I actually think I'm sympathetic to not putting even a regular felony on a resume, or disclosing it to HR/early screening; only bringing it up later in the process, but before accepting the job.
I'd personally try to bring it up after I've "sold" the company on tech/etc. skills, but before offer letter is prepared. This is assuming it's not asked earlier in the process -- I've never seen "applications" for real jobs (where job app forms often do include "have you been arrested? convicted of a felony?). Even if it is asked I'd rather leave it blank or asterisk or whatever vs. a simple "yes" at the screening stage.
But that's about as far as I'd bend things. (and IMO it's wrong to even waste people's time if a felony is obvious disqualification, like for a national security job.)
In infosec, it seems like a weird dichotomy between CFAA being a clear "cannot possibly be hired" or "wow, kinda cool". What would be shitty is having a non-professional non-minor-drug-or-traffic conviction, like some kind of sex crime. Finding a job even in infosec with even a minor sex crime on one's record has to suck.
