The discussion that follows just came in from the annual No Dark Corners Roundtable Forum and Christmas Luncheon held at a Claim Jumper restaurant this year.
It isn't just a question of gathering up more data. Bureaucratic functionaries would have us believe that if they only knew just a little more about betrayers like NSA leaker Edward Snowden or phonies like Mandela memorial sign language imposter Thamsanqa Jantjie, they could have prevented such ne'er-do-wells from turning into national humiliations. This is balderdash. A thriving matchmaker, or yenta, can do better with even more limited data and budget. How so? The matchmaker blends available vetting data with direct observation and progressive testing before taking risks with important clients. This is hardly a matter left to chance. Nothing ends a matchmaking business faster than serial failures and mismatches.
What do matchmakers know and do that governments fail to apply in their background checks?
1. They check out prospects and clients with available data, but don't stop there. The way to do this is for the matchmaker not only to gather basic information via a standard questionnaire, but also to use that questionnaire as a starting point rather than an end point. The questionnaire informs a personal interview where the matchmaker gauges motives, manipulations, and determines what inevitable deceptions are acceptable white lies vs. dangerous fabrications. A savvy matchmaker also checks independently into reputations to determine whether it is worth doing business with a given candidate or client. After all, the matchmaker's own reputation is at stake if the match turns catastrophic.
2. They chaperone. The best matchmaker does not risk important clients by setting up liaisons with question marks. Instead, a low-risk experiment comes first. Thus, one sends a new, unknown prospect on a low-key lunch date to see how well it goes before presuming to pitch a weekend getaway in Monte Carlo with a shy billionaire client. A cautious matchmaker also knows how to be a chaperone without being a killjoy. The finesse is that of serving as a seasoned co-pilot who stays far enough in the background to let the aspiring pilot handle the take-off but remains close enough to take the controls if there a malfunction or problem with a safe landing. (For details on how this co-pilot model applies to insider threat defense, see Managing the Insider Threat: No Dark Corners, Boca Raton: CRC Press, 2012.)
3. They have enough of a stake in the deal to cut it off at the first sign of trouble, before a problem becomes a catastrophe. Unlike government background checkers with a hit-and-run mentality, matchmakers have a vested interest in follow-up and follow-through. Matchmakers have to own their results, taking credit for the sunshine as well as the rain. Government background checkers don't function with the same accountability. When was the last time a government employee lost a payday or a job from clearing a Snowden for classified access or a Jantjie for standing a dagger-thrust away from heads of state? We don't hear about it because this seldom happens. By contrast, a matchmaker whose deficient vetting produced such fiascoes would face no alternative but to embark on a change of careers.
Without necessarily realizing it, competent matchmakers exemplify some of the signature No Dark Corners (op cit) approaches to defending against insider threats. Their vetting process is akin to an enlightened new hire probation system, where penetrating scrutiny prevails over perfunctory checking. Their chaperoning and phased exposure to risk parallels the co-pilot model of limiting chances of undetected mischief. Finally, their ownership of their results keeps matchmakers vitally engaged in becoming and remaining a part of a team which is accountable for failure as much as for success. Until something like this happens in government-related background checks, look for more debacles to come.
-- Nick Catrantzos