The original post: /r/cybersecurity by /u/TheAfricanMason on 2024-10-08 16:49:15.
So, I've recently been contacted by a recruiter for an upcoming government contractor specializing in weapon manufacturing for an IT Security Manager position. I come from a background with sysadmin experience of 6-7ish years and multiple certs including one for PenTest+. I nailed the first round and am proceeding to the second. I received the company and CEO's names via the 2nd round interview invite. So, I immediately started digging.
I found his, wife's, and parents' socials wide open with all of their info, likes, and interests. I figured I could make the interview a bit interesting when they ask "How much do you know about the company?" I could spout off all the company info and then also start spouting super personalized details about the CEO such as favorite drink, kid's grade level, music interest, psych topic interests, and hobbies for shock value. On one hand, this could be impressive since you'd want to know where to seal this issue up and it shows I can find a bit more than just corporate vulnerabilities,but also information for spear fishing or "whaling".
On the other hand, this could also be perceived as immensely creepy and he'd not want to move forward. So, then I'm in a moral dilemma because I know this information and I could very well use it to "mirror" the executive so, he has a natural positive bias towards me. This would definitely be unethical, but that's the reality of the modern age. Most positions are selected off personality and not so much merit in the corp world.
Anyways knowing all this what is your opinion? Should I use this info for one of these methods? Should I disregard them completely? What are your opinions on using OSINT information to move up in your career?