Guilt by Association – Public References and Their Impact on Your Security Career | 2020-02-02

Critical steps in security recruitment for both employers and candidates are background or reference checks. Protection of personal or sensitive personal data is at the forefront of both parties’ minds in today’s data-driven environment. Vetting a candidate’s professional and personal references is typically done with permission and in a professional manner outside the public eye.

But what about the references you yourself may casually toss out in public social media forums, at conferences or networking events? They may seem authentic at the time but can have an unintentional negative impact on your personal brand depending on the level of due diligence you have done before conferring them and how regularly you monitor how your comments are being used.

In today’s environment of global internet, instant communication and leveraged social media, you must consider rapidly emerging risks and unintentional consequences surrounding the endorsement of individuals or companies without first doing your own reference check.

Comments in public forums are often edited and repurposed out of context. They can be portrayed as a positive reference or support of a person, product or company when that was not the original intent. Despite a hyper-focus on protection of data, instances of this continue to occur with what can only be described as complete disregard for privacy and intellectual property rights.

Candidates work to ensure their references are impeccable, yet they often neglect to monitor easily found information about themselves that may or may not be what they intended when they originally commented. It is especially surprising to see this happen so often to the security community, given the investigative background of many within in the profession and the overall nature of our work.

Examples can be quickly found through a search of the websites of small to midsize companies around the world who provide services to the security profession. With minimal effort, you will find company names, logos and service marks used to commercially promote that organization. You will also often find glowing quotations with an attribution to specific individuals listing their title and organization’s name.

Next, go to their associated social media platforms. Social media by its nature encourages interaction, comments, “likes” and reviews. While this can a useful tool often those remarks are extracted and utilized for individual self-promotion or commercial marketing and you should view them with skepticism. Unless you personally are a highly recognized and sought-after brand, do you really think your name is carrying the market effect they are seeking?

If you have been quoted on a website with your company’s name or logo associated with it, odds are your organization’s legal department will view that as a violation of company policy. If you run across a website that features a long string of client names, logos or endorsements, that should be a flag.

This practice is especially common given the expansive growth on a global scale of conferences, seminars and training programs put on by marketing companies, associations and individuals. Publicizing your comments, company affiliation or fake video interviews to be utilized for furthering their commercial profit is likely not something your legal department would sign off on either.

Within some organizations there is a growing trend that even doing a pro bono speaking engagement for a for-profit program requires some level of scrutiny by either public relations or legal because of the recognition that everything you do has a reputational attachment to the organization. In the case of these programs, I would also encourage deeper due diligence relating to actual ownership and business relationships, and not just relying on a surface perusal of claimed content or attendees.

How does this potentially impact your reputation with colleagues or potential employers? As you may have heard, the internet is forever. While there are emerging laws regarding an individual’s rights to be forgotten, you are likely left with requests to specific organizations to remove your comments or – in the case of search engines – to be removed from their indexes. It is very risky to believe it will be effective across news outlets, public records and forums.

You do not have control over the past conduct or current reputation of the individual and/or organization benefiting from your public comments, nor how they are perceived by other readers. I recently spoke to several prospective candidates who were surprised to learn that their public references of individuals from years earlier that related to work those individuals had done for completely different employers had been repurposed and published in a manner supporting the individuals new business endeavors. In addition to the misrepresentation, it also puts on public display the individual’s misappropriation of their former employer’s data.

A key factor in advancing your security career is the management of your personal brand, one aspect of which is how those things found attached to your name or the organizations who you represent are perceived. You do not have control over who may see what you have written and what their perception and experience with the subject of your reference may be.

If you do choose to provide an endorsement or reference, there should be a mutually specific understanding as to its intended purpose and control exercised over how it is utilized, provided that doing so is in keeping with your company’s legal position.

Ethically, you would not expect a professional acquaintance to provide you as a reference for a background without first contacting you and obtaining your permission. You should demand and expect the same ethical standards in public settings to protect your personal brand and reputation as organizations enact to protect theirs.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.