report details letter COO wrote to court addressing 'no-compete deal' lawsuit
Another day, another nasty Android vuln
Memory corruption mess can brick your mobe
Barclays warns freelance techies of DOUBLE DIGIT rate cut
'IT was a car crash before, so this isn't going to get any better' - sources
VMware announces compulsory bi-ennial VCP recertification
Downside: more time and money; Upside: VMware hints at two-yearly release cycle
Sysadmins and devs: Do these job descriptions make any sense?
Industry lobby group defines skills used in 25 common IT jobs
Who earns '$7k a month' but can't even legally drink? A tech intern!
Glassdoor reveals astonishing salaries of Silicon Valley undergrads
Your CIO is now a venture capitalist and you work at their startup
This just happened without you changing job, by the way
Turnover at the top in Oz telco-land as AAPT, Huawei, Optus, lose top brass
Move along, nothing to see here but orderly transitions
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.