Processes to Vet Ethical Hackers for Employment

When hiring ethical hackers, it is important to check a candidate’s background. This can be done by interviewing the candidate to see if they are who they say they are. After the interview, if the work involves government data, Disbarring and Vetting Service, Security Clearance and Baseline Personnel Security Standard may be obtained. References are collected from the employer. The employer can also reach out to professional bodies such as Certified Ethical Hacker, CREST, SANS, etc, if the candidate claims they hold certain vendor certifications or are members of professional bodies. Since ethical hackers get privileged access to sensitive information of the nation or the company, proper vetting is paramount to ensure they are not only qualified for the job, but also they are trustworthy of using information as authorised.

To gauge the level of experience of an ethical hacker, the candidate can rely on certifications. CompTIA Security+ and PenTest+, and Certified Ethical Hacker are for people with little or some experience with hacking, while Offensive Security Certified Professional, Computer Hacking Forensic Investigator and GIAC Penetration Tester are geared towards seasoned professionals.

The candidate’s residence and country of birth are also a factor in the defence sector. Even if a person has lived in one country for a long time, the fact they are from a country that is listed as a threat, the person may be rejected. This list is constantly updated, depending on geopolitics and the changing threat level.