Recruit-A-Criminal!

We’re currently recruiting within the business, it’s a positive sign, it means that we are growing and able to take on even more clients. We’re hoping that the new recruit will add a new dimension to us by introducing their own thoughts and experiences.

This is what we hope. Hope.

I hate “hope”. Hope isn’t a particularly measured approach. Rick Page famously wrote a book entitled “Hope is Not a Strategy” and an old boss of mine used to say “hope is for Christians”. I don’t like to live life in “hope” I prefer to have as much control as is reasonably possible.

When we take on any recruit, we must do our due diligence. As part of certain obligations, we must security vet them. By the time they’ve walked through our door, we’re usually pretty confident that we are adding value to the business and not introducing what could be seen as a virus.

Similarly, whenever we engage with a potential new client we do a degree of reconnaissance to “stake them out” and qualify whether the type of company we could work with and how we can potentially help them. It helps us tailor our approach when engaging rather than approaching in a robotic manner, and here’s the tedious link …

My colleague is currently approaching a, let’s say, very prestigious fashion house and as a part of their reccy, they found a careers page with a Job Description for a Network Engineer. That’s pretty common though isn’t it? It is, yes but this JD listed very specific tools within their MPLS, WAN, LAN, Wireless, Cloud-based VoIP, Voice and Network Security environments as well as VPN’s and Network monitoring tools. It named what’s in their eco-system. Anybody with basic knowledge will have a good idea how they are strung together!

Recruitment is always tricky especially at the moment as unemployment has risen due to the pandemic, so people are applying for roles they are underqualified for out of desperation. This means an increase in CV’s for hiring managers to wade through, most of which will not meet the standard.

Nobody has the time (or the patience) to go through reams of CVs so in an attempt to circumvent this, it’s common to explain that you’re trying to attract Liam Neeson, or if not him, somebody with “a specific set of skills”. The challenge with this is, you could actually attract somebody with a specific set of skills and this person now knows what your environment looks like.

Don’t get me wrong, the fashion house has not given a potential hacker the keys to the kingdom but if they were playing battleships, they’ve basically told said hacker to make their move on G4 through to G8 and then go B6! It’s widely accepted that nobody is 100% bulletproof and any hacker worth their salt wants to get in, they will spend the time to get in – but why make it easy for them? Don’t forget, if a hacker does get in, they’re on your territory, if you spot them, you can detain them. With that in mind, don’t be telling them where the CCTV or the armed guards are!

When this JD was written, it was likely written by somebody within the recruitment department who, in the process of trying to make a role sound inviting has naively leaked what should be considered privileged information. It makes you think though, what confidential information are you sharing without even realising?