zlacker

I worked at 70 Million Jobs (YC) to help people with records get jobs. Here's my advice FWIW.

Your experience in security operations is in demand, so that's a big plus for you. Seek work that you can do via external environments, meaning you don't need to be on-site, and don't need to have internal access. Ideally you can create an LLC so you can work for yourself.

A few examples... 1. Doing compliance-oriented security reviews via cloned systems (e.g. your customer provides you with a non-live copy). 2. Advising on process commitments (e.g. security SLAs, or UML/Visio/EA diagrams, or declarative configurations). 3. Effecting security-related project management task plans (e.g. pilots, proof of concepts, research adjuncts, resource estimations).

>>jph+(OP)
Was going to suggest looking into an LLC. I ran a security consulting company for about ten years and the only customers that asked for background checks were banks and some federal agencies.

>>jcims+d3
And there are even some customers that’ll happily pay a bit more when they learn you’ve been roughed and tumbled.

>>bombca+Je
What does that mean?

>>keepam+qx
It means that having that kind of background isn't necessarily a negative.

>>jph+(OP)
Not a felon, but this is a valuable reply. I'm finding it tough breaking into security operations and DevSecOps even though I have a clean record, but because of the fact that I'm a US citizen living offshore now. Seems like a lot of roles they want on-site in the US. (I'm currently in an APAC time zone). I'm wondering if that's true or if it's just a possibly wrong impression I have about the industry.