Investigating Your Search Firm and Consultants

October 1, 2014

At some point during your career you will find yourself interacting with a search firm and/or a recruiter who has been assigned a project to fill a professional level security risk related role. This firm may or may not have a specialty security risk related practice and may or may not be a firm that you have ever heard of.

Recently, several issues have come to our attention that we felt had much more far reaching implications given the security and governance roles which most of you must deal with daily in your organizations. That is to say, do you really understand the reputation, ethics and practices of the people and firms with whom you are about to share your personal information and background? Do you have any idea how they manage, store and protect your information and what their policies are regarding the use and sharing of your information? Without wishing to fill this article with clichés, there are real risks associated with insider threats, identity theft and transfer of personal information, for a variety of nefarious purposes.

Recent Examples

• A well-known university forwarded our firm a questionnaire/survey regarding our thoughts on the hiring of convicted criminals as a part of a rehabilitation program. A laudable cause, but given the nature of our business, clients and candidates, it would be unlikely we would ever engage in this program.

• A well-known automotive company hired a search
consultant who had a very impressive resume and was a former senior executive for the well-known global search firm Korn Ferry, to conduct a search for their global head of security. At the time, this individual was under investigation by the FBI in San Francisco in a well-published case involving the theft of intellectual property from his former employer. In April, this individual was convicted in the four counts of the indictment by a jury in federal court.

• Last year a medium-sized search firm that specializes in corporate governance and IT security hired a consultant who had recently been terminated for fraud. In a subsequent legal filing to enjoin them from using misappropriated confidential information, they stated that they did not feel it was necessary to conduct any verifications or due diligence, as their new employee had offered his explanation of the circumstances.

• There have also been several recent cases involving recruitment consultants misappropriating information and work product from their employers. This includes contact information residing on company servers, as well as client, prospect, candidate and marketing lists, LinkedIn connection details and other company documents. In some circumstances this also included resumes/CVs and personal information.

During the course of your careers, many of you have provided advice to your organizations regarding best practices, employee backgrounds, controls, due diligence, know your customers and suppliers, ethics, foreign corrupt practices act and compliance-related programs, just to name a few. Over the last year we have had numerous informal discussions with clients and candidates on this topic and asked if they would want to engage with a person or firm where there was evidence of serious ethics or criminal behavior issues. We were a little surprised when the reactions seemed to fall into two distinct viewpoints. The first was the belief that as security professionals we should live what we believe and advise and not engage with people or firms who are ethically challenged; while the other view was driven by the fact that it is such a competitive market with a relatively small number of good opportunities that they were willing to engage with the person firm in hopes of being considered or introduced for a role.

In reflecting on this, we can see where there would be a dilemma, especially if your job was being eliminated, your company was being acquired or restructured, or you are unemployed. In essence, you may conclude that you have a solid business case to take the risk and just try and manage the exposure. This is not an uncommon business concept. We suggest that this is a microcosm into a much bigger and growing issue involving the growing global trend of a total disregard for the intellectual work products of employers and others with no purpose other than person gain, showing off to their friends or, as we have seen in the news, trying to cause harm or embarrassment to an employer or a government.

Job seekers have a right to expect that the information provided will be treated with confidentiality and will be maintained, protected appropriately and only shared for its intended purpose. If you are employing a search firm, you should expect that with or without a non-disclosure agreement, that firm and all of the staff involved in your project should have the ethical character to protect the information that is shared.

Jerry Brennan is CEO of the Security Management Resources Group of Companies (www.smrgroup.com), the leading global executive search practice focused exclusively on corporate and information security positions.

Lynn Mattice is Managing Director of Mattice & Associates, a top-tier management consulting firm focused primarily at assisting enterprises with ERM, cyber, intelligence, security and information asset protection programs. He can be reached at: matticeandassociates@gmail.com

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Investigating Your Search Firm and Consultants

Recent Examples

Recent Articles by Jerry Brennan

Security careers in investigations

Cyber skills in traditional security management careers

Networking challenges ahead for your security career

How to Search for a Security Job During a Crisis

Intelligent Succession Planning for Security Careers

Security Magazine

2020 September

Investigating Your Search Firm and Consultants

Recent Examples

Recent Articles by Jerry Brennan

Related Articles

Report Abusive Comment