Enter your email address:

Delivered by FeedBurner


E-mail Steve
This form does not yet contain any fields.
    Listen to internet radio with Steve Boese on Blog Talk Radio

    free counters

    Twitter Feed

    Entries in Recruiting (151)


    When HR's 'Do not reply to this email' becomes a security issue





    We have all seen these kinds of messages in emails coming from organizations - retailers, mass marketers, maybe even from e-newsletters from big publishers like the New York Times or the Huffington Post.

    Mostly, we don't give these messages, and their admonitions to NOT REPLY all that much thought. Who wants or needs to reply to Target's daily e-mail reminder of the TREMENDOUS Black Friday deals that are upcoming anyway?

    But there is definitely at least one scenario where these DO NOT REPLY emails are used where they are much more likely to elicit an actual response from the recipient - in the context of job applications when the DO NOT REPLY emails are going out to candidates from an ATS or a recruiter.

    It is an extremely plausible scenario that an applicant would want to reply to an auto-generated message from the ATS to ask additional questions, to make sure that all the needed application materials were received, or to simply inquire about the current status of the application itself. And while the argument over whether, especially for large organizations that receive millions of applications each year, should or can be able to respond to every possible candidate email will continue to rage, one thing is for certain - you should NEVER do what it appears Chiplotle (the big restaurant chain) did.

    Details below, courtesy of the Krebs on Security blog:

    The restaurant chain Chipotle Mexican Grill seems pretty good at churning out huge numbers of huge burritos, but the company may need to revisit some basic corporate cybersecurity concepts. For starters, Chipotle’s human resources department has been replying to new job applicants using the domain “chipotlehr.com” — a Web site name that the company has never owned or controlled.

    Translation: Until last week, anyone could have read email destined for the company’s HR department just by registering the domain “chipotlehr.com”. Worse, Chipotle itself has inadvertently been pointing this out for months in emails to everyone who’s applied for a job via the company’s Web site.

    (Michael) Kohlman said after submitting his resume and application, he received an email fromChipotle Careers that bore the return address @chipotlehr.com. The Minnesota native said he became curious about the source of the Chipotle HR email when a reply sent to that address generated an error or “bounce” message saying his missive was undeliverable.

    “The canned response was very odd,” Kohlman said. “Rather than indicating the email didn’t exist, [the bounced message] just came back and said it could not resolve the DNS settings.”

    A quick search for ownership records on the domain showed that it had never before been registered. So, Kohlman said, on a whim he plunked down $30 to purchase it.

    The welcome message that one receives upon successfully submitting an application for a job at Chipotle discourages users from replying to the message. But Kohlman said a brief look at the incoming email associated with that domain revealed a steady stream of wayward emails to chipotlehr.com — mainly from job seekers and people seeking password assistance to the Chipotle HR portal.

    “In nutshell, everything that goes in email to this HR system could be grabbed, so the potential for someone to abuse this is huge,” said Kohlman. “As someone who has made a big chunk of their career defending against cyber-attackers, I’d rather see Chipotle and others learn from their mistakes rather than cause any real damage.”

    There is more to the story over at the Krebs site, including the official response from a Chipotle spokesperson claiming that the company did not see this as a problem at all, the the web domain www.chipotlehr.com was not a functional address and never has been. At least until Kohlman registered it recently. If you go to www.chipotlehr.com right now all you see is a blank page containing one sentence - "This is NOT the Chipotle Human Resources Page".

    Kind of a silly, sort of ridiculous story all around I think, but one that should make HR and Recruiting folks at least take a look at the specifics of the auto-generated messages they are sending out to candidates and applicants.

    I am not at all telling you that you shouldn't use 'DO NOT REPLY TO THIS MESSAGE' emails in your process, but if you do, just make sure you are not potentially exposing your applicant's data to unintended audiences.

    Maybe take 5 minutes today to have a quick call with your Admins or IT team about this. It is worth it for the peace of mind. 


    Technology, process, or message - which one should come first? #OOW15

    I am out at Oracle Open World for a couple of days this week and have been reminded (in a good way) of just how massive both this event is and the breadth and depth of the technologies and applications that fall under the Oracle banner. This event is really more like 10 events in one, with all the various technologies and application domains, (sales, marketing, finance, HCM, etc.), all having their own segments, content, and dedicated demonstration areas. It is just a huge event.

    One interesting nugget from my first day out at Open World was an observation that was made in a session I attended called 'Connect Sourcing, Recruiting, and Onboarding for Better Not Just More Candidates', that was given by Ann Blakely and Jim Fox from the consulting/advisory firm BakerTilly. It was a solid session with many smart and practical steps that organizations can take to better design, optimize and rationalize the steps in a classic talent acquisition process flow.

    But to me the most interesting aspect of the talk was the way that the typical 'People/Process/Technology' relationship was described. Typically, and in most of the 3,490 times I have seen someone discuss the concept, the importance of aligning each element (people, process, and technology), and making sure that each one individually is given adequate attention and resources, each one is treated more or less equally. In a nutshell, people, process, and technology are all kind of viewed as the same, or equal elements or sides in some kind of HR tech equilateral triangle. 

    Which is cool, or at least better than the classic mistake of leading with technology or becoming a slave to pre-existing (and often inefficient) processes at the expense of the other elements. Usually no one seems to make the 'mistake' of placing too much value or emphasis on the people side of the triangle, which is both odd and illustrative I guess.

    But to get back to the presentation yesterday which was fully in the context of improving the overall talent acqusition function, the speakers looked at the 'people' side of the classic 'People/Process/Technology' triangle and instead referred to it as 'Message.' But more importantly than just the semantic change, the speakers emphasized that in talent acquisition the 'message' itself - the Employer Value Proposition, the brand values, the ways in which the company wants to portray and position itself in the talent market, all of these things, that the message should more of less define the processes and then lead you to finding and deploying the right technology.

    It was more or less, a call to lead with 'people' as opposed to lead with one of other sides of the triangle, (which we know never really works out), or even to treat them all at least conceptually equally. Figure out the message, essentially who you are, what you stand for, what you truly believe are the core values that will make you an attractive employer, and build everything else out and up from there.

    It was a cool idea, and one that for me, I know I have not heard advocated much in the past, maybe not at all.

    Let the 'people' and the message drive how you design the processes and how/where/what technology will be leveraged to support it all. I am coming to think more and more that HR tech and tools that put 'people' first will be the ones that win in the long run....

    Like I said, a really cool idea shared in one small room of a massive event.

    Have a great Wednesday!


    Need to fill a technical job? It helps if you are in one of these four cities

    Some really interesting and detailed data on jobs, job seekers, employment opportunities and the interplay among all the moving parts of the recruiting game in the recently released report from Indeed titled Beyond the Talent Shortage: How Tech Candidates Search for Jobs.

    There is plenty of fascinating information in the report, but the one element I wanted to call out was the really pronounced and increasing preference by tech candidates for only four popular work locations - San Jose, San Francisco, Seattle, and Austin. According to the Indeed report, "In 2013, interest in the 18 software-related jobs we analyzed was 3.3 times greater in San Jose, San Francisco, Seattle, and Austin than in the US on average. In 2015, interest in those cities was 3.6 times greater."

    The below chart from Indeed shows how these job seeker preferences for the 'Big 4' tech hubs compared to the US overall have increased over time:

    So the Indeed data just puts some numbers behind what you have probably known for some time - if you are recruting technical talent and are not located in one of these Big 4 hubs, you're likely entering the competition already in a losing position. The Indeed data shows that while cities all across the US, heck, all over the world, are seeing increases in open technical jobs, that tech candidates are only honing in their efforts more on the Big 4 tech hubs.

    So while in the past, and especially in times of recession, candidate interest would have been primarily driven by the availability of jobs, the increasing candidate interest in these 4 tech hubs suggests further concentration on the part of job seekers on these locales. 

    What can/should you be doing if indeed, (pardon the pun), you have difficult technical jobs to fill and you are not located in one of the Big 4 tech hubs? The analysis from Indeed offers a few decent suggestions:

    1. Get yourself to one of the Big 4 citiies. This is the 'fish where the fish are' strategy, and of course it is easier said than done. But if these trends continue on their recent trajectory, it is only going to become more challenging to recruit tech talent to non Big 4 locations. It might be worth setting up a small, satellite office in one of these sought-after locations when compared to the opportunity cost of having important roles remain empty.

    2. Let go of your 'Everyone needs to be physically at HQ' policy. Organizations have seemingly gone around and around on the value/importance of having everyone on the team physically co-located versus embracing more flexible work arrangements. And I suspect these conversations and shifts in attitude will continue to go on pretty much forever. But if the talent you need has decided they (mostly) would rather be in Seattle or San Jose and you are in Pennsyltucky then you might have to make some kind of a compromise.

    3. Figure out how to better 'sell' what your location does have to offer to candidates that generally prefer the big Tech hubs. A while back I wrote a post about 'selling' your non-glamourous city to candidates, and the things i touched upon then I think are more or less still true now. The Big 4 cities may have a lot to offer candidates, but (hopefully) your city does too. And it might also be time to take a cue from politics once in a while and go negative - those Big 4 tech hubs are not all wonderful, and your city might have the edge in things like cost of living, open space, even the presence of 'winter', which I am told some people enjoy.

    There is plenty more interesting information in the Indeed report - take some time to look it over if you are at all interested on what their data shows and suggests about the market for technical talent.

    Have a great weekend!


    A reminder that even the world's most admired company has hiring challenges

    Lots of words are spilled in the HR/Talent/Recruiting space that more or less read something like this - 'Oh sure, that (insert HR/Recruiting/Benefits program of choice here), might work for Google or Apple, but there is no way that applies to us, we don't have a sexy, well-known brand.'

    Said differently, it is more or less commonly accepted that companies like Google, Apple, Nike, Goldman Sachs, etc., have incredible advantages in competition for talent by virtue of their brand equity, vast resources, employer brand reputation, and the like. If you are repping one of these companies from Fortune's World's Most Admired Companies list, you would think you pretty much could dial up anyone you need and they would be sold on the opportunity. And that is at least partially, if not mostly true.

    But even the World's Most Admired Company for 2015, Apple, faces the occasional recruiting challenge. Yep, I know, hard to believe.  But apparently in the global fight for scarce data science talent, even Apple has some issues attracting talent. From a recent piece on The Stack titled Apple's privacy policies repel the data scientists it needs to create 'predictive' smart phones:

    Just for once, it seems that Apple ‘can’t get the staff’. According to a Reuters exclusive, the Cupertino-based global device giant is falling behind in the race to create ‘predictive’ services for smartphones because its privacy policies are too protective of the end-user.

    The report has crunched numbers on Apple job openings and talked to various industry insiders, many of whom agree that Apple lacks the best conditions to attract the very limited supply of data scientists necessary to leverage cloud-based services and anticipate the most minute demands of smartphone users.

    The reason for the company’s difficulty in challenging the likes of Google, Facebook and Amazon for the brightest and the best new minds in data science and analysis seems to lie with its commitment to protect the privacy of its users. The report notes that data retention policies on user-centric information gathered into its Siri ‘personal assistant’ product is a reasonably generous six months, whilst information retained from the user’s exploration of Apple Maps expires after only 15 minutes

    So it looks like the world's best talent in the field of data science doesn't like the fact that Apple keeps comparatively less data around upon which to practice their science. Companies like Google and Facebook in comparison, seem to offer these scientists more of a playground for them to challenge themselves with.

    A couple really interesting points I think worth noting in this story, that are probably true for both the World's Most Admired Companies and for your shop as well.

    1. The work, then challenge, and the opportunity to be your personal best in your field still trumps the 'Brand' or the reputation of the company in general. Apple might be the #1 company in the world to work for, but for this group of highly scarce and talented folks it is the work that matters more.

    2. Often the factors that influence a candidate's decision about joining an organization sit well out of reach of the org's HR/Recruiting leadership. No matter how much influence the HR and Talent organization has at Apple, they are never going to impact Apple's customer data storage policies and practices.

    3. For a big company like Apple with lots of resources, acquisition might be the best (and only) way to get the talent that they require. The related Reuters study notes that Apple's 'acquisitions of startups such as podcasting app Swell, social media analytics firm Topsy and personal assistant app Cue have also expanded Apple’s pool of experts in the field.'

    Interesting times out there when even the most well-known, most valuable and most admired companies is facing recruiting issues. I guess that sort of makes the rest of us feel good, maybe a little anyway.

    Have a great Wednesday!


    WEBINAR: Top 10 Ways To Use Glassdoor For Good (Not Evil)

    Some time back I wrote that I thought Glassdoor was one of the most interesting companies in the HR and HR Tech space. I believed that back then, and I think it is probably even more true today. 

    Ask yourself (and be honest) - If you were considering joining a new company is there any possible way you wouldn't check out their Glassdoor ratings, reviews, and interviewing tendencies?

    Of course you would - you would be a fool not to. And that same logic is being applied by I bet 95% of the candidates you are trying to pluck from your competitors too. Like it or not, (and plenty of CEOs probably don't), Glassdoor and other employer reputation sources are now too big, too influential, and too much of a 'given' as a source for candidate research for you as and HR/Recruting pro to not be engaged with them on behalf of your organization.

    But how to get in the Glassdoor game if you are a little late to the party? First step - close that MySpace account. And next? 

    Sign up for the latest installment of the FREE Fistful of Talent webinar on September 17 at 2PM EDT titled Top 10 Ways To Use Glassdoor For Good (Not Evil), where the FOT crew will hat’s why we’re going deep on reputation sites like Glassdoor.

    Topics to be covered on the Webinar include: 

    How the the Yelp-ification of America—the trend towards consumer-based reviews in almost every area of our economy—is changing the way employees and candidates think about job search and employer brands. It’s second nature for your employees to rate a restaurant, a book or a movie online. That means that employees of all types (not just the ones who want to complain) are more willing than ever to participate in your brand through user review

    The 5 Biggest Myths about company reputation sites like Glassdoor and tell you which ones are completely BS and which ones you actually perpetuate by not fully engaging on sites like Glassdoor. We’ll hit the usual suspects here: “The only comments are from the bad employees”  and “The salary data out there isn’t factual,” and tell you why things have changed. More importantly, we’ll cover how you actually may make the myths a reality by not fully engaging on reputation sites.  Think about that last sentence: You’ve got to be in the game to influence the game

    A 10-step playbook on how to engage on reputation sites and become more of a Marketer as an HR/Recruiting Pro.  It’s true—you wouldn’t have read this far if you didn’t want to learn more about how to use reputation sites like Glassdoor to maximize your company and your career. We’ll help you get started.

    The FOT crew always delivers the goods, I highly recommend you get your push to the end of 2015 going strong and check out the Top 10 Ways To Use Glassdoor For Good (Not Evil), on September 17 at 2PM EDT.