cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraginS
Defender I

Be Wary of the Golden Side-Gig

When a consulting company or headhunter contacts you through LinkedIn or another professional networking site, be wary of the offer. Do your due diligence to verify the offerer and the offer. If it seems too good to be true, it probably is, and could be nefarious and dangerous.

A 10/12/20 article by Bruce Sussman on SecureWorld opens the window on the the situation:

How China Secretly Recruits U.S. Citizens with Security Clearances

Sussman based the article on U.S. Department of Justice court filings, and links to an important FBI page,

The China Threat: Foreign Intelligence Services Use Social Media Sites to Target People with Securit... 

The article and the video linked from both sites tell the steps of recruitment and then compromise that the Chinese intelligence service has used. While they focus on U.S. residents with security clearances, do not think that the warnings apply only to cleared personnel, or that the Chinese are the only actors in this arena. Corporate espionage looking for proprietary information and trade secrets is just as much a danger as nation-state espionage in the national security arena.

Information security or cybersecurity workers often have deep knowledge about compromises, protections, and counter-measures that would be of value to threat actors. Even if they already know about the measures and countermeasures, they may well want to know what you know, that  is, what your employer knows.  

Protect yourself, and protect your enterprise. If the money seems too good for the work expected, and if the recruiter spends more effort selling the company to you than digging into your qualifications to be hired, then you have been handed two Big Red Flags that you could be in serious professional and legal jeopardy if you sign on for that side gig.

 

(c) 2020 D. Cragin Shelton

(Originally published on my Randomness blog.)

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
2 Replies
James
Contributor I

Fantastic video!  Great content and they underlined the security message within the story!

CISOScott
Community Champion

So you mean I shouldn't have applied for that CISO position that had a poorly worded job application that was for 300K a year?

 

I'm being sarcastic of course, but I did just recently see a job posting for  CISO that listed the starting salary of $300K in the US. The job posting made several errors in English. Like "This job would suite someone" instead of "suit someone". There was also some broken English mixed in with that. I would expect that if a company is hiring someone at $300K a year that their HR department putting out the job announcements would be more polished. I had never heard of the company before, which doesn't mean anything really, but that would have just meant more digging before even thinking of applying. At the last time I looked 411 people had applied (according to the job website).  So I agree with @CraginS , do your research before applying.