When a consulting company or headhunter contacts you through LinkedIn or another professional networking site, be wary of the offer. Do your due diligence to verify the offerer and the offer. If it seems too good to be true, it probably is, and could be nefarious and dangerous.
A 10/12/20 article by Bruce Sussman onSecureWorldopens the window on the the situation:
The article and the video linked from both sites tell the steps of recruitment and then compromise that the Chinese intelligence service has used. While they focus on U.S. residents with security clearances, do not think that the warnings apply only to cleared personnel, or that the Chinese are the only actors in this arena. Corporate espionage looking for proprietary information and trade secrets is just as much a danger as nation-state espionage in the national security arena.
Information security or cybersecurity workers often have deep knowledge about compromises, protections, and counter-measures that would be of value to threat actors. Even if they already know about the measures and countermeasures, they may well want to know whatyou know, that is, what your employer knows.
Protect yourself, and protect your enterprise. If the money seems too good for the work expected, and if the recruiter spends more effort selling the company to you than digging into your qualifications to be hired, then you have been handed two Big Red Flags that you could be in serious professional and legal jeopardy if you sign on for that side gig.
So you mean I shouldn't have applied for that CISO position that had a poorly worded job application that was for 300K a year?
I'm being sarcastic of course, but I did just recently see a job posting for CISO that listed the starting salary of $300K in the US. The job posting made several errors in English. Like "This job would suite someone" instead of "suit someone". There was also some broken English mixed in with that. I would expect that if a company is hiring someone at $300K a year that their HR department putting out the job announcements would be more polished. I had never heard of the company before, which doesn't mean anything really, but that would have just meant more digging before even thinking of applying. At the last time I looked 411 people had applied (according to the job website). So I agree with @CraginS , do your research before applying.