Eliminate the snakes before you feel the bite

Barnacle Bill the sailor used to ask, “Who’s that knocking at my door?” Today, a more prudent question might be, “Who’s that I’m letting in my door, day after day, as a trusted employee?”

Last week, I had the honour of bringing Morgan Wright, a former Kansas police officer, to one of my client’s Security Awareness Days. Wright specializes in behavioural analysis: how people respond to questions asked during the hiring process, investigations (criminal or not) and exit interviews.

Everyone wants to hire honest people, especially for IT security positions that have the power to bring a network and a company to its knees at a moment’s notice, on an eccentric whim or with criminal malice. To whom do you want to give the “keys of the kingdom” – someone trustworthy who will be loyal to you, your company and the economy, or someone of dubious ethics and questionable background whose allegiance may shift with the prevailing winds of opportunity?

The traditional human resources approach is to perform a background check, something that Wright finds to be a bureaucratic failure of great proportions. By and large, a background check will determine only that your candidate has not been arrested or convicted of a crime. Furthermore, background checks are expensive and time-consuming.

So how does your HR staff separate the chaff from the decent candidates? The astute pre-interviewer doesn’t focus on the candidate’s technical skills; he or she wants to determine whether the candidate is the type of person you want working for your company. Nowhere is this more important than in hiring technically proficient security staff.

Is the candidate inherently honest? What are the hot buttons your applicant reacts to before crumbling to admit that he or she stole 12 pencils or a ream of paper? As Wright says, “No one is perfect, and we don’t expect you to be or have been perfect, but we do need to know the truth.”

Characteristics of “questionable” candidates, according to a recent Political Psychology Center study, include:

— Dependency upon technology instead of personal relationships

— Anger toward and negative comments about previous employers

— A feeling of superiority and entitlement to the “good life”

When is the last time the candidate hacked into a computer without authorization? If you want to know, ask. People have an inherent desire to tell the truth. Ask the question, the right question, and you will learn more than any polygraph (only 85 per cent effective) or marginally effective background check can ever offer. Watch for deceptive body language, such as averting eyes to the side or scratching the nose when asked a tough question, which provides more real valuable information than verbal responses.

Behavioural analysis is as much art as it is science. But with a 93 per cent effectiveness rate as determined by a National Security Agency study conducted in the early 1990s, it offers the HR professional a new set of tools that can disqualify candidates long before their technical skills are evaluated – and it is a lot less intimidating than a polygraph. It will also save the prudent IT-intensive company loads of money on time-consuming and marginally valuable background checks.

However, in this age of absurd political correctness and legions of lawyers looking to sue someone for a 40 per cent take, be aware that HR laws differ from state to state, so before you add behavioural analysis to your hiring arsenal, check in with corporate counsel.

Also, keep in mind that different cultures react to stimuli in different manners. In North America, we like our personal space, and the good interviewer will lean forward and invade a candidate’s space as an intimidation technique. Many European cultures, however, naturally invade personal space, and there is no resultant pressure. Know your customer, learn the techniques, apply them to your corporate culture, and get the necessary training before you try this on your own.