Cyber Security Background Checks

Careers in cyber security can be very lucrative, as these positions pay well and have a lot of upward mobility, making them attractive career choices. Cyber security professionals are often tasked with creating and maintaining security measures to protect sensitive information and communication systems. However, this also means they often have access to the exact information they’re employed to safeguard. 

Access to sensitive information and systems makes it critical for companies to ensure their cyber security team is well-qualified and trustworthy – and a background check is the best way to do that.

What Is a Cyber Security Background Check?

Background checks for cyber security professionals screen several databases to verify the information provided by the candidate is true and accurate. They may also include checks of the candidate’s criminal and credit history. 

These background checks allow employees to assess whether the information provided by a potential employee is accurate and gauge whether they’d be fit for the role or not. 

Why Should You Do Cyber Security Background Checks on Candidates?

It’s essential to vet new hires for a number of reasons, and here are several examples of why you should conduct thorough background checks on cyber security candidates. 

Safeguarding Your Company’s IT 

Cyber security involves safeguarding and having access to a lot of sensitive information. This may include client information, employee records, and even private company information and communication systems. Employers put a lot of trust in cyber security professionals, so they need to screen these candidates thoroughly to ensure they’re trustworthy of such a significant responsibility.

Find the Best Possible Candidate 

Many background checks include verification of education, credentials, and certifications. This is a great way to ensure you’re only moving forward with well-qualified candidates whose certifications are legitimate and up to date. 

Avoid Bad Hires 

The hiring process is time and resource-intensive. It can be expensive for employers, and they want to avoid repeating it often. Conducting thorough background screenings during the onboarding process can help ensure you hire the right people for the job. 

Protect Your Company’s Reputation

Everyone has seen data hacks and privacy breaches in the news – and the damage they can do to that company’s reputation. Background checks can help prevent this from happening to your company by catching potential issues before they arise.

What Shows up on Cyber Security Background Checks?

Cyber security background checks need to be in-depth – a person in that position could cause a lot of damage if they chose to. That’s why many companies prefer to use a third-party background check provider, like ScoutLogic. A cyber security background check done by ScoutLogic might include the following:

1. Criminal Record – Criminal record searches include information like prior or current offenses/charges, arrest dates, crime severity (misdemeanor vs. felony), criminal case number, deposition number, and sentencing record (if applicable).
2. Credential Verification – Verifying credentials is vital in any industry; they can be expired, incorrect, or even falsified. A credential check may include a candidate’s types of certifications, the certification number and validity, the issuance and expiration date, the issuing organization, and any sanctions or public discipline.
3. Employment History – This step verifies the employment record on an applicant’s resume, including details such as the company address and name, the title or position(s) held, and employment dates.
4. Education Verification – Many cyber security positions require at least a bachelor’s degree in a relevant field. Education checks verify the degree(s) on an applicant’s resume and may include details about the educational institution, including attendance dates and institutional accreditation.
5. Credit Check – Many cyber security positions include access to sensitive information – information that a person in financial strain may be tempted to misuse or even sell. While some states have limitations on employment credit checks, a typical check includes information like available credit, collection accounts, payment history, bankruptcy history, and financial distress indicators.
6. Sex Offender Registry – In addition to a criminal records check, many companies also screen candidates against national sex offender registries due to the potential to access client information. This search assesses various sex offender registries across states. If an applicant is found on a registry, the report may include details like their current address, identifying marks or tattoos, the offense, and conviction details.

How To Conduct Background Checks for Cybersecurity Roles?

State and federal laws are meant to keep background checks as fair as possible – and companies can get into trouble if they violate these policies. Here are several steps to conduct FCRA-compliant background checks.

1. Create a Policy – Create a comprehensive, company-wide policy for background check procedures. Consider a legal review to ensure the policy complies with local and federal laws. Train employees to ensure policy understanding and compliance, as well as to avoid bias. 
2. Give Notice and Obtain Consent – The FCRA requires employers to notify prospective employees before conducting a background check and obtain their written consent. An applicant’s refusal can be grounds to deny employment.
3. Retain a Third-Party Background Check Servicer – Background checks can be time and resource-intensive. Many companies prefer hiring a third-party company specializing in thorough, legal, and accurate reports that maintain compliance with FCRA standards.
4. Maintain Transparent Communication – Communicate clearly and often with the candidate during the hiring and onboarding process – especially the background check. Ensure they understand the process and why it’s necessary.
5. Avoid Blanket Rejections – Sometimes, background checks raise red flags. Assess failures and/or convictions on a case-by-case basis based on the nature of the issue, when it happened, and relevance to the job.
6. Follow FCRA Adverse Action Guidelines – The FCRA requires employers to provide a pre-adverse action notice in the event of background check failures. This gives the candidate time to correct errors on the report or provide evidence of rehabilitation.

What Causes a Fail on Cyber Security Background Checks?

1. Disqualifying Criminal History – Certain criminal convictions, including hacking and theft, are automatically disqualifying. Dishonesty about criminal history can also disqualify a candidate, even if the offense itself was not disqualifying. 
2. Falsified Education and Credentials – Misleading or falsifying education or credentials can be a reason for disqualification. Not only has the candidate shown they’re untrustworthy, but they might also not even be qualified for the job.
3. Misleading Work Experience – Exaggerating work history, experience, employment dates, and job titles can disqualify candidates after a background check. 
4. Failure to Meet Required Certifications – As with most jobs, candidates who don’t meet the required criteria may be passed over in favor of more qualified applicants. 

Frequently Asked Questions

How Long Do Cyber Security Background Checks Take?

There are several factors impacting turn-around time for cyber security background checks, including the types of checks requested and the company you hire. Positions that require a security clearance require more extended and more thorough checks. Companies often screen candidates in batches, which can also affect reporting time.

How Far Back Do Cyber Security Background Checks Look?

There are no time restrictions for certifications, education, and employment history. State and federal guidelines restrict reporting of civil judgments, lawsuits, tax liens, chapter 13 bankruptcies, and arrests without convictions to seven years. While there are no federal restrictions on criminal record reporting, some states have their own limits.

Final Thoughts

Cyber security professionals have access to a lot of sensitive information and systems; companies must thoroughly vet candidates with FCRA-compliant background checks. ScoutLogic can help simplify this process and ensure a smooth employment process. Contact us today to see what we can do for you. 

David Garcia

David Garcia, co-founder and CEO of Scout Logic, is an industry leader in the bulk background check world. With his strategic acumen and expertise in the HR sphere, specifically in hiring, recruiting, legal compliance, background checks, and resume screening, he’s an invaluable asset and consultant.

David's counsel extends across the boards of ScoutLogic, YipitData, and Supplier.io, drawing from his impactful stints on the boards of Infutor and Avetta. With an extensive 25-year journey, he champions unparalleled B2B commercial leadership within data & analytics, significantly shaping the HR landscape.