Blurring the Line Between Sourcing and Hacking

Several times throughout my career, I have been referred to as “some sort of hacker”. This was usually after I demonstrated some cool sourcing techniques which involved pulling information from a public site or database. This still makes me smile, especially since I know what a hacker really does and what skills they possess.

The mindset of the hacker and the sourcer are similar in nature. In almost all cases of a sourcer, the line is drawn at information that is available publically. That is to say, information that is accessible without login credentials. Of course there are a couple of sourcer / coder / hacker types that operate without limits, but I will not name them here. For fear of trouble with the local government!

Searching, downloading and manipulating information is what makes sourcing fun (besides the candidate identification & assessment). For sourcing and hacking, the thought process and questions are similar:

  • What information is available to me?
  • How much information do I need?
  • What is stopping me from getting this information?
  • How can I get more information?
  • How can I get ALL the information?
  • What are the consequences (if any) in getting this information?

Sourcing Tools and Open Source Intelligence

Sourcers and hackers use search engines, social media, username searches, and other OSINT (Open Source Intelligence) tools. Although some tool are paid-for, most of them are free to use. Important information about an individual, a social media account, a group, or an entire company can be deduced. Much of it relies on the fact that the internet is a treasure trove of public information.

For a sourcer, this information works two-fold: it can lead to direct contact information, or it can give the sourcer a more complete picture of the candidate. For a hacker, this information could be used to target power users or gatekeepers in a company. The hacker may utilize phishing attempts or other means to get login credentials.

When hackers and sourcers use these tools, the potential candidate (or victim) usually has no idea that they are being targeted. Hackers and sourcers use clues, reference information, and calculated guesses when researching. The following examples are just a few of the similarities that exist between hackers and sourcers.

Using Sourcing Tools – Hackers

If you were a hacker, you might try email phishing schemes to get your way into an organization. But if the company has 10,000 employees, how would the hacker know who to target? Even if it was possible, sending an email phishing scheme to every single employee would not be practical. Instead, the hacker needs to SOURCE the right people to target.

A hacker could use organizational tools like LinkedIn, Zoom, Crunchbase, Angelist, etc. to identify and target members of an organization who potentially have security access or server access. They could target sys admins, engineers or even managers.

After identifying the profiles, the hacker could use email enrichment tools (like Contacts+, ZapInfo, Phantombuster, etc.) or email address generation tools (like Hunter, Lusha, ContactOut, Hiretual, Seekout, etc.) or email validation tools to figure out where they would send the phishing email.

Once the hacker validated the corporate email addresses of employees with critical positions, they would utilize other OSINT tools to deduce the location and phone numbers of the targeted employees.  Then they might hack their social media accounts using phishing methods or other tools.

Using Sourcing Tools – Sourcers

Sourcers are not trying to break into a corporation and gain access to the security systems within. But if they had to identify and contact specific candidates for a potential role, then the tools and steps would almost be identical.

The sourcer would find and identify potential candidates for an open job role. Then they would have to figure out how they would contact those candidates. Using a message on social media might not be enough. So the sourcer would need to acquire the email or phone number for the targeted candidate. This would involve using the same tools for email enrichment (Contacts+, ZapInfo, Phantombuster, etc.) and address generation (Hunter, Lusha, ContactOut, Hiretual, Seekout, etc.)

The sourcer might even use OSINT tools to find mobile phone numbers of a candidate. Between the sourcer and the hacker, there is little difference!

Username Searches – Hackers

Hackers also try to figure out the login credentials of a target. The brute force method of hacking usernames and passwords can be incredibly time-consuming, and in some cases you can blow your cover. But time can be saved with username search tools like KnowEm, NameChk, NameCheckr and more.

Many people use the same password for their work and personal email accounts. And there may be a high number of individuals who have the same username for both accounts. The usernames can be verified on specific social media accounts. They can be used in a phishing attempt to gain control of login credentials. The usernames, along with randomly generated passwords, are used by hackers when attempting to login as someone else.

Username Searches – Sourcers

Sourcers would use the same search tools to cross reference the username of a target candidate and then view the social networks where that username is registered. Since social networks have different amounts of available information, they could benefit from a missing piece of information on one of those pages.

Sourcers could also use these tools to find and verify emails. The usernames of the targeted candidate could be matched with popular email domains (like Gmail, Yahoo Mail, HotMail, Outlook, Apple Mail, etc.) and then verified with an email verification tool or a data enrichment tool.

Let’s say the sourcer found out that their target candidate has a username on Twitter:


They could then combine that username with popular email domains and verify those with email verification tools. Or even better yet, tools like Contacts+, Clearbit, DeBounce, Swordfish, Gmail, or many others.

Domains – Hackers

Hackers will target websites using DDoS attacks and DNS hacking. They may identify the nameserver of a target domain using a tool like WHOIS or DNS Checker.  They may target IP addresses of specific servers. Since web and MX server (email server) records are searchable online, the threat is always there.

Domains – Sourcers

Sourcers might look up information about a website domain, but only if it’s a site that belongs to one individual. WHOIS lookups can provide emails, phone numbers and sometimes even addresses! Even if the domain is registered privately, there are ways to get your message directly to the website owner. When all else fails in reaching your candidate, this method can be last resort.

Sourcers may also look at old copies of webpages on a domain. The reason is because sometimes vital contact information on a page will get removed. Using Google cached copies or the Internet Archive will allow the sourcer to see those older pages and discover some past secrets.

Filetypes – Hackers

When you save a file on your computer, information gets added into the properties of that file. This includes DOC, DOCX, PDF, XLS, XLSX, PPT, RTF, TXT and many more. Sometimes those properties contain important information like the name of the author, the company, the manager, the owner, the version and more. Companies may not want this information available on the internet. Hackers could use this information for malicious reasons.

There are also hidden attributes in files that could be exploited. Filetype: searches on Google and mime: on Yandex allow hackers to easily access any files that have been uploaded to a web server. If they had the money, a super OSINT tool called Maltego could also be used as part of this process.

Filetypes – Sourcers

Sourcers will conduct the same searches when dealing with file types. Besides the content of the files (which sometimes includes confidential & financial information), there is the added bonus of the metadata or file properties.

Sourcers use the filetype: operator for all kinds of searches. Everything from resume/CV searches to spreadsheets with contact information. Even way back in the 90s, you could run filetype: searches for the .mp3 extension and download free music (Alta Vista, baby)!


So as you can see, the sourcer and the hacker are not that different. While your average sourcer can’t script like a hacker, they both possess a knack for search, deduction and persistence. Hackers and sourcers use all kinds of tools to gather information about their potential prospects. The answers usually don’t lie in one place. Instead, they must connect the dots, read between the lines, and draw conclusions. So if you ever get asked if you are a hacker, you can simply smile and say “yeah, something like that”. ūüôā


The Power of Positive API’s


Tech sourcing! Always fun! If you are tired of seeing the same people, try looking in a different place online. What about Kubernetes / Container folks? You could always search local Meetup groups like this one:

1369 members! As long as you have a free Meetup account and are logged in, you can see their full name. But this could take a long time to source….#sadface.¬† And there are only 10 results per page…#doublesadface.¬† What to do? How about you use Meetup’s API? It’s free! There are many calls you can make, one of which is to extract all the members of a group: Continue reading

Sourcing Location without Getting Lost

There are so many different ways to find candidates. The variety of searches and candidate sources make it worthwhile to try these different methods out. But not all methods are created equal. And some don’t have all the information in once place.

What about location, for example? Sure, these great searches will find you many candidates, but what about candidates in your part of the pond?If you are someone who sources all the time in your job or only part of the time, you still want to get as much information as you can for these searches.

So let’s talk about location. In order to add a location aspect to your search, wherever it may be, you need to first figure out the different ways that your audience will reference that specific location. They could include ANY of the follow and more: Continue reading

It’s Australian for Sourcing, mate

Helloooo¬†everyone, I’m back! ¬†Now most you are are saying to yourself, “when were you gone?” ¬†But I can tell you that I have been on a tour with Derek Zeller (@derdiver), Matt Charney (@mattcharney), and the rest of the ATC Events gang (@atcevent) speaking at¬†the Sourcing Social Talent conferences. ¬†#SST2014


It was a whirl-wind adventure visiting Sydney, Melbourne, and Auckland within the space of 10 days while speaking at a conference in each city.  I wanted to share my observations with everyone about the state of sourcing over there, the industries they focus on, the types of reqs they get, and the solutions that we came up with.

The Conferences

The reason for my semi-cheesy picture on this post is for a very good reason. ¬†The 2 speakers that I was with had some very good content woven into their presentations. ¬†Matt Charney presented the reasons why recruiting is so far behind marketing in terms of messaging and content. ¬†And this included the USA! ¬†The message was simply (and brilliantly): recruiting = marketing = sourcing = recruiting. ¬†Anyone who argues against that fact doesn’t understand their job very well.

Derek Zeller talked about candidate interaction and the power of candidate bonds. ¬†You may not end up placing that candidate, but do the extra work to make them feel like a person (rather than a metric) and it will pay off for you. ¬†Also, Derek asked the audience who the best sourcer was and then¬†put up a¬†picture of Professor Xavier. ¬†Hence, my funny picture reference to Australia (please don’t get mad at me, NZ for lumping you guys in with AUS, but I didn’t have time to write 2 separate posts!) Continue reading

The Future of Recruiting


Looking into the future is sometimes easy to do, if you know where you’re going. ¬†You don’t even need a time machine. ¬†So what what about the future of recruitment? ¬†Well the answers have been here all along. ¬†The signs are¬†continuously pointing to what recruitment is, and what it will look like in the future:

  1. Sourcing has been evolving and continues to do so – Heywaitasecondhere….isn’t this a blog post about recruiting? Yes, it is. ¬†But the role of the sourcer has evolved. ¬†At SourceCon in Denver this year, I spoke about the Modern Day Sourcer and what they do. ¬†Part of the talk focused on the increasing skills of candidate engagement, technical know-how, and candidate closing that many sourcers of today possess. ¬†These increased and expanding skills will change recruiting. ¬†But don’t worry, it will be for the best. ¬†This just means that recruiters will take up more sourcing and technical skills as well, which will blur the lines between the two roles even more.
  2. Everyone knows where everyone is – Internet search, cold calling, networking, and good ol’ fashioned detective work have made it very easy to find just about anyone. ¬†Once you know how to find these people the only thing that really matters is engagement. ¬†Which brings me to my third point…
  3. Content is the new recruiting AND sourcing – I have to give my colleague Jim Stroud credit here, since he has a book called “Content is the New Sourcing”. ¬†But I want to take that a step further for recruiters. ¬†The content of any and all recruitment branding should be handled with the polish, targeting, and forethought that corporate marketing teams use. So besides the content of landing pages, blogs, candidate emails, and social media sites, the verbal communication between the recruiter and candidate must be targeted, precise, and sound like it’s coming from someone who will work directly alongside of the candidate once they are hired. ¬†Establishing that rapport and demonstrating the knowledge of the job, team, company and industry is paramount. ¬†We need to sound less like sales and more like fellow engineers.
  4. Speak to your candidate, not their demographic – Long gone are the days of “we are a 10 ten company to work for…join us”. ¬†The reason why those days are gone is because every candidate in this market has a ton of “top companies” that they can choose from. ¬†The courtship between candidate and corporation needs to be even more precise, personalized, and above all…honest. ¬†Candidates can easily detect if your company is full of B.S. or if there are a host of unhappy employees behind that recruiter’s smile. ¬†So instead, find out everything there is to know about your candidate and speak to the motivating factors that drive them. ¬†I’ll give you a hint: it’s not all about money $$$$$.

In the end, the only way this will work is if we all step up our game. ¬†Yes, personalization takes time. ¬†Yes, learning about every single technical aspect of your company takes time. ¬†Yes, you can easily just post jobs and catch whatever gets caught in your net. ¬†But are you getting the job done? ¬†Or are you putting a piece of duct-tape over a burst pipe? ¬†Sure it works at the moment. ¬†But if there’s one thing I know about the future, is that it’s a finicky creature who never does what you think it will. ¬†ūüėČ

– Mark Tortorici
Founder & Training Expert
Transform Talent Acquisition

The Power of TMTOWTDI in Talent Acquisition – Part II

Part II of Our @ATCevent #SST2014 Series

Last week we talked about the power of TMTOWTDI (pronouced TIM-TOADY) in sourcing.  The idea is that there is more than one way to source for a req.  Now today we will talk about the next steps in the process: Candidate Engagement and Attraction.  TMTOWTDIWhen reaching out to candidates via email and the phone, what is the correct way to approach them?  What is the best way to message them?

The real question you should be asking is: What do you have that they want?  This is a very simple question with a host of complex answers that are changing all the time.  There is only one way that you will get the answers you need.  By PICKING UP THE PHONE AND TALKING TO THE CANDIDATE!

Now I know that I sound angry by typing in all caps, but I’m really trying to drive home this¬†point: ¬†Too many sourcers and recruiters are afraid to pick up the phone and instead only do what is called “email recruiting”. ¬†The problem with that method is that it’s difficult to get an honest (or close to honest) read of the candidate. ¬† ¬†We live in a world where people can hide. ¬†They hide behind emails, they hide behind social profiles, they hide behind comments on websites. ¬†This technological separation between people allows them a certain level of protection and feeling of bravery. ¬†The downside is that the¬†candidate’s answers are not spontaneous, they are edited many times over, and sometimes they are not even their own answers! Continue reading

The Power of TMTOWTDI in Talent Acquisition – Part I

If you are a programmer, you understand the meaning and power that TMTOWTDI (pronounced TIM-TOADY) can give you.  It originates from the world of Perl but also programming practices in general  it means that for every solution to a problem, there is more than one way to do it.  There are different ways to write the code in order to achieve the desired results.

Now before I receive an onslaught of emails from programmers, I also agree that the simplest, cleanest solution is usually the best for coding and low overhead in a software program.

But for candidate attraction, we need more than one way to find those candidates and attract them to the company.  How many ways can this be done?  The answer is as many as you can imagine.  Even if you use the simplest method in the world for finding candidates, that does not necessarily guarantee a hire.  So instead, you picture what the perfect candidate profile looks like, and then devise many different paths to get to that candidate profile.  If you just rely on one method, whether simple or esoteric, you are missing out on candidates and possible hires.

It Starts with the Req

Let’s take this Environmental Engineer req in Sydney, Australia:

” Track record in¬† power/energy and civil infrastructure projects. ¬†Senior Environmental Engineer with heavy civil engineering experience. Continue reading

Follow the Process…Even in an Ocean of Candidates


Mark looking for potential candidates

While having an email exchange with my friend Lisa Amorao (@leese), she mentioned to me a certain req that she needed filled.  As we talked, I figured out that this was a req unlike most.  As we went back and forth about what she was looking for, I was reminded about always sticking to the sourcing process, no matter what the req.

Here’s a quick background about Lisa for the story: Besides being an avid Social Marketer in the staffing industry, Lisa is also an open-water / cold-water swimming fanatic. ¬†Whether it’s around the SF Bay Area, or anyplace that she travels to (provided there’s a¬†nearby¬†ocean), she will be there swimming. ¬†She mentioned to me that she needed to find a Cold-Water Swim Coach, or as she put it, a Cold Water Sherpa.

Now I immediately realized that the “Cold Water Sherpa” title might not be an officially recognized one, so I did what any right minded sourcer would do, follow the sourcing process:

  • Conduct the req intake meeting (or as we call it, the req huddle)
  • Ask questions during the req huddle to clarify, and pitch alternative profile ideas
  • Find out what the “must haves” are, and think of multiple ways to find those qualifications
  • Talk about places that these candidates might hang out at (besides the beach…DUH!)

The Req:

So here is what the req ended up being: Continue reading

It’s Tool Time: Google’s Personal Blocklist

tool_timeThat’s right, ladies and gentlemen! ¬†It’s Tool Time! ¬†That is, tools for your web browser and tools to help automate your sourcing life.

Last week at a conference, I was talking to a like-minded sourcing guru/technophile.  You know him by his real name: Dean Da Costa.  As we talked about sourcing tools, add-ons, extensions, and whatnot, we talked about blocking domains from search results on Google.

Now for years I have used a Greasemonkey (or Tampermonkey for Chrome users) script called “Google Domain Blocker”. ¬†It’s a very cool script that blocks domains of your choice from showing up in your Google results.

Setting this up was a 2-step process: Download Greasemonkey (for FF) or Tampermonkey (for Chrome) and then go to to find the javascript. ¬†The process wasn’t all that difficult.

But after my conversation with Dean when I told him about the Greasemonkey script, he told me about Personal Blocklist (by Google).

This new extension is a very good thing. ¬†Not only is it a one-click effort to add it to Chrome, but just like with the Tampermonkey¬†script, you can import & export your list of blocked domains. ¬†And also, it’s apparently made by the big G.

Now why is this the most important thing in the world for you? ¬†I’m glad you asked! Continue reading

Crossing Over to the Other Side – From Agency to Corporate

Hiring Technical Recruiter or Sourcer with agency background experience has always been a trend. Why is this? What are the skills that agency recruiters and sourcers have that make them appealing to leaders of corporate staffing teams? Also, if you do work on the agency side but want to break into corporate, what do you have to do? Do you possess the skills that will make you marketable to a staffing team on the corporate side? Of course, just because you work at an agency doesn’t guarantee that you are instantly AWESOME. You still have to be good at your job. Here are some of the transferable skills that are needed in order to cross over to the other side. And why corporate staffing managers should pay attention.

Skills to Pay the Bills

If you have a good agency recruiter or sourcer who is on your doorstep applying for a job, then here are some the skills that will be of benefit to you:

  • Time management ‚Äď I you‚Äôre thinking: Well yeah, duh!!! Of course recruiters have to be good at time management. But agency staffers have to source, recruit, and submit candidates for new jobs opened THAT DAY. Sometimes within a couple of HOURS!
  • Competitive ‚Äď Of course everyone in staffing is competitive. Companies are all vying for the same top talent and there is only so much to go around. But in the agency world, you are normally competing with 30 or so staffing agencies on the SAME JOB. You can bet agency staffers are competitive and FAST. Their ability to identify, qualify, and submit candidates quickly is their livelihood.
  • All around technical knowledge ‚Äď Most corporate recruiters and sourcers work within a single vertical or group. They usually have 5 to 10 open reqs they are working for the length of their stay at the company. Agency staffers receive multiple new reqs each day from a wide variety of clients. This means over the course of a few days, a recruiter could work on an IC Design Engineer, a Software Validation Engineer for a biotech company, then move on to a Techno-Functional Oracle ERP implementation consultant, tackle a DevOps engineers with cloud platform experience, before finally wrapping up with a Finance Manager who has EFT / ACH systems experience.
  • Ability to work without hiring manager req intake meetings‚Äď Because many agencies are RPO, VMS, or contingency-based, they often times have no contact with the hiring manager. They do not typically get clarification, job insights, or what‚Äôs written between the lines of the req. Because of that, agency recruiters and sourcers must use their experience, instincts, and research skills in order to figure out the correct angle when working a req.

Continue reading