How IT Security Applicants Can Fake Experience and Credentials and How You Can Prevent It

Here’s something you probably don’t want to hear: For less than $100, anyone can go online and find websites that will help fake job references, produce false education credentials, and even create fictional companies with an online presence to give applicants an edge in getting hired. Operations like this began popping up in the early 2000s and more than a few people have taken advantage of them. If you’ve ever had to screen cyber security applicants for your business, then you know that legitimate and qualified individuals aren’t always easy to find. Unfortunately, the urgent need to hire one can make it tempting to skip over thoroughly verifying application information, and that can ultimately put your company in a very vulnerable position.

The digital expansion of data is rapidly outpacing the design of security protocols for that data. This is creating a hiring frenzy where companies are quick to bring anyone with the right IT security credentials onboard. The entire field is expected to grow by 22% through 2020, but that doesn’t mean you should choose the first person who shows the right paperwork. Before you bring a new IT professional onto your staff, you need to understand how some individuals fake important credentials and how you can spot those fakes. This will help ensure that you find the best possible candidate for your IT security position.

The Credentials to Look For in Cyber Security Applicants

The first thing to look for when hiring is education. Your IT security specialist should hold at least a bachelor’s degree in computer science. In addition, they are going to need more than a few industry-wide and vendor-specific credentials. Some to look for are:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Cisco CCNA Security
• Microsoft Certified Solutions Expert (MCSE)
• Offensive Security Web Expert (OSWE)
• Certified Information Privacy Professional (CIPP)

Obtaining most of these credentials requires years of study at an accredited institute and extensive testing. These are not the only credentials that you need to look for, however, as there are hundreds of tests in the industry. The issue is that some of these tests require extensive knowledge while others require nothing more than paying a fee to take an online “test” which is mainly designed to churn out certificates. That’s why it’s crucial to know the specific credentials you want applicants to have and to make that part of the hiring criteria.

Having clear criteria for the position is a good way to weed out applicants who might not have the experience you need, but it doesn’t weed out dishonest applicants. Even checking up on those credentials might not be sufficient, as there are a lot of services out there designed to pull the wool over a hiring manager’s eyes. Many of these fraudulent operations are willing to do whatever it takes to make someone look great on paper, as long as they are well-paid for it.

How Credentials Get Faked and How You Can Prevent It

Having a process in place for vetting applicants is crucial, but to prevent fraud, you also need to understand how easy it is to fake certain information. Take the standard CISSP certification, which is a highly sought after accreditation. As proof, an applicant may present a certificate or transcript, showing that they completed the requirements. But a simple Google search for “fake CISSP certificate” will turn up many websites that create convincing fraudulent certificates for everything from college experience to high-level industry credentials. Someone with a limited knowledge of Photoshop could even create their own if they wanted to.

This is why you should never take a certificate at face value. When you’re considering an applicant’s background, you need to take note of the issuing body for the credentials, as well as the certificate number. Most issuing organizations offer a place right on their website where you can validate that number and guarantee the person has the qualification they claim they do.

Here’s something else you’ll need to be aware of when evaluating cyber security applicants. It’s entirely possible for a potential candidate to bribe another business to fake job references, complete with phone verifications. There are dozens of companies that are willing to provide everything from false pay stubs to in-person interviews to verify work experience. To avoid this, rather than asking your applicant for verification phone numbers, you should hunt those numbers down yourself. Do a Google search of a company and find out if they actually exist. If they do, call the number on the website. If you can’t find them online, you should probably ask why a technology company wouldn’t have a web presence.

Whether you screen applicants yourself or use a third-party screening company, always remember that paper is easy to fake. You should have a system of measures in place for verifying information, and you can also choose to utilize advanced technology like Remote Risk Assessment (RRA) during the hiring process to add an additional layer of protection to your company. By taking a few extra steps, you can ensure that you find the right IT security specialist and not one that’s simply good on paper.

Clearspeed currently offers RRA verification technology that you can use to assess the risk level of any applicant you’re considering hiring. Our unique technology allows you to screen candidates remotely and verify their qualifications in less than ten minutes. If you are looking to hire a new IT professional for your company, don’t take any chances. For more information on using our services, contact us today.

Image Source | PxFuel