At some point during your career you will find yourself interacting with a search firm and/or a recruiter who has been assigned a project to fill a professional level security risk related role. This firm may or may not have a specialty security risk related practice and may or may not be a firm that you have ever heard of.
Recently, several issues have come to our attention that we felt had much more far reaching implications given the security and governance roles which most of you must deal with daily in your organizations. That is to say, do you really understand the reputation, ethics and practices of the people and firms with whom you are about to share your personal information and background? Do you have any idea how they manage, store and protect your information and what their policies are regarding the use and sharing of your information? Without wishing to fill this article with clichés, there are real risks associated with insider threats, identity theft and transfer of personal information, for a variety of nefarious purposes.