Are Employees Your Weakest (Cybersecurity) Link?

As a result of cyberattacks occurring more frequently and at a greater scale, many organizations have invested largely in technological solutions. However, in many cases, attacks are not the result of external bad actors but people inside the organization, to some extent.

While IT experts work harder to develop better, smarter, and safer technical systems, there is one risk factor they can’t program away: humans. Especially as remote work becomes more prevalent and thus access to secure systems becomes more distributed, one wrong move on the part of an employee can spell disaster.

What’s more, there has been a trend in organizations putting the focus on tech-focused efforts with cybersecurity initiatives targeting employees as potential attack vectors. These programs can be problematic in that they generally assume that employees break security protocols out of either ignorance or malicious intent. Conversely, research indicates that much of the time, failures to comply may actually be the result of intentional yet non-malicious violations, largely driven by employee anguish.

That said, here are some ways employers can get in front of this issue:

Acknowledge That Job Design And Cybersecurity Are Intertwined

It’s easy to think of security as secondary to productivity. Under normal circumstances, that’s not necessarily a problem, as employees are likely to be able to handle both activities. That may be no longer the case. Pandemic-induced stressors can make it harder to maintain productivity. The result is that security tends to be an afterthought when they have to execute on mission-critical critical tasks.

In response, managers should recognize that job design and cybersecurity are inherently intertwined. The reality is that compliance with cybersecurity policies can be time and resource-intensive. That reality should be considered and staff should be incentivized alongside other performance metrics. Expectations around workload might need to be adjusted, too.

Stressed Out Employees More Apt To Make Security Mistakes

What’s more, managers should work to identify and reduce sources of stress for their teams. Keep in mind that working under more-stressful conditions can affect consistency and adherence in following security protocols. As remote work becomes more prevalent, supervisors should be mindful of the psychological weight employees carry in working under systems that monitor them. For instance, surveillance systems that seemed reasonable in the office might feel intrusive at home. This added pressure might indirectly cause them to violate certain protocols.

Hackers Take Advantage Of Employees’ Good Intentions

On the surface, you might think it’s encouraging if and when employees want to help one another. But unfortunately, good intentions can come at a cost: Per one study, around 18% of policy violations were motivated by a desire to help a co-worker. The pandemic has only brought more challenges to the fore and at the same time has created even more opportunities for well-intentioned employees to “help” their peers in ways that actually expose their employers to potential threats. Hackers are tuned into this reality and they will often intentionally use social engineering tactics that take advantage of employees’ willingness to bend the rules if they think it’s for the greater good.

To that end, managers must not only implement security policies specifically designed with these tactics in mind— they must also work to reduce the impact of these measures on employees’ workflows while ultimately working to increase employee compliance.

BEC Scams Increase As Time Around The Water Cooler Decreases

Here’s an example that might resonate with you. As organizations have moved to remote work as the norm, in-person communication has been significantly reduced. Recognizing this as an opportunity, hackers have executed business email compromise (BEC) scams. In such a scenario, an attacker poses as a supervisor or close co-worker and emails employees with an urgent request to transfer funds. Feeling pressure and a desire to help a colleague can push employees to make exceptions, breaking protocol. They might make transfers without properly verifying the requests. Shielding your organization from these sorts of attacks means not just instituting a verification policy for large transactions, but also educating employees on why the policy matters and minimizing the extent to which it creates more legwork.

It’s a hard pill to swallow: In the modern cybersecurity landscape, every employee can be a liability. To keep their organizations safe, technical and business leaders alike must understand the circumstances in which employees might let their guards down and open the flood gates to attackers.

On that note, employees should be trained that the best information comes from reputable sources. They should know how to stay informed on the latest security best practices to ensure they’re in compliance.

Even with this education comes vulnerabilities. Cybersecurity requires all hands on deck — and it simply cannot be ignored in 2022. If you don’t have the resources for an in-house security team, a third party can provide you with the expertise, experience, and technologies that can protect your firm against the growing range and scope of cybersecurity threats.

Ambassador Solutions has been a trusted talent advisor to tech savvy clients since 1989. For help finding the true IT pros needed to build your tech team, please contact us at:

AmbassadorSolutions.com or 317-571-6838 (press 1 for sales).

Rookie Mistakes To Avoid When Seeking An IT Exec Job

Successfully working a job search takes skill, just like everything else you do in your professional career. Skills that you hopefully won’t need very often, but that are critical to your job search success when you do. If you can avoid making the following seven job search mistakes, you should be well on your way to your dream job.

If you’re on the ‘learning curve’ in a new job search because you’re back in the market after years of experience in a single position, or even after a longer employment search – then you’ll want to brush up on your job-hunting skills. Sometimes the easiest way is to learn from the experiences of others, so today we’re sharing a list of the most common executive-level job search mistakes we’ve seen over our 33 years in the industry.

Mistake #1: Your resume is ineffective.

It’s either too long, too short, too formal, or just out of date. You want to create a resume that’s concise and is focused on your accomplishments and skills. Also be sure to update it with the links to your websites, portfolio and relevant social media profiles. Keep in mind that resume scanning software makes keyword optimization necessary and important. Here’s a primer on how Applicant Tracking Systems work so you can use them to your advantage.

Mistake #2: You’re not helping employers understand how your experience relates to their needs.

Good communication and “soft skills” are so critical for job searchers today. For every potential interview, you should know how your skills are relevant and will provide value to the employer. You should also be ready for interviews with a list of strengths and practice incorporating them into potential responses to interview questions.

Mistake #3: You haven’t checked your references.

Only include references that you’re sure will be effective. Don’t use your current company email, phone, or computer for a job search. These common errors can put you in the awkward position of unexpectedly having to explain a job search to your current employer – not a good situation to be in if you want a positive reference.

Mistake #4: You haven’t searched yourself online.

Don’t let an unflattering or non-existent online presence create a gap for hiring managers. Tech professionals are expected to be savvy about their online image. A professional presence on social media or through a personal website will help to distinguish you from the pool of average applicants.

Mistake #5: You’re not working your network.

It’s best to establish good professional ties before you need them, but it’s never too late to reach out to potential contacts in your network of family, friends, former colleagues and peers. You can also accomplish this by volunteering, working on a side project, or freelancing. Your goal here should be to build inroads with people and organizations before they need talent, so you’re top of mind when they need do.

Mistake #6: You’re taking ‘No’ for an answer.

This can happen in multiple ways: You might not be following up after the first contact or failing to apply for jobs that aren’t listed. These are a passive form of “no” that people think they’re getting, but a little polite persistence can pay off. It’s OK to be proactive about looking for contacts and respectfully following up with people – and it could lead you to a great opportunity you might have otherwise missed.

Mistake #7: You’re playing it safe/small.

You might read a job posting and refrain from applying because you don’t have ALL the skills and/or years of experience they require. The truth is job descriptions are written to attract an ideal candidate who may or may not exist. If the job sounds like mostly a good fit and the pay is commensurate with your experience, you should consider applying.

There’s a lot to be said for learning on the job and many employers are willing to work with people who are coachable and willing to admit where their knowledge falls short. So, give yourself more credit when on the job hunt. It’s not the time to be humble and shy away from opportunities because of self-doubt.

Ambassador Solutions has been a trusted talent advisor to tech savvy clients since 1989. For help finding the true IT pros needed to build your tech team, please contact us at:

AmbassadorSolutions.com or 317-571-6838 (press 1 for sales).

How To Win The IT Talent War In 2022

It’s no secret that the job market has changed significantly in the last two years, none more than the IT market. When it comes to attracting and retaining true IT pros, what worked in 2019 – 2021 likely won’t work in 2022. So, let’s explore the recruitment trends that should be on your radar to maximize your odds of success going forward.

Candidate-Driven Market

IT is a candidate-driven market the likes of which we haven’t seen since the late 1990s before the turn of the millennium and the bursting of the dot com bubble. There are more available IT jobs than candidates to fill them. Savvy candidates understand this and aren’t shy about encouraging a bidding war among potential employers. Pity the poor employer whose offer is accepted solely because it was ridiculously higher the candidate’s current salary. Write this on a rock –a bought employee can, and likely will, be bought again.

Recruiters need to think outside the salary box to stand out and attract top talent. Go-to techniques of a few years ago aren’t likely to attract top talent today. If your talent acquisition team is merely screening applicants versus proactively finding them…good luck. In this market, the odds of top candidates finding you are extremely low. Think lottery ticket.

Most Placeable Candidate (MPC)

Start by being laser-focused on what a Most Placeable Candidate (MPC) looks like for a given position. Then, go to where they tend to congregate. Employers of choice…professional groups…graduate schools…seminars. Most corporate recruiters are not trained to do this type of proactive recruiting. All organizations with two or more in-house recruiters should consider having one dedicated to true talent seeking versus applicant processing. Why? Because MPCs are rarely look for a new jobs, because so many come looking for them.

Brand Ambassadors

Top IT talent is being very selective about the employers and opportunities they are willing to consider. With most IT pros working and interviewing remotely, being an active job seeker is easier than it’s ever been. This allows them to bide their time, waiting for the perfect job to come their way. And, it’s far from being just about the job. It’s about the company’s mission, culture and reputation. Meaning, your recruiters need to be outstanding Brand Ambassadors for your company.

Employer Of Choice

To become an employer of choice, now is a great time to re-evaluate your employer brand and candidate experience. Employers need to “sell” the holistic opportunity to join their team and buy-in to their mission. The Navy actually got it right in their early 80’s recruitment ads –“it’s not just a job, it’s an adventure”.

Employers-of-Choice benefit greatly by receiving many MPC applications. To catch as many of them as possible, make your initial application process as stream-lined as possible. If top talent can’t “quick apply” to your company, they may not apply at all. Candidates are more likely to apply if you take the guesswork out of the process. Consider using AI and chat bot technology to quickly qualify applicants. Properly designed, that combination can get a candidate 90% qualified in 30 seconds. That’s right…30 seconds!

IT’s All About Remote…So Deal With IT

True IT pro candidates expect remote to be an option without being required to live near the office. After all, experience has shown us that those occasional “needs” to go to the office are quite rare. Employers refusing to accept this reality will find themselves increasingly settling for second-rate employees. Ironically, they will then be forced to hire more first-rate consultants working remotely to fill the gaps.

IT’s all about remote in 2022…so deal with IT. Better yet, embrace IT! You will reach a much wider talent pool as you widen your geographic reach. Your employer brand will be enhanced and attract more talent to it. You will also save significant time doing most interviews via video versus in person.

Out Of Sight…Never Out Of Mind

Managing remote workers presents extra challenges to your management team. We will address many of those in a future post, but given recent painful personal experience, want to call one to your attention now. There is a growing subculture of workers (not just IT) attempting to hold down two fulltime remote jobs without the knowledge of either employer. While many (perhaps most) begin with honest intentions, few people are truly capable of performing quality work of any kind for 80 hours per week on an ongoing basis. The temptation to cheat one or both employers can prove irresistible.

How can you protect yourself against double-dipping remote workers? By simply asking them during the interview process if they have, or intend to have, another fulltime job while working fulltime for you? It’s a fair question and by simply asking it you will have given your candidate fair warning. If that is their intent, they will likely quietly bow out at that point.

Ambassador Solutions has been a trusted talent adviser to tech savvy clients since 1989. For help finding the true IT pros needed to build your tech team, please contact us at:

AmbassadorSolutions.com or 317-571-6838 (press 1 for sales).

Tips for Finding a New Job While Keeping Your Current One

Finding a new job while you’re juggling a current one can be tricky, though not impossible. Job seekers are clearly more marketable while employed, though they must be aware of the risks associated with the search. What follows are tips for minimizing those risks.

1. Keep your job search a secret.

Some companies will not hesitate to terminate employees known to be actively searching for a new job. So, keep your job search under wraps unless you prefer termination so you can collect unemployment while searching for a new job. Otherwise, maintain a semblance of normalcy. Even small changes like your wardrobe could give away the fact that you’re looking. For instance, if you normally wear khakis and a polo to work but one day show up in a suit and tie, it might raise a brow or two. Try to schedule interviews before or after work, and if you must change clothes before the interview, do not change at your office.

2. Don’t use company resources when searching.

This one probably goes without saying, but it’s an important point to drive home. It’s neither ethical nor prudent to use company assets to conduct your search. When on the job, your work should be the primary focus. Seeming distracted or underperforming could cost you.

Recruiters will understand your constraints. Set up meetings and calls during off-hours or lunch. Always use a personal email and phone number to correspond and conduct your search. Be mindful of who can hear your conversations, even if you’re in a break room.

3. Leverage social media.

LinkedIn should be your go-to resource, but don’t make the mistake of updating your profile only when you’re looking for a new job. That will raise suspicions. You should be systemically enhancing your LinkedIn profile on an ongoing basis even if you plan to retire from your current job. Remember, life is what happens while you’re making other plans.

You should also avoid making public comments about your job search on other social media platforms…Duh! Many organizations keep tabs on employees’ online presence. If you are employed and looking for a job, only communicate that to known and trusted parties in a private fashion…period.

4. Use your network.

Your friends, family and former colleagues might have job leads for you. Some of the best ones can be found via networking. The old adage, “it’s all about who you know”, is never more true then when job seeking. You can schedule early morning breakfasts or even Zoom calls after work. Avoid massively sending your resume to everyone you know. It rarely works and risks having your resume fall into the wrong hands.

Research networking events, conferences and professional presentations relevant to your career interests. Avoid career fairs while still employed. If your current employer offers professional development opportunities that would put you in contact with prospective new employers, take full advantage of them.

5. Don’t be careless with your resume.

Don’t just send your resume out blindly and trust anyone who requests access. You never know when it could prove to be a trap. And of course, unless you want the world to know you’re looking, do not post your resume on public job boards.

6. Don’t disparage your current employer.

Even if you’re miserable and the culture is toxic, there’s no good reason to trash your current employer. Bad-mouthing your company or management isn’t going to get you a new job — instead, much to the contrary. You will be better served to remain positive and focused on what you can offer a new employer versus what your current one could not offer you. Focus less on your current situation and more on your overall accomplishments and how they can make you the ideal candidate.

7. Make your references work for you.

Professional references can help you land the job, especially if you have the right people in your corner. Have at least three solid references from different employers; only use someone from your current place of employment if you can trust them to keep it private. References are a courtesy and should be given upon request only. Recipients should know and respect the confidentiality of your job search.

Employed job seekers are playing the job search game from a position of strength. Employers are aware of this and know it gives you strength at the negotiating table. It is nearly impossible to land a job with some employers if you are currently unemployed. This is particularly true with “employers of choice” who can afford to be very finicky about whom they hire.

Given the current “War on Talent” within the IT industry, consider connecting with a seasoned staffing firm that can help shorter your path to a great new job. A firm that not only knows the industry, but also takes the time to truly know the people who make IT happen. A firm like Ambassador Solutions. For more information, call 317-571-6838 and press 2 for recruiting or go to AmbassadorSolutions.com.

SenseOn Attracts $20M In VC Funding

Wondering what the next BIG thing in cybersecurity risk mitigation might be? According to Tech Crunch, an impressive group of venture capitalists think they may have found it. Startup SenseOn was able to raise $20M in funding due to their faster, more accurate cybersecurity detection and response system. Their so-called ‘triangulation’ approach is cloud/AI based and produces results that are head and shoulders above the competition.

SenseOn

Tech Crunch identifies the Series A investors as “mark” led by Eight Road Ventures, with MMC Ventures, Crane Venture Partners and Winton Ventures Limited — all existing backers — also participating. SenseOn —previously raised $6.4 million in a seed round of funding in 2019.” This impressive raise is no doubt due to ever heightening cybersecurity concerns that have become a national priority. SenseOn’s approach seems to follow the old sports adage regarding the best defense being a good offense.

Growth

SenseOn estimates 37 billion data records were compromised in 2020, up 141% over 2019. This disturbing trend helped SenseOn grow their revenue 350% in 2020. Headquartered in London, SenseOn, was founded and is still led by CEO, David Atkinson. Mr. Atkinson was previously the commercial director for Darktrace and cybersecurity expert for the U.K.’s Ministry of Defense.

Customers’ Common Problem

SenseOn’s has a diverse customer base including financial services firms, consumer businesses, and government entities. There is one common problem among them all that SenseOn is addressing. According to Tech Crunch, the cybersecurity industry has “evolved to contain a plethora of point solutions, as well as differing approaches within those point solutions, to address different aspects of the cybersecurity challenge. While some of these are very effective, they are only taking on some of the battle, and if an organization wants to adopt the most secure policy, it might use a number of these in tandem, which in turn can slow down systems and response, or create other issues within them.”

SenseOn Solution

SenseOn has a solution to combat this common problem faced by its customers. They have built startup a system capable of doing everything together, “with some parts of the solution built by itself, and some parts integrating with other products.” Atkinson elaborates: “the approach isn’t unlike how a human analyst thinks (which is why the AI aspect of the service, balancing different streams of information, is central to the approach). It’s similar to how a global positioning system (GPS) works, the more satellites [a GPS] triangulates off, the more accurate it is.” SenseOn is not merely developing weapons to help security specialists perform their jobs more effectively. Through its platform and apps, they are also supplying the ammunition, “in the form of data that SenseOn picks up and organizes to use with those weapons.”

Industry Playing Catch-Up

SenseOn’s pioneering techniques are starting to catch on throughout the cybersecurity industry. Competitors are starting to use their own synergistic approaches to cybersecurity in their efforts to catch up to first mover, SenseOn. Alston Zecha of Eight Roads Ventures sums it this way: “SenseOn is poised to become a global cybersecurity leader. We have long looked for a company which coordinates detection intelligently across domains and can consolidate multiple tools into one solution. SenseOn does this and more. We are privileged to partner with such a thoughtful and high-integrity group as Atkinson and team.”

Black Hole Discovered in Microsoft Cloud

Cyber security is a concern for all IT professionals, not just those working within that important discipline. Every true IT pro does their part to ensure their organization’s data is as secure as possible. How so?

Cybersecurity and the Cloud

As if that burden wasn’t enough, along came “the cloud”. Of course, the Cloud allows a business – or any other organization, for that matter – to collaborate in an even more convenient and rapid matter – from all over the world, instantaneously. This is inarguably a boon in these Pandemic times, but where does that leave the IT pros charged with protecting data within the cloud? And we’re not just talking about THE cloud, but potentially many clouds, including those of tech giants like Microsoft. And, as if it weren’t challenging enough, like snowflakes, no two clouds are alike. Enter the black hole.

Cybersecurity concern for Microsoft Cloud database users

All these concerns come to a head at times like these, when large Cloud databases have massive cybersecurity concerns. Currently, Reuters is reporting that researchers discovered a massive flaw in the primary Microsoft database within the Azure Cloud platform. These researchers are now urging all users, not just the 3,300 Microsoft notified earlier on, to change their digital access keys.

Working out of a Cloud security company known as Wiz, (which was, interestingly, founded by four veterans of Azure’s in-house security team), researchers discovered in late August 2021, they were easily able to gain access to primary digital keys for many Cosmos DB database system users. If Wiz had been malevolent hacker types, they would have been able to steal, change, or even delete millions of records. Ouch!

Microsoft responds

Microsoft, in a blogpost dated late August 2021, said their company “warned customers who had set up Cosmos access during the weeklong research period. Microsoft found no evidence any attackers had used the same flaw to actually get into customer data yet.” According to Microsoft, “our investigation shows no unauthorized access other than the [Wiz] researcher activity. Notifications have been sent to all customers who could have potentially been affected due to this [Wiz] researcher activity.” Microsoft went on, ostensibly to dig itself out of the hole it had already dug itself into: “though no customer data was accessed, we recommend you regenerate your primary read-write keys.” Huh?

Homeland Security gets involved

This Microsoft Cloud cybersecurity failure was such a potential disaster, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency was forced to get involved. The agency affirmed Microsoft’s warning and strongly encouraged Azure Cosmos DB customers to roll and regenerate their certificate keys. Wiz Chief Technology Officer Ami Luttwak chimed in: “In my estimation, it’s really hard for [Microsoft & CISA], if not impossible, to completely rule out someone actually used this [hacking technique/security flaw] before.”

Cleaning up in the aftermath

Indeed, Microsoft was unable to even give a direct answer to the question of whether the company “had comprehensive logs for the two years when the Jupyter Notebook feature was misconfigured or had used another way to rule out access abuse.” According to Microsoft spokesman, Ross Richendorfer, “[Microsoft has] expanded our search beyond the [Wiz]’s activities to look for all possible activity for current and similar events in the past.” While Wiz worked closely with Microsoft on this vital & bleeding-edge research, they were careful with their words not to say how either company could be sure earlier customers had been safe. As one of the Wiz’s lead researchers, Sagi Tzadik, said: “it’s terrifying. I really hope no one besides us found this bug.”

Both sides of the cloud story

With a tip of the hat to Joni Mitchell, let’s take a quick look at clouds from both sides now. As scary as the above account may be, I personally find the other side of the cloud story much scarier. Consider this. If Microsoft, with their in-depth knowledge and vast resources, cannot keep the cyber bandits at bay 100% of the time, what chance do mere mortal organizations have of doing so? I would suggest slim to none.

Keeping it real, everyone is a Microsoft hater at some point in their user experience. Certainly I have been. Yet, they remain one of the few firms on the planet I would trust with my company’s and clients’ data. So, when Bandit Beaters comes calling with Release 1.0 of their impenetrable cloud solution, think about IT long and hard lest you find yourself looking at clouds from the dark side.

Feedback: “The Breakfast of Champions” ®

According to “the live chat people” at LiveAdmins, these are four of the top reasons why customer feedback is so critical to the success of any business, in order to:

  1. Find actionable data on which they can act in order to improve their image and/or increase sales;
  2. Unearth otherwise unknown reasons, Unique Selling Propositions (USP), why customers opt for your company’s products or services versus your competitors. Your USP may not be the same as some of your customers’;
  3. Identify issues and fix them to retain customers and maximize Customer Lifetime Value;
  4. Get ideas for new products and services or ways to improve existing ones.

In our IT staffing & recruiting business, obtaining timely and specific customer feedback regarding our candidates is critical to our success…and that of our customers. That is why we refer to feedback as “the breakfast of champions” ®. That is also why I am taking the time to write this blogpost.

Communication Breakdown

Throughout our thirty-two plus years, it has become increasingly difficult to get timely and specific feedback from our customers. Since early 2020, the Pandemic has only served to exacerbate this problem. The increasing use of third-party vendor management companies by larger customers also contributes to the breakdown of the candidate feedback loop. We are fortunate, however, to do business with some who actually help reduce feedback delays.

Oddly, while technology has greatly improved our ability to communicate with anyone anywhere in the world, it seems to have come with the unintended consequence of negligence by many users longing to spend more time off the grid. As one whose inbox often looks like the LA freeway at rush hour, I can truly empathize. But, if it’s true professionals we are hoping to hire, then we must treat them in a truly professional manner.

There is nothing more frustrating to a professional recruiter than to wait many days, oft times weeks, to receive feedback on a candidate submittal or interview. Mind you, I am not talking about the average resume slinger who spends all of thirty seconds slapping a logo on a resume. Nor am I talking about unsolicited submittals. I am talking about true recruiting pros who not only take their jobs seriously, but personally, who are responding to submittal requests from their customers. Recruiters whose professional reputations are tarnished in the eyes of the candidates with each passing day. But more importantly…

Brand Ambassador

The reputation of the employer in the eyes of the candidate also diminishes as the time to feedback lengthens. We take that problem very seriously, because we strongly believe the most important role we play for our customers is that of Brand Ambassador. So much so, we simply will not do business with companies whose products, people or values we cannot support. Every candidate we interact with on behalf of a customer also becomes a Brand Ambassador for that customer…for better or worse. If a candidate leaves the recruiting experience feeling demeaned and devalued by either employer, recruiter or both, then both employer and recruiter lose some of their most valuable asset… integrity.

Maintaining Recruiting Integrity

Here are some tips to help employers maintain recruiting integrity in this hyper-competitive marketplace for talent:

  1. Establish reasonable timelines for candidate feedback and put simple systems in place to monitor how you’re doing. For example:
    1. Submittal response: accept or reject all requested submittals within 1 week of receipt.
    2. Interview feedback: provide interview feedback within 3 days
  2. Provide simple and straight forward feedback as to why you are rejecting a candidate. You don’t need to list all reasons, just a few or the one that was singularly sufficient for rejection. For example:
    1. Not enough xyz experience.
    2. Lacks experience with xyz required skill.
    3. Poor communications skills.
  3. Don’t open a requirement just before the hiring manager leaves on a two-week vacation. Yeah, it happens all the time.
  4. Have a statute of limitations on candidates within your internal HR system who are resubmitted by external recruiters for later requirements, both fulltime and contract. For fulltime applicants, two years is reasonable. Forever is not.
    1. If an externally submitted candidate for a fulltime position was previously submitted for a contract position, that should not disallow the fulltime submittal, regardless of the statute of limitations.
    2. Candidates existing within your internal HR system should have no bearing on contract submittals of the same candidates. The statute of limitations should not apply.
  5. If you are working through a Vendor Management System (VMS), recognize your vendor rep for the Brand Ambassador that he/she truly is…to your recruiting partners and every candidate they bring to the table.

I hope this has been helpful to you and your recruiting team. The telltale sign will be how you answer the following question when you rise and shine tomorrow morning –

What’s for breakfast? Feedback…”the breakfast of champions” ®.

Brad Lindemann, President/CEO

Clear and present danger: Cybersecurity best basics for your organization


Graphic from TheConversation.com

Concerns related to cybersecurity plagued businesses of all sizes and in all industries in 2021. Such threats may range from monstrous data breaches to malware, downtime, and the loss of control over one’s operations. A quick Google search will produce dozens of results that frame the narrative that, although unseen, cybersecurity threats are not harmless or something you can simply ignore.

On the contrary, the potential for legal, regulatory, and reputational consequences make the case for the importance of solid cybersecurity best practices within every organization and the need for expertise in this domain. However, implementing cybersecurity measures often comes with distinct resource and organizational challenges. Worse yet, these issues are known to grow at a pace with the evolving size and complexity of the operation. That said, here’s a look at how businesses can improve their cybersecurity practices and achieve a new level of preparation now and in the future:

Regularly train staff at all levels.

Periodic training of all employees on cybersecurity threats and protocols is an important step toward protecting your enterprise. Training requires you to establish and disseminate a baseline level of cybersecurity knowledge within your organization. The training will not only educate staff on the types of threats they might face at the office but it will also address how remote work setups are susceptible to attacks.

Material that is both relevant and up to date can only take your employees so far. To that end, by working with consultants — or your own IT and Security — you can take your training process to the next level.

Here’s more about what that might look like:

Regularly challenge employees at all levels.

For example, you might test employees with “phishing” emails from IT/Security. Phishing emails often bate the receiver to perform an action that may endanger organization security. You can help employees test their skills by sending fake phishing emails to select employees. The results of the employee interaction and responses should be confidential. Provide aggregated and anonymous results to help your organization determine weak or blind spots.

Make cybersecurity compliance a team activity.

Another excellent way to reinforce any training is to ensure that cybersecurity becomes an organic part of frequent actions and common decisions. Working with IT or Security is one way to make best practices top of mind. Another way is to ensure that employees at all levels are surrounded by positive reinforcement of cybersecurity best practices.

Establish clear steps for all employees when responding to a security incident.

Despite proper training, the inevitable security incident may come to light. Depending on the nature of your business, your training may already cover the protocols to address a security incident. At the very least, all employees should know who to contact, and the information to provide. The introduction of an incident response plan will help educate and inform staff, bolster organizational structures, improve customer and stakeholder confidence, and reduce any potential financial and reputational impact following a major incident.

Automate cyber hygiene, so it’s seamless.

Cyber hygiene is a growing set of best practices to maintain the overall cybersecurity health and safety of your organization. Training your employees on cybersecurity is a necessity, but automating best practices makes it even easier to enjoy positive outcomes.

Here are a few basics to automate that can take the guesswork out of security:

  • Strong passwords (typically this means longer and more complex)
  • Multi-Factor Authentication
  • Automated Phishing Detection
  • Automated Endpoint Encryption
  • utomated Software Updates
  • Make updating and patching critical software a routine task that does not require user initiation

Identify potential security risks

Each device, software, and system within your organization means a potential security risk. For instance, an endpoint may be used in an unauthorized manner. A piece of mission-critical software may have unpatched vulnerabilities. A patch is essentially a piece of code that is installed ad hoc to correct a problem or to improve an application’s general performance. It’s essential in keeping machines up to date, stable, and safe from malware and other threats.

Be positioned to respond to a security incident by maintaining a regular security inventory of your systems.

Ensure you are following the newest password policies

For many years, it has been accepted as the gospel truth that periodic password changes are best practice. However, requirements for arbitrary password complexity, periodic changes, and guidelines on reuse have led to outcomes that do not enhance cybersecurity. Some of these policies are so ingrained within organizations that changes to acknowledge new National Institute of Standards and Technology (NIST) guidelines have been slow, if at all.

Bottom line? Cybersecurity is a team sport — and it simply cannot be ignored in 2021. If you don’t have the resources for an in-house security team, an outsourced team can provide you with the expertise, experience, and technologies that can protect your firm against the growing range and scope of cybersecurity threats.

It’s Time to Put People in Their Proper Place

I have never been fond of the term “human resources”, though I do have great respect for the man credited with its origination. In 1954, management guru, Peter Drucker, posed the question, “Is personnel management bankrupt?” While answering “no” to his question he coined the phrase “human resources”…and it stuck. Drucker did, however, see much room for improvement in the management of most organizations’ most precious resource (aka, people), as do I.

Having spent most of my career in what I fondly refer to as “the ultimate people business”, the term “human resources” has always struck me as oxymoronic. I personally do not view humans as resources to be used and used up in the same way true resources are. To wit, Mirriam-Webster offers the following definitions of “resource” (examples in parentheses are mine):

  • A source of supply or support: an available means (water)
  • A natural source of wealth or revenue (timber)
  • A natural feature or phenomenon that enhances the quality of human life (solar energy)
  • A computable wealth (gold)
  • A source of information or expertise (Google)

Within the IT staffing and recruiting industry we so proudly serve, IT professionals are commonly referred to as “resources”. Just today we received an email from an IT executive asking, “Do you have a deep bench of resources in networking, Windows & Citrix administration or Linux administration?” Worse yet, if your business model does not allow for a “deep bench” lest you go deep six, your company may be referred to as a “body shop”. We prefer to have neither resources nor bodies on our team, choosing instead to be in the “somebody” business. Like snowflakes, every somebody we represent is unique. It appears God throws away the mold after creating each human being.

Pretty schmaltzy, huh? Before you get too choked up, let us consider some amazing facts regarding just how unique we humans truly are. Fingerprints have long been used to accurately identify people while attesting to their uniqueness. Did you know it is now possible to identify a person from just a fuzzy picture of their ear with 99.6% accuracy? If that smells a little fishy to you, get a whiff of this. “Researchers…in Japan claim they can distinguish between individuals with 100% accuracy, using equipment that produces atomic “fingerprints” of a scent (aka, body odor) and then running it through an artificial neural network on a computer.” Ergo, to deny the miraculous uniqueness of every human being is tantamount to denying gravity. Both are risky business.

Now, back to work and Drucker. At the top of Drucker’s list of assumptions causing personnel management circa 1954 to be “temporarily insolvent” was the belief that people do not inherently want to work. Drucker strongly believed people wanted to work and it was management’s job to create an environment conducive to it. I could not agree more, though we may disagree on the elements necessary to create such an environment. Free lunches and a fitness facility may attract new employees, but to retain them takes more than keeping them well fed and fit. It is an old, but very true adage –people don’t care how much you know until they know how much you care. A well-timed, heartfelt word of encouragement or empathy can do more to strengthen your employee relations than all the freebies in the world.

Whether you are a widget maker, biometrics researcher or IT staffing provider, the more you see yourself as being in the people business, the more likely you are to succeed. There are many exceptions for a season to this axiom, but very few companies manage to prosper long term while treating employees as expendable resources. PayPal’s CEO, Dan Schulman, clearly recognized this when he recently appeared on CNBC’s Squawk Box saying, The only sustainable competitive advantage that any company has is the strength of their workforce.”

Dan Schulman, PayPal, CEO

If PayPal’s Schulman is right, then Amazon’s Chairman/Founder, Jeff Bezos, could be wrong about many things regarding his workforce. Check out these quotes from the NY Times lead story, “The Amazon That Customers Don’t See” (front page, June 15, 2021):

  • Even before the pandemic, previously unreported data shows, Amazon lost about 3 percent of its hourly associates each week, meaning the turnover among its work force was roughly 150 percent a year.”
  • “Amazon’s founder didn’t want hourly workers to stick around for long, viewing “a large, disgruntled” work force as a threat, Mr. Niekerk recalled. Company data showed that most employees became less eager over time, he said, and Mr. Bezos believed that people were inherently lazy. “What he would say is that our nature as humans is to expend as little energy as possible to get what we want or need.”
  • “We have always wanted to be Earth’s most customer-centric company,” he (Bezos) wrote. Now, he added, “we are going to be Earth’s best employer and Earth’s safest place to work.”

Andy Jassy succeeded Jeff Bezos as Amazon CEO on July 5, 2021. He could put his Prime account to good use by ordering a few Peter Drucker books on human resource management. Drucker’s sixty-seven-year-old management wisdom seems to be light years ahead of Bezos’ apparent “people last philosophy”. Maybe that’s why the world’s richest man is so obsessed with visiting planets unfit for human habitation. Write this on a moon rock — if CEO Jassy fails to radically change Amazon’s toxic culture, the odds of Amazon becoming the Earth’s best employer are lower than Donald Trump hitching a ride on Bezos’ first rocket to Mars.

Since April 1, 1989, we have endeavored to run Ambassador Solutions with a “People First Philosophy”. To serve as a constant reminder that people really do come first, we etched our Core Values in Indiana limestone on the wall of our corporate lobby. Whenever we fail to put people first, we encourage our teammates to call us out…and they do. So today, I am calling out business leaders to view their workforce as PayPal CEO, Dan Schulman, does…as their only sustainable competitive advantage, then put people in their proper place –first!

He is Risen…really?…really!

Shortly after meeting Him, I met one of His most fanatical followers.  A true groupie of the One Man Band.  His name was Keith Green, an incredibly gifted musician who gave his all for his King while performing for his audiences.  My lovely bride and I wore out the holy vinyl our brother, Keith, laid down in the early ‘80s. He literally poured his pure heart into our young and thirsty souls. 

Though never meeting him in person, we loved Keith Green for what he taught us about THE person.  That’s why we cried so hard the day Keith’s earthly music died in a fiery plane crash on July 28, 1982.  Though five years younger than when his Savior breathed His last breath, Keith was wise beyond his years in things that truly matter…in this life and beyond.

Keith’s First Album

We were far from being alone in our love for Keith and his music.  Thanks to a blast from the past from another Green groupie, I can now introduce Keith Green to you.  On this Maundy Thursday, we commemorate a simple supper held over two thousand years ago where instead of being the entree, the Lamb of God was guest of honor.  At the time, His guests were understandably confused by His words comparing the bread to His body and the wine to His blood.  But, it wasn’t long before things became painfully, yet wonderfully, clear.

What about you, my friend?  How clear do the things that matter most in this life and beyond seem to you?  As you watch and listen (and I pray you will) to a 28-year-old young man pour his heart out in worship to the crucified, dead, buried and resurrected King of Kings and Lord of Lords, just a few months before meeting his own tragic death, what stirs in you?  

His name is Jesus.  He proved His love for you by dying.  He proved his ultimate power by resurrecting.  He proved that you have nothing to prove to Him.  He gave His all for you.  Need more proof?  Look inside the empty tomb. #HeIsRisen #JesusIsTheAnswer  

client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client