In recent years we've watched a rise in fake resumes, hiring processes with proxy interviews, AI deep fakes and way more.
As multiterm CISO's our team at 909Cyber approached building the 909Select Marketplace with a Zero Trust principle: "Start with no trust and gain trust based on your posture".
Below we've shared some thoughts on why this matters and how we've decided to apply our Zero Trust principles.
Zero Trust has reshaped how organizations protect networks, devices, and data. The same philosophy now applies—critically—to cybersecurity resourcing. In a world of remote hiring, AI-generated resumes, proxy interviews, and insider threats, trusting credentials alone is no longer enough. When hiring people who will have privileged access to systems, data, and identities, employers must adopt a Zero Trust approach to talent. Zero Trust Hiring Principle: Assume breach potential. Continuously verify trust. Grant access based on proof, not promises. Traditional hiring assumes trust upfront: A resume looks good, the interview went well, the candidate seems legit. Zero Trust resourcing flips this model. Trust is earned, validated, and continuously reinforced through layered controls—just like modern cybersecurity architectures.
Every candidate must first prove they are who they claim to be. Using enterprise-grade identity verification from Entrust, candidates complete verified identity checks that reduce fake identities, stolen LinkedIn profiles, and resume laundering. Identity becomes the new perimeter for hiring.
Verified identity alone isn't enough. Candidates are further validated through background checks appropriate to role sensitivity, work eligibility confirmation, and risk-based screening aligned to compliance needs (SOC 2, NIST, CMMC, etc.). This ensures employers are not granting access blindly to high-risk environments.
Zero Trust is mutual. Candidates build trust not just through claims—but through history: employer ratings, verified work reviews, and repeat engagement signals. This creates accountability on both sides, improving long-term fit and reducing churn.
Automation alone is not enough. Every cybersecurity resource is interviewed by 909Cyber—by practitioners who know what "real" experience sounds like. This step validates technical authenticity, communication skills, and ability to explain real-world work (not memorized answers). This is where many fake or inflated candidates are filtered out.
Final validation happens at the highest level. Candidates are interviewed by experienced CISOs and senior security leaders, ensuring depth over buzzwords, practical decision-making experience, and cultural and risk alignment with employers. This mirrors Zero Trust access reviews—high-risk access requires senior approval.
Even the interview process itself must be protected. Employers are provided access to Interview Safe, helping detect interview impersonation, proxy candidates, and AI-assisted deception. This ensures the person you interview is the person you hire.
By applying Zero Trust principles to cybersecurity resourcing, employers gain faster hiring without cutting corners, reduced insider and fraud risk, defensible hiring decisions for auditors and boards, and confidence when granting privileged access.
This is not staffing.
This is security architecture—applied to people.
