When I talk to customers I sometimes ask them, whether they do background checks on whom they hire as employees or contractors. If it comes to security, the whole theme gets pretty sensitive. Imaging that you hire an employee to deal with your security architecture and he turns out to be a criminal. Or you give a project to work on your security to an external consultant and all of a sudden he is arrested for spreading malware. Fantasies? Not really! This just happened: Security consultant hijacked 250,000 machines and Ex-Security Pro Admits Running Huge Botnet
Would a background check have helped here? Probably not but we really have to think about whom we trust and how we hire people. I still cannot understand that there are companies hiring convicted hackers (even though everybody deserves a second chance – I agree). I blogged on that already once and the comments have been not in line with my view (Hackers getting Jobs in the Industry)
Any views from your side?