For as long as I can remember, I have been a huge advocate of warning people and clients of the infamous "insider threat".  This is where an employee or person of trust gathers information and releases it to new media, sells it or uses it for Corporate Espionage. This is a real threat.  Even more so today because there is such a gap in qualified ITSEC people that companies are opening themselves up to  risks by hiring people "to fill a need". Vetting is a process that starts with initial interviews and ends with a decision to hire or not.

Face it, this happens and it happens everyday.  We hire people that fool us by not disclosing certain information that should be during these initial processes. The interview process is a means to weed out those candidates that just should not be hired.

Case in point, I had the pleasure of interviewing potential candidates a few years back.  They had a very impressive resume with all the right buzz and key words. Certifications list seemed a little large, but yes, it is possible.  During the interview you could hear the person typing away on the keyboard looking up answers.  Answers that anyone who actually took the certification tests and classes should have been able to answer. They couldn't answer the basic questions.  When asked about their certifications they admitted that someone else wrote the resume for them and "was not sure what was in it".  OMG!!!  A little further investigation afterwards disclosed that this candidate was on a "Watch list".  Oh lovely.  If this person was hired, what were they there to accomplish ? Obviously they could not do the work required.  Red Flags anyone ?  I am not a "quota person" by any means. Quotas get us in trouble int he long run. Vet the candidate and help keep your company safe.  Those who are asked to conduct technical interview, it is our job to ensure that the companies we work for maintain a level of qualified and bondable people.

Now we all horror stories like this one and some are probably worse.  But the main focus is that we just do not know who we are hiring until it may be too late.  In todays society, there are questions we just can not ask.  But the interview process is to vet out those who will set off red flags.

There is an article in a recent Info-Security Magazine that addresses this issue.  Insider threats are real.  Please take the time to read this. It brings up some good points.

the Article can be located via this link: InfoSecurity-Magazine Article

While the article does not specifically state "insider threats" a person of High Privilege who has direct access to  confidential information or assets still constitutes a "person of interest" for being a target for malicious people. These "targets" represent an insider threat if and when they are targeted and divulge inside information for a Corporation. Targeting can be in various forms all aimed at getting the target to "talk".

Thanks for reading my rant and stay secure!