Should I go through security clearance process now

Hello,

A little bit of background about myself. I am a little over 50 and have 25+ years of experience in the IT field. Never touched drugs, zero financial issues, very good credit rating, no tickets in the last 10 years. I worked for a non-governmental employer for over 20 years (most of it as a consultant and last 5 as an employee). My job responsibility included oversight of all IT systems (in addition to other responsibilities).

One key IT system in the organization was exposed to the internet and had easily exploitable security vulnerability for over 3 years with a patch published by the vendor. I informed my supervisor (both verbally and formally) on multiple occasions and suggested to patch the system. However, my supervisor chose to ignore my advice because of the not-invented-here syndrome. This really bothered me as my supervisor’s poor decisions on other issues were already costing a couple of hundred grand a year to the organization. One day, I informed anonymously about the vulnerability to the head of the organization along with some data that I accessed using this vulnerability. I thought I was being a whistleblower who is exposing poor security culture without realizing that by doing this I probably broke laws. The management panicked and hired a forensic firm to investigate the incident. They also talked about the involvement of Law Enforcement. At first, I thought that I would come out clean on this. However, I panicked once I heard about the involvement of LE. So, I decided to keep quiet.

3 months later, HR came by and informed me that I was being terminated because of unauthorized system access. They did not provide any details. And, further told me that if anyone calls they would only disclose my start date, and end date and position.

I was recently asked to complete SF-86 using the e-QIP system by a government contractor, who would subcontract work to me. I filled out the application and answered “yes”, along with the above details, to the question about unauthorized access to the IT system. I am yet to submit it as I am having doubts about whether or not this will go through.

So, folks, based on above and your experience do I have a chance to get a security clearance. Or, should I look for work that does not require a security clearance?

For legal reasons, many employers will only confirm the fact employment, the dates of that employment, and job title. The real risk comes when investigators come bearing an applicant’s signed release, authorizing employers to disclose fully anything about the applicant, whether accurate or not.

2 Likes

The real risk comes when investigators come bearing an applicant’s signed release, authorizing employers to disclose fully anything about the applicant, whether accurate or not.

That’s a “risk”? For the government to want to know an applicant’s past conduct at the work place?

I need another cup of coffee…

3 Likes

Heck yes it’s a risk. Snowden and Chelsea Mann8ng ring a bell? Both believed they were serving higher cause, whistleblowing.

If you have proof you submitted reports prior you missed the opportunity to step up. The government has to determine if you acted maliciously or not. Having a security violation assessed against you is one thing…but exploiting vulnerabilities and acting on it…steeper hill to climb. Not impossible…but steep climb.

No, prior to my application, I wasn’t submitting reports or documents about anything to any news media. I also had perfect credit and no criminal history; that’s why I’m so bitter about the entire subject.

Yes, but when it’s a casual part-time, menial job, they shouldn’t be latching onto everything that some low-level supervisor or co-worker, looking for their “moment in the sun”, relays.

You admitted here that you did it. They were right to latch on. You kept silent knowing you accessed stuff you shouldn’t have. Snowden accessed stuff he shouldn’t have…see the issue? The window for you to report…has passed.

I have absolutely no idea what you’re referring to! Snowden and Winner accessed things. So did Pollard and Hanssen. I never even had any such access, EVER! Please clarify.

“Unauthorized system access.” You owned this. Admitted this. Then said you went silent. Doesn’t matter that it wasn’t classified it demonstrates a lack of regard for rules, and willingness to exploit security deficiencies. Had you kept proof you did this to bring attention to it…it might go better. However, post Manning and Snowden I can tell you at least the IC is very concerned about people accessing stuff and then remaining silent.

1 Like

Amber,
Sorry, i now see what’s happening here. You’re responding to me, but with responses that should be directed to “acechase”. Sorry for prolonging this thread by interacting with messages that don’t pertain to me at all! lol

Apologies. I got twisted. Yes my responses were to the person deliberately accessing info, then remaining quiet. That…specifically will give the IC the heebie jeebies.

You broke the law. To perform this type of action requires approval, even for system administrators.