News from New Zealand is that their top military scientist quit when “lies” were found on his resume
NEW Zealand’s top military scientist has quit, it was announced today, after allegations that his resume falsely claimed he was an ex-Marine and an Olympic bobsledder who raced against Jamaica’s “Cool Runnings” team.
Lieutenant General Jerry Mateparae said chief defence scientist Stephen Wilce had resigned, a day after TV3’s 60 Minutes made the allegations about him.
The program also accused him of claiming to have designed nuclear weapons guidance systems.
Those are highly visible and easily verifiable claims. It is an embarrassment to the country.
Was he qualified and capable? Did he do a good job? These questions no longer matter after he had to admit he knowingly misrepresented his experience — he lied. A bobsled team in the Olympics? Easy to look that one up, and not too smart for a security scientist.
This reminds me of a more common style of CV obfuscation I have found in the security industry — years of experience. When did Internet security start? It is hard to say, which makes it easy for people to move the line.
I claim sixteen years of experience on my CV because 1994 was when I was hired into a full-time job (Staminet, a subsidiary of Space Applications) after I finished my graduate degree. I worked with computer and network security before then but only as a student so I do not count it in my professional experience.
With that in mind I recently met a security expert who told me he aims to “put audit firms out of business”. He started a website called cloudaudit.org. We had a brief discussion at VMworld about it that left me feeling a bit puzzled.
He mentioned he had experience with audit, but I think he meant he has been audited before. Does being audited qualify someone to reform audit or is there a conflict? I found it hard to get a clear picture of his experience and perspective on audit in order to understand his “put audit firms out of business” comment. Later I searched online for his name.
Two years ago he had over 15 years experience, according to the 2008 BlackHat presenter’s page.
…currently Unisys’ Chief Security Architect…over 15 years of experience in high-profile global roles in network and information security architecture, engineering, operations and management. Prior to Unisys, he served as Crossbeam Systems’ chief security strategist, was the CISO for a $25 billion financial services company and was founder/CTO of a national security consultancy.
Today, just two years later, his experience miraculously grew five years to 20:
…20 years of experience in high-profile global roles in network and information security architecture, engineering, operations, product management and marketing with a passion for virtualization and all things Cloud.
I checked BlackHat again. On their 2010 site he gave himself over 19 years experience — four years more after only two years.
…over 19 years of experience in high-profile global roles in network and information security architecture, engineering, operations, product management and marketing with a passion for virtualization and all things Cloud.
No olympic bobsleds yet, but it seems the jump from 15 to 20 should be reason for concern. I am not going to split hairs over a year here or there, but a four year variance is unsettling. I did a quick graduation date to double-check. Unfortunately LinkedIn only revealed another vague and potentially sliding timeline:
University of California, Berkeley
Electrical Engineering & Computer Science
1988 — 2000
Twelve years at the UC and no degree? This is not getting better, but still no olympic bobsleds.
This person said to me he is on a mission to transform the world of audit, yet his experience ironically is hard to audit. On the positive side I see glowing recommendations and what seems to be a devoted group of business colleagues, partners and friends. Should that be sufficient? I might say yes except I also noticed that LinkedIn says his career started November 1993, five years after starting at UC Berkeley. That means it would be 17 years of experience today, versus the 19 or 20 years mentioned above. So 15 was probably accurate two years ago and 17 is the right number for today. Where did 20 come from? 19?
At the end of the day, aside from trying to make sense of any self-description or LinkedIn profile, I have not seen any audit firm experience or something to answer my original concern. Why put audit firms out of business?
I’ve done 3 start-ups (and the odd up-start,) raised venture funding, lost my ass, made it all back again, been a CEO, CISO, CTO and still haven’t figured out what I want to be when I grow up.
I wanted to get perspective but instead I pulled up more questions than answers in a quick search for a resume online. Normally I might let it go but the Stephen Wilce story suggests that a quick search probably will not be sufficient.