Background Check Processes

Most people get Reference Checks wrong! Here's how to get them right 👉🏻 Throughout my journey, I've had to make 1000s of hires and often struggled with evaluation through the standard interviewing processes. I read somewhere that ~60% senior hires go wrong even after the most meticulous processes so I wondered how to improve the odds. 🤔 What I discovered is that there's no substitute for spending time with the candidates and conducting ‘unnamed’ ref checks through your own network. But what I also learnt is that not every ref check is the same and you can end up with very different outcomes depending on how it’s done. So, through reading and experience, I came with the best practices that I christened with the acronym "PEARL", and here it is for the FIRST time🔥 P - Promise Reciprocity Busy professionals don't dole out intel freely. So, you must offer to return the favor – something as simple as “If ever you need my help for a ref check or otherwise, I'd be happy to help". A senior leader will immediately see its value & perhaps become more ‘available’ on the call. E - Ensure Confidentiality This is critical, especially in India. Candor is not part of our culture, so assure the referrer that you understand the sensitivity of this call and will keep it 100% confidential. Also that you'd expect the same if they ever choose to call you for a reference. If you still sense some hesitancy, maybe throw an ‘offer’ of a good-faith NDA. Don’t worry, nobody ever takes it up but it makes them less guarded. A - Ask questions that force specificity (close-ended & open-ended) Broad questions like – "How was their work ethic?" “Does she work hard?” - are a complete waste of time. You need to ask 2nd order questions that make it comfortable for the referrer to answer without feeling like they're maligning the candidate. For eg - “How do you think we can help the candidate grow?" is better than "Can you tell me about their weaknesses?” R - Retrieve critical insights Actively listen and probe for specifics. Did the candidate consistently meet deadlines? Why or why not? How did they handle pressure? Did they run towards solving problems or look for directions to carry out? These details paint a picture beyond the resume. L - Learn rehire potential And finally, the golden question – "Are you willing to re-hire or work with the candidate again? Why or why not?" Regardless of what the referrer may have said up to this point, most senior folks will have a hard-time giving you a false or misleading response to this one. This is the true gauge of the candidate’s potential and one I put a lot of weight in. To conclude, thank the referrer for their time, assure confidentiality again and commit to a quid pro quo. This leaves the door open for other ref checks you might wish to do in the future 😏 So, there you have it - A PEARL from my collection🙌🏻 Do comment with something that’s worked for you that I may have missed :) #hiring #startups #leadership

𝗗𝗮𝘁𝗮 𝗤𝘂𝗮𝗹𝗶𝘁𝘆 𝗶𝘀𝗻'𝘁 𝗮 𝘀𝗶𝗻𝗴𝗹𝗲 𝗰𝗵𝗲𝗰𝗸 －it's a continuous contract enforced across the various data layers to avoid breakage. Think about it. Planes don’t just fall out of the sky when they land. Crashes happen when people miss the little signals that get brushed off or ignored. Same thing with data. Bad data doesn’t shout; it just drifts quietly—until your decisions hit the ground. When you bake quality checks into every layer and, actually use observability tools, You end up with data pipelines that hold up. Even when things get messy. That’s how you get data people can trust. Why does this matters? Bad data costs money → Failed ML models, wrong decisions. Good monitoring catches 90% of issues automatically. → Raw Materials (Ingestion)  • Inspect at the dock before accepting delivery.  • Check schemas match expectations. Validate formats are correct.  • Monitor stream lag and file completeness. Catch bad data early.  • Cost of fixing? Minimal here, expensive later.  • Spot problems as close to the source as you can. → Storage (Raw Layer)  • Verify inventory matches what you ordered.  • Confirm row counts and volumes look normal.  • Detect anomalies: sudden spikes signal upstream issues.  • Track metadata: schema changes, data freshness, partition balance.  • Raw data is your backup plan when things go sideways. → Processing (Transformation)  • Quality control during assembly is critical.  • Validate business rules during transformations. Test derived calculations.  • Check for data loss in joins. Monitor deduplication effectiveness.  • Statistical profiling reveals outliers and distribution shifts.  • Most data disasters start right here. → Packaging (Cleansed Data)  • Final inspection before shipping to warehouse.  • Ensure master data consistency across all sources.  • Validate privacy rules: PII masked, anonymization works.  • Verify referential integrity and temporal logic.  • Clean doesn’t always mean correct. Keep checking. → Distribution (Published Data)  • Quality assurance for customer-facing products.  • Check SLAs: freshness, availability, schema contracts met.  • Monitor aggregation accuracy in data marts.  • ML models: detect feature drift, prediction degradation.  • Dashboards: validate calculations match source data.  • Once data is published, you’re on the hook. → Cross-Cutting Layers (Force Multipliers)  • Metadata: rules, lineage, ownership, quality scores  • Monitoring: freshness, volume, anomalies, downtime  • Orchestration: dependencies, retries, SLAs  • Logs: failures, patterns, early warning signs Honestly, logs are gold. Don’t sleep on them. What's your job? Design checkpoints, not firefight data incidents. Quality is built in, not inspected in. Pipelines just 𝗺𝗼𝘃𝗲 data. Quality 𝗽𝗿𝗼𝘁𝗲𝗰𝘁𝘀 your decisions. Image Credits: Piotr Czarnas 𝘌𝘷𝘦𝘳𝘺 𝘭𝘢𝘺𝘦𝘳 𝘯𝘦𝘦𝘥𝘴 𝘪𝘯𝘴𝘱𝘦𝘤𝘵𝘪𝘰𝘯.  𝘚𝘬𝘪𝘱 𝘰𝘯𝘦, 𝘳𝘪𝘴𝘬 𝘦𝘷𝘦𝘳𝘺𝘵𝘩𝘪𝘯𝘨 𝘥𝘰𝘸𝘯𝘴𝘵𝘳𝘦𝘢𝘮.

Stop Believing the Continuous Control Monitoring Fairy Tale: 7 Reality Checks for Your Program Buckle up - it's not as simple as connecting a few APIs. 🎢 1. Accept that you won't monitor everything (and that's OK) 🎯 The fantasy: "We'll monitor all 347 controls continuously!" The reality: You need to ruthlessly prioritize. Start with 5-10 controls that are both high-risk AND technically feasible to monitor. Your first win should be quick, visible, and actually reduce risk - not just look good in a PowerPoint. 2. Control owners must own their controls (not your GRC team) 👥 The fantasy: "Our amazing GRC engineering team will build all the monitors!" The reality: Your cloud security team should be responsible for monitoring cloud controls. GRC should orchestrate and aggregate, not build and maintain every monitor. The people who understand the technology should define what "healthy" looks like and build the appropriate metrics. 3. Leverage the control owners' Single Source of Truth 🔍 The fantasy: "Let's build custom connectors to every system!" The reality: Your cloud team already has a CSPM. Your endpoint team has an EDR dashboard. Your IAM team has identity tools. Instead of creating parallel monitoring systems, tap into these existing sources. This limits your attack surface, reduces maintenance burden, and ensures you're using the same context the team uses for their daily work. 4. Technical debt accumulates faster than control coverage 🏗️ The fantasy: "We'll just keep adding monitors until we're done!" The reality: Every custom monitor creates maintenance debt. Leveraging control owners' existing tools not only reduces your connector count but means they maintain the underlying infrastructure. Building from scratch when SSOTs exist is the fastest path to a mess of broken connectors. 5. False positives will kill your program faster than gaps 🚨 The fantasy: "We'll tune the monitors after we deploy!" The reality: One week of noisy alerts and everyone starts ignoring them all. A 70% complete monitor with zero false positives beats a "perfect" one that cries wolf. Build precision first, coverage second. 6. Integration must be two-way or it's just more tickets 🔄 The fantasy: "We'll just send alerts to a Slack channel!" The reality: If your monitoring doesn't plug into existing workflows, you're just creating more work. Your IAM team already has a process for handling access reviews - integrate with it. Your cloud team has a process for fixing misconfigurations - use it. Don't make CCM feel like extra work. 7. A dashboard nobody looks at is worse than no dashboard 📊 The fantasy: "We'll build a beautiful real-time compliance dashboard!" The reality: If it's not driving action, it's just digital wallpaper. Focus on actionable insights with clear owners and paths to remediation. A simple red/yellow/green with contextual info that drives action beats a gorgeous CRQ setup that everyone ignores. #GRCEngineering

Employers are using AI to investigate job applicants. What will they find about you? I just ran an AI background check—the good, bad, and ugly. The results were surprising! It found details I'd forgotten I'd ever shared. 📄 Old forum posts from 2015. 👨💻 My comments on news articles. 🖼️ Even photos I was tagged in by colleagues at conferences. The AI created a comprehensive behavioral profile that went far beyond anything a traditional Google search would reveal. This isn't some future scenario. It's happening right now: 1️⃣ 80% of employers already screen social media profiles 2️⃣ AI screening tools scan 10,000+ online sources instantly 3️⃣ Websites tag you with 32+ tracking scripts 4️⃣ Even "deleted" content can resurface through archives The most shocking part? Most of us have no idea what's actually out there. 💻 AI remembers everything. AI can analyze your behavioral patterns, flag concerning content, and predict workplace fit—all before you even submit your application. But here's the opportunity: You can run this check on yourself first. ✍ I've written the exact prompt to audit your own digital footprint and specific strategies to protect your reputation. Because in 2025, your digital footprint isn't just part of your professional brand. Your AI profile IS your professional brand. 🙋♀️ Are you ready to discover what AI knows about you?

The Case for Maximal Referencing of PMs: In a past job, I worked with two product leaders with equal skill in building products. But they had completely divergent skills in hiring. One hired phenomenal PMs. They quickly grew to be company-wide favorite PMs due to their strong viewpoints. The other hired on paper phenomenal PMs. But they just weren’t right for the company. It’s not really a surprise the first got promoted - and the other left for greener pastures. 𝗥𝗲𝗳𝗲𝗿𝗲𝗻𝗰𝗲 𝗰𝗵𝗲𝗰𝗸𝘀 𝗮𝗿𝗲 𝘄𝗼𝗿𝘁𝗵 𝘁𝗵𝗲 𝘁𝗶𝗺𝗲 One of the practices the first hiring manager swore by was lots of reference checking. She was a master of back channel reference checking throughout the interview process. And her reference checks were notoriously long. The other just did one reference check after he had already decided he was giving out the offer. 𝗢𝗻𝗲 𝗼𝗳 𝘁𝗵𝗲 𝘁𝗵𝗶𝗻𝗴𝘀 𝘁𝗵𝗮𝘁 𝗺𝗶𝗴𝗵𝘁 𝘀𝘂𝗿𝗽𝗿𝗶𝘀𝗲 𝘆𝗼𝘂 𝗺𝗼𝘀𝘁 𝗮𝗯𝗼𝘂𝘁 𝘁𝗵𝗲 𝗵𝗶𝗿𝗶𝗻𝗴 𝗺𝗮𝗻𝗮𝗴𝗲𝗿 𝘄𝗵𝗼 𝗱𝗶𝗱 𝗾𝘂𝗶𝘁𝗲 𝘄𝗲𝗹𝗹 𝗶𝘀: 𝘚𝘩𝘦 𝘦𝘷𝘦𝘯 𝘥𝘪𝘥 𝘳𝘦𝘧𝘦𝘳𝘦𝘯𝘤𝘦 𝘤𝘩𝘦𝘤𝘬𝘴 𝘣𝘦𝘧𝘰𝘳𝘦 𝘱𝘢𝘴𝘴𝘪𝘯𝘨 𝘢 𝘤𝘢𝘯𝘥𝘪𝘥𝘢𝘵𝘦 𝘧𝘳𝘰𝘮 𝘩𝘪𝘳𝘪𝘯𝘨 𝘮𝘢𝘯𝘢𝘨𝘦𝘳 𝘴𝘤𝘳𝘦𝘦𝘯. I, too, have found it works really well. Nowadays, I’ve started to do these reference checks at three stages. Let’s break this approach. 𝗖𝗵𝗲𝗰𝗸 𝟭 - 𝗦𝗰𝗿𝗲𝗲𝗻𝗶𝗻𝗴 𝗦𝘁𝗮𝗴𝗲 Committing to a conversation with a candidate means I’ll also tap into: • Previous workplace colleagues • Mutual connections Direct collaborators get a call, a brief 10-minute check-in. My aim here is to pinpoint standout candidates that I really want to push through. 𝗖𝗵𝗲𝗰𝗸 𝟮 - 𝗣𝗼𝘀𝘁-𝗜𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄 𝗦𝘁𝗮𝗴𝗲 The second reference check I like to do is post-interview. I’ll use this to 𝘷𝘦𝘵 𝘵𝘩𝘦 𝘢𝘤𝘤𝘶𝘳𝘢𝘤𝘺 of what people said in the interview. If the pass this second reference check, they’re almost ready to hire. 𝗖𝗵𝗲𝗰𝗸 𝟯 - 𝗣𝗿𝗲-𝗢𝗳𝗳𝗲𝗿 𝗦𝘁𝗮𝗴𝗲 The third and final reference check is the one most companies do. But I like to focus it on supervisors and skip levels. All PMs need to make an impact on leadership. This is the only round I actually use references supplied by the candidate. Everything else is back-channels. 𝗜𝘁 𝗺𝗮𝗸𝗲𝘀 𝗮 𝗱𝗶𝗳𝗳𝗲𝗿𝗲𝗻𝗰𝗲 “𝘉𝘶𝘵 𝘈𝘢𝘬𝘢𝘴𝘩, 𝘐’𝘷𝘦 𝘨𝘰𝘵 𝘵𝘩𝘳𝘦𝘦 𝘳𝘰𝘭𝘦𝘴 𝘵𝘰 𝘧𝘪𝘭𝘭 𝘵𝘩𝘪𝘴 𝘲𝘶𝘢𝘳𝘵𝘦𝘳!” I know that it seems a lot of work to add two stages of reference checks to your process when you probably only have the pre-offer stage right now. The thing is, getting your hiring right makes you much more impactful. But getting them wrong really hurts you. 𝗧𝗵𝗶𝘀 𝗽𝗼𝘀𝘁 𝗶𝘀 𝗵𝗲𝗿𝗲 𝘁𝗼 𝘁𝗲𝗹𝗹 𝘆𝗼𝘂: 𝘆𝗼𝘂 𝗻𝗲𝗲𝗱 𝘁𝗼 𝗱𝗲𝗹𝗲𝗴𝗮𝘁𝗲 𝗺𝗼𝗿𝗲 𝗼𝗳 𝘆𝗼𝘂𝗿 𝗰𝘂𝗿𝗿𝗲𝗻𝘁 𝘄𝗼𝗿𝗸 𝘁𝗼 𝗺𝗮𝗸𝗲 𝗺𝗼𝗿𝗲 𝘁𝗶𝗺𝗲 𝗳𝗼𝗿 𝘁𝗵𝗶𝘀 𝘄𝗼𝗿𝗸.

𝗗𝗶𝗱 𝘆𝗼𝘂 𝗽𝗹𝗮𝗰𝗲 𝗮 "𝗖𝗮𝗻𝗮𝗿𝘆" 𝗶𝗻 𝘆𝗼𝘂𝗿 𝗣𝗿𝗼𝗰𝗲𝘀𝘀 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗼𝗻? The sort of early warning detection system which monitors your automated processes and sings when irregularities occur? Why a 🐤 𝗰𝗮𝗻𝗮𝗿𝘆 you ask? Around 1911, miners started to take canary birds into the coal mines to detect the accumulation of toxic gases. These birds, would even sense the smallest traces and emissions, starting to erratically chirp and with that giving miners early warnings to immediately evacuate the mine. Just as the canaries once did in the mines, 𝗮 𝗱𝗶𝗴𝗶𝘁𝗮𝗹 "𝗰𝗮𝗻𝗮𝗿𝘆" can play a vital role in monitoring the health of your automated workflows signalling potential issues before they escalate and perhaps, cause scaled harm. But how do you implement a digital canary into your workflows in your process automation? 𝗜𝗻𝗰𝗼𝗿𝗽𝗼𝗿𝗮𝘁𝗲 𝗶𝘁 𝗳𝗿𝗼𝗺 𝘀𝘁𝗮𝗿𝘁: into your design by using code, reconciliation reports, and validation rules to establish effective in-process control checks and monitoring mechanisms and visual dashboards to analyse red flags. Find here 5 examples how to get early alerts in your process automation, even if your automation bots don't know how to sing: ▪️𝗣𝗿𝗼𝗰𝗲𝘀𝘀𝗶𝗻𝗴 𝗖𝗵𝗲𝗰𝗸𝘀: Implement automated checks at various stages of the process to ensure accuracy and completeness and volume variations. ▪️𝗜𝗻𝘁𝗲𝗴𝗿𝗮𝘁𝗶𝗼𝗻 𝗘𝗿𝗿𝗼𝗿 𝗩𝗮𝗹𝗶𝗱𝗮𝘁𝗶𝗼𝗻: Monitor integration and break points like API's for errors or failures to maintain seamless data flow across systems. ▪️𝗗𝗮𝘁𝗮 𝗜𝗻𝘁𝗲𝗴𝗿𝗶𝘁𝘆 𝗦𝗰𝗮𝗻𝘀: Validate for duplicate records or inconsistencies to maintain data integrity and remove manual overrides or corrections. ▪️𝗨𝘀𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗙𝗲𝗲𝗱𝗯𝗮𝗰𝗸𝘀: Analyse insights from user feedbacks to check on usability issues, frequent issues and detect sentiment drops with NLP / AI. ▪️𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗖𝗼𝗰𝗸𝗽𝗶𝘁: Create a centralised dashboard to monitor compliance metrics to detect red flags and and detect deviations from policies. By integrating digital canaries into your process automation strategy, you are not only enhance your ability to detect and respond to issues rapidly but also promote a culture of self-monitoring and continuous improvement. So, did you already place a digital "canary" into your process design and automations? If not, maybe it's time to reconsider adding this early warning system to your automation approach ensuring the health and resilience of your tasks, data & process performance. What early warning systems have worked for you best? #processautomation #intelligentautomation #rpa #processexcellence

Are you keeping track of your company’s emissions in real-time? It might sound like a small step, but monitoring emissions continuously could be the shift we need for more sustainable industries. Imagine knowing every hour – or even every minute – exactly what’s going into the air, especially in fields like oil and gas, where methane leaks are a growing concern. The stakes are high, with increasing regulatory pressure worldwide and ambitious goals from global conferences like COP26. In this environment, knowing your emissions isn’t just good business; it’s essential. Continuous Emissions Monitoring (CEM) systems offer businesses real-time data about pollutants in the air, water, and even noise pollution. It’s no longer about random sampling or occasional checks; instead, CEM provides a steady, live feed of emissions data directly to the cloud, often powered by IoT. From methane to volatile organic compounds (VOCs) and beyond, companies can see their environmental impact unfold in real time, offering a unique opportunity to act fast on unexpected trends or leaks. For instance, imagine an oil company that can catch a small methane leak early because of real-time monitoring, preventing it from turning into a costly – and environmentally damaging – problem. By having a clear picture of emissions data as it happens, companies can save time, meet regulatory expectations, and ultimately reduce their environmental footprint. Switching to continuous monitoring may seem challenging, especially for large or remote facilities. However, newer IoT solutions have brought down costs and increased accessibility, allowing even larger companies to deploy CEM across wide areas or multiple locations. Instead of using traditional detection methods that are often expensive and labour-intensive, businesses can adopt a system that’s more adaptable to their needs and budget. With emissions monitoring, we’re not just tracking data – we’re getting insight that drives better decisions, enhances accountability, and ultimately pushes us closer to a cleaner, more sustainable future. Is your organization ready to embrace that kind of visibility?

🇫🇷 🤝🏻🇩🇪 : joint French-German proposals by our cyber agencies ANSSI - Agence nationale de la sécurité des systèmes d'information and the Federal Office for Information Security (BSI) Security on a decisive topic : the European digital Identity wallet 🇫🇷 ANSSI and 🇩🇪 BSI issued a new joint paper on remote identity verification ⭐️Following an initial joint publication in 2023, ANSSI and BSI are now releasing a new joint document aligned with the updated European regulatory framework. 🌍 Last month, Director General of ANSSI @Vincent Strubel & German counterpart Claudia Plattner reaffirmed the trusted relationship between #ANSSI and #BSI on the topic of remote identity verification. 📈 Since February 2024, the regulatory shift introduced by eIDAS 2 has brought forth the #EU Digital Identity Wallet, which may be issued based on remote identity verification. At the same time, cyber threats have continued to evolve, and European standardisation work on remote identity verification has progressed. Key takeaway =a secure and trusted EUDI Wallet depends on: 🔹Strong, harmonized standards 🔹Advanced defenses against remote attacks 🔹Cross-border interoperability and regulatory support. 🛡️ High Assurance is Essential for EUDI Wallet Onboarding. Remote identity proofing, particularly video-based methods, are being explored as alternatives to national eID systems but present significant technical and security risks. 🎯 3️⃣ Critical Verification Goals to ensure trustworthiness: 🔹Biometric genuineness 🔹Document authenticity (genuine, current, and physically possessed) 🔹Face matching (the face matches the ID document photo). ⚠️ 2️⃣ major categories of attacks: 🔹Presentation Attacks: use of photos, masks, or replayed videos in front of the camera. Exploit the fact that many ID document security features are not verifiable remotely. 🔹 Injection Attacks : Bypass the camera using pre-recorded or AI-generated data; Deepfakes and synthetic documents pose increasing challenges. ✅ Recommendations for Strengthening the Ecosystem 🔹Harmonise Evaluation Criteria -Establish pan-European test specifications directly mapped to LoA High. -Mandate biometric attack testing in evaluations 🔹Bridge the Document Verification Gap -Develop standards for remote verification of ID documents. -Promote chip reading over OCR where legally possible. -Ensure legal frameworks enable conformity assessment bodies to perform robust testing. #cyber #scybersecurity #Europe

Stop Asking References Easy Questions. Get the Real Answers! Have you ever seen a hire go wrong because HR didn’t dig deep enough during reference checks? It’s not just about ticking boxes—it’s about safeguarding your company’s future. Leaders need to step up and guide HR on how to ask the questions that really matter. Remember, it’s your company’s reputation on the line. Here’s how to avoid fluff and get the insights that count: 1. What is your name, title, and current role? 2. What was your relationship with the candidate? When did you last work together? 3. What are the candidate's top three strengths for this role? 4. Describe their leadership and management style. 5. How do they make decisions? 6. Can you share a time they managed extreme pressure? 7. What areas needed more development? 8. Would you work with them again? 9. What’s something unique about working with them that an interview wouldn't reveal? 10. Anything else we should know? Start with these better questions and watch your hiring decisions improve dramatically, we all know that bad hires can be expensive. According to recent studies, a single bad hire can cost a company up to five times the individual’s annual salary. It’s not just about the financial hit—it’s about the impact on team morale, productivity, and company culture. By investing the time to ask more meaningful questions, you’re not only protecting your investment but also ensuring a stronger, more cohesive team. The right hire can drive your company forward, innovate, and inspire those around them. Make reference checks count. Make every hire a strategic advantage. Ready to transform your hiring process? #hiring #jobs #jobseekers #interviews #managers #leaders #hr #humanresources #people #business #strategy #reference #checks #image #linkedin #linkedinconnections #talentnexa #aach

Potential employers WILL look you up online—and they're often looking far beyond your LinkedIn profile. Many hiring managers now routinely check candidates' Facebook, Instagram, and X accounts before extending offers. In some cases, we've even heard of employers reviewing the social media accounts of candidates' family members and close friends. I've witnessed qualified candidates lose promising opportunities due to their social media presence, even when the concerning content had nothing to do with their professional capabilities. One of the most common red flags? Information on LinkedIn not aligning with a candidate's resume—inconsistent job titles, dates, or details that immediately raise questions about credibility. While we can debate the fairness of this practice, it's the reality of today's hiring landscape. If you're actively job hunting, take time to Google yourself and review your privacy settings across all platforms. Your digital footprint matters more than you might think. #executivecoaching #businessintelligence #socialmedia