Vetting the Vetted
- Apr 1
- 3 min read
Updated: Apr 2
Trust Isn’t Permanent
We spend a lot of time and money vetting people before they ever approach a system. Background checks, interviews, reference calls, etc., on-boarding is sometimes treated like a security finish line. In reality, its actually just the starting point.
Risk doesn’t show up neatly packaged and able to view on day one. It evolves after access is granted. In cybersecurity, some of the most damaging incidents come from trusted insiders. The Chelsea Manning's, Edward Snowden's, and Reality Winner's. People who already have credentials, already understand the environment, and sometimes, already know where the valuable data lives.
That’s what makes the idea of “one-and-done vetting” so dangerous. Systems trust shouldn’t become permanent as it’s situational and changes over time.
The Risk That Grows After Day One
Insider risk lives on a spectrum. Sometimes it’s malicious, for instance a disgruntled employee walking out the door with sensitive data. Sometimes it’s careless: someone clicking a phishing link or mishandling information. And sometimes it’s neither, they’ve simply been compromised by a threat actor now operating through a legitimate account.
What all of these scenarios have in common is timing. They happen after trust has already been established. Just remember, circumstances change. Financial pressure, burnout, personal conflict, these things may not show up in a background check.
At the same time access tends to expand. Roles evolve, permissions accumulate, and before long, permissions creep may allow far more access than originally required.
This combination is where risk quietly grows.
When Traditional Vetting Falls Short
Traditional vetting is truly just a snapshot.
It tells you who someone may be at a specific moment in time vs. who they are in six months (or even six years later). It also doesn’t account for how environments change.
In fast-moving organizations access boundaries can quickly blur. Without active management, “temporary” permissions become permanent and oversight lags behind reality.
The result? Increasingly outdated permissions for current operational requirements.
From Trust Once to Trust Continuously
Have you noticed the way modern security is shifting away from static trust toward continuous validations? It’s a simple idea: instead of assuming trust holds, verify it still does by:
The Continuous Trust Shift |
Eliminating Open-Ended Access | Strong programs enforce least privilege, meaning people only have access to what they need, when they need it. |
|---|---|
Auditing Behaviors and Identity | It’s not enough to know who or what access is granted as there’s also a need to understand how they typically operate. When a user suddenly logs in at unusual hours, downloads large amounts of data, or accesses systems outside their role, those signals matter as they indicate change. |
Morphing Implicit Trust | Internal users are increasingly becoming continuously authenticated and validated. Every request, every action, every access point becomes part of an ongoing trust decision. |
Cultivating Visibility | Logging, monitoring, and audit trails help ensure actions taken within a system are traceable and reviewable as a necessary layer of accountability. |
The Thin Line Between Security and Surveillance
Of course, continuous monitoring tends to raise an uncomfortable question: Where’s the line drawn?
Poorly implemented and these practices can feel intrusive, almost like the organization is watching employees rather than protecting systems. This is where intent and transparency truly matter.
For instance, if the goal is to reduce blind spots: clear policies, open communication, and well-defined boundaries go a long way. Employees should understand what’s being monitored, why it matters, and how it protects both the organization and them.
When programmed with intent, these security controls reinforce trust by creating a stronger, more aware security culture.
Trust Is a Moving Target
Vetting will always matter. It’s a critical first step and it’s just that, a step. In today’s connected world, access has become fluid and threats are adaptive so trust shouldn’t be static. It must become continuously evaluated, continuously earned, and continuously verified.
Because the real challenge in cybersecurity is more than who to trust, it’s ensuring trust still makes sense today.
![Security Alert: Immediate Action Required! [RANSOMED]](https://static.wixstatic.com/media/nsplsh_379d975fb85242baadb1a5dc5a02a094~mv2.jpg/v1/fill/w_980,h_653,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/nsplsh_379d975fb85242baadb1a5dc5a02a094~mv2.jpg)
