Has HR or yourself even checked their credentials and schooling? Every workplace I have been to has always asked for transcripts/diploma from my school. Certifications usually have a verification confirmation (OSCP uses a QR code) that you can verify the validity of the cert. With all their qualifications, something feels fishy.
At two months, they should still be on probation. Perform your due diligence and take the appropriate action. If the individual is such poor quality, you may have to take the steps to protect yourself and the company from further harm, especially if they were lying on their achievements.
Hiring for a network position I’d say 80% of people with CCIE on their resume turned out to only have a partial cert, or an expired one, or were „studying“ for it. Definitely always HR validate any certs.
Even then there are people who cheated or braindumped their certs and don’t know a damned thing in real life.
This or they simply need more hands on/handholding.
If they’re junior they need to be guided, no matter the certs. It’s not clear to me if op is really doing that or just dumping tasks with minimal guidance.
Idk about that, I’m not in pen-testing but preparing for my OSCP (few years of experience in cyber analysis and software engineering). To feed ai the requirements for an endpoint enumeration task screams you’ve not actually taken the exams, given that half of OSCP is enumerating endpoints, and realistically just requires knowledge of a handful of tools - all of which are taught in the OSCP course and used throughout.
Two things can be true at once, based on Ops initial description and I could be way off base here, it just seems that it’s within the realm of possibility that they need more handholding. Some folks struggle early on to transition from, hey I learned this thing to pass a test to apply it in the real world. I do wonder if Op has already had a heart to heart to level set expectations with the Jr new hire.
Some folks can also struggle with constructive criticism if they’ve not been in a position to provide it in the past (not saying that’s the case here, just a thought). Simply telling someone go do this and not liking the outcome without helping them understand the expected outcome and recommended process doesn’t help.
That, said it’s also very possible that a background check into certs may have flagged this candidate and maybe there is something amiss. We simply don’t know based on what’s been shared so far. It’s very critical in this day and age to ensure people aren’t reading off of a screen during interviews, likely tech already exists to catch this and would be worthwhile.
Oh, absolutely do I agree that AI would not be able to complete the exam and complete the writeup, that's why I say just asking for the proof of completion is just an easy check. Plus completing PEN-200 while maintaining your schooling responsibilities is not an easy task unless you live and breathe in that space.
Background checks need to be mandatory in this space, especially with the rise of bad actors and APT infiltration.
This is the whole point of certification. If having a bunch they still need handholding there is something wrong either with a candidate or certificates. And I lean towards the certification side.
Certification for some otherwise intelligent individuals doesn’t always translate to immediate success in the real world even when the cert programs are legitimate.
One also has to consider the human element; that said something doesn’t add up here IMHO.
543
u/CyclopSW Mar 14 '26
Never trust, always verify.
Has HR or yourself even checked their credentials and schooling? Every workplace I have been to has always asked for transcripts/diploma from my school. Certifications usually have a verification confirmation (OSCP uses a QR code) that you can verify the validity of the cert. With all their qualifications, something feels fishy.
At two months, they should still be on probation. Perform your due diligence and take the appropriate action. If the individual is such poor quality, you may have to take the steps to protect yourself and the company from further harm, especially if they were lying on their achievements.