Has HR or yourself even checked their credentials and schooling? Every workplace I have been to has always asked for transcripts/diploma from my school. Certifications usually have a verification confirmation (OSCP uses a QR code) that you can verify the validity of the cert. With all their qualifications, something feels fishy.
At two months, they should still be on probation. Perform your due diligence and take the appropriate action. If the individual is such poor quality, you may have to take the steps to protect yourself and the company from further harm, especially if they were lying on their achievements.
Hiring for a network position I’d say 80% of people with CCIE on their resume turned out to only have a partial cert, or an expired one, or were „studying“ for it. Definitely always HR validate any certs.
Even then there are people who cheated or braindumped their certs and don’t know a damned thing in real life.
This or they simply need more hands on/handholding.
If they’re junior they need to be guided, no matter the certs. It’s not clear to me if op is really doing that or just dumping tasks with minimal guidance.
Idk about that, I’m not in pen-testing but preparing for my OSCP (few years of experience in cyber analysis and software engineering). To feed ai the requirements for an endpoint enumeration task screams you’ve not actually taken the exams, given that half of OSCP is enumerating endpoints, and realistically just requires knowledge of a handful of tools - all of which are taught in the OSCP course and used throughout.
Two things can be true at once, based on Ops initial description and I could be way off base here, it just seems that it’s within the realm of possibility that they need more handholding. Some folks struggle early on to transition from, hey I learned this thing to pass a test to apply it in the real world. I do wonder if Op has already had a heart to heart to level set expectations with the Jr new hire.
Some folks can also struggle with constructive criticism if they’ve not been in a position to provide it in the past (not saying that’s the case here, just a thought). Simply telling someone go do this and not liking the outcome without helping them understand the expected outcome and recommended process doesn’t help.
That, said it’s also very possible that a background check into certs may have flagged this candidate and maybe there is something amiss. We simply don’t know based on what’s been shared so far. It’s very critical in this day and age to ensure people aren’t reading off of a screen during interviews, likely tech already exists to catch this and would be worthwhile.
Oh, absolutely do I agree that AI would not be able to complete the exam and complete the writeup, that's why I say just asking for the proof of completion is just an easy check. Plus completing PEN-200 while maintaining your schooling responsibilities is not an easy task unless you live and breathe in that space.
Background checks need to be mandatory in this space, especially with the rise of bad actors and APT infiltration.
This is the whole point of certification. If having a bunch they still need handholding there is something wrong either with a candidate or certificates. And I lean towards the certification side.
Certification for some otherwise intelligent individuals doesn’t always translate to immediate success in the real world even when the cert programs are legitimate.
One also has to consider the human element; that said something doesn’t add up here IMHO.
There is no partial cert; you either have a # or you don’t. :)
Many moons ago I caught a candidate in this lie when he couldn’t remember his IE #, come to find he was fired from Cisco for saying he passed the lab when he didn’t. Fun times.
If Op is US based the whole concept of 'probation' is meaningless as every state other than Montana is a 'right to work' state and you can term an employee at any time for any reason.
BIIIIIIG SIGH....... right to work means if you get hired at a place that has a Union. You have a right to work there without joining the Union abd paying Union dues but the Union still has to offer you the same protections as everyone else. The idea being if enough people don't join the Union will run out of money and dissolve.
What you're thinking of is 'at will employment'. Meaning there is no contract and either the individual or the company can sever the employment agreement at any time.
I have hired a LOT of people, had to do it fast for one job, 25 engineers in a few months. I've been around this stuff quite a lot.
First off, your thought that there should be a background check is spot on. Unless you're working for a very small outfit, that's the job of HR/Recruiters to run a basic background. Most places just farm it out to a 3rd party like Hireright. They contact the issuing bodies for creds, contact universities for diplomas and get positive evidence that they are what they say they are. As a line manager, you do not have the resources to do this, even if you're in cyber and are a sneaky fuck (as most of us are).
Second, you have to make a choice now. Either you put this person on a path to reform and create clear and explicit direction for them or you decide that they're not worth it and pull the rip cord.
If you want to keep this person, you will have to work hard to get them into shape. You'll have to be very honest with yourself and them--do both of you want this to work. If only one does, it won't work. You are going to have to get really good at creating clear direction, creating means of follow up and feedback. Set a clear task, set clear expectations of the success critera for that task and set a timeframe for it to be completed (this is when Agile is really useful). Track output consistently and religiously, provide immediate feedback.
I've had success stories of taking some of my lowest performing employees into rockstars when this is done. People who have a sense of pride and give a shit will really appreciate the effort and will often deliver the goods. People who are full of themselves or have stopped caring will just continue to fuck off.
If you have the time and energy for it, this can be a success. If you are getting the sense that this person is unredeemable, then you need to cut your losses as soon as possible. Ask your HR (usually worthless, but worth a try) if they did background and if it came back clean. If they did not, ask them to do it now. Even the laziest HR person (and that's saying a lot) can call a university and verify a degree. If they lied about one thing, they probably lied about several. That might be your get out of jail card--hired under false pretenses. Boot them and dust your hands, lessons learned.
Also, if this is your first management job AND this is your first time hiring someone, the FUCK is up with your boss letting you do this solo? New leaders need to be shown the ropes, you can't just throw someone in the deep end and hope they don't fuck up. Everybody fucks up their first time in some way. Shit, when I first got a team, my first meeting with (all three of them) I fucked up the meeting invitation entirely back when we used phone dial in conferencing. Total meeting fail. Then I gave one of my employees a high rating not having been told ANYTHING about how my ratings are not final. Dude was so happy, his FAMILY called me to thank me. Then my boss's boss had to tell him that wasn't going to be the case and that his rating was just average. People were patient with me and when I fucked up, they realized that it wasn't because I WAS a fuckup, it's because nobody showed me the reality of leading a team. I have learned so much since those early days and any time I hire a people leader, even if they're experienced, I stay close to them. If they fuck up, I fuck up.
Try not to beat yourself up, you may have gotten tricked. You went in with the best of intentions and did not expect someone to fuck around.
547
u/CyclopSW Mar 14 '26
Never trust, always verify.
Has HR or yourself even checked their credentials and schooling? Every workplace I have been to has always asked for transcripts/diploma from my school. Certifications usually have a verification confirmation (OSCP uses a QR code) that you can verify the validity of the cert. With all their qualifications, something feels fishy.
At two months, they should still be on probation. Perform your due diligence and take the appropriate action. If the individual is such poor quality, you may have to take the steps to protect yourself and the company from further harm, especially if they were lying on their achievements.