The GoodStrat Strategy Team, London Tuesday 17th March 2026

To neutralise the “industrial-scale rot” of global hiring, your vetting process must shift from a posture of trust but verify to one of hostile interrogation. The goal is to break the “proxy” (where a different person speaks or codes) and the “emulator” (where the candidate uses AI or pre-written scripts).

Here is a three-stage, “Zero-Trust” technical vetting framework.

---

Stage 1: The “Digital Fingerprint” Audit (Pre-Interview)

Before a single minute is spent on a Zoom call, the candidate’s digital trail must be forensicly audited.

• GitHub Forensic Analysis: Look for “Burst Activity.” Charlatans often buy or Photoshop GitHub profiles. Check the commit history for consistency. Are there 500 commits in one week after three years of silence? Are the commit messages generic (“Update readme.md”)?
• LinkedIn Reference Cross-Referencing: Do not trust the provided references. Find “blind” references, former colleagues at the same firm during the same tenure, and message them directly.
• Metadata Scrubbing: Request a code sample or a technical paper. Check the document metadata. If a “Senior Dev” from Hyderabad submits a PDF authored by “John Smith” or created on a trial version of Adobe Acrobat last Tuesday, the process ends.

---

Stage 2: The “Live Fire” Technical Assessment

The traditional “take-home” assignment is dead, murdered by ChatGPT and “proxy” services. You must move to Live, Proctored Synchronous Coding.

The “FizzBuzz Plus” Baseline

Start with 5 minutes of dead-simple logic. If they claim 8 years of Java experience but struggle to iterate through a HashMap or explain the difference between an interface and an abstract class without stuttering, they are a body-shop product.

The “Reverse Code Review”

Instead of asking them to write code, provide them with an intentionally broken, vulnerable codebase. * The Task: “Find the three security flaws and two logic bugs in this 50-line snippet.”

• The Filter: Proxies are good at memorising LeetCode algorithms; they are terrible at debugging unfamiliar, “messy” real-world code under pressure.

The Screen-Share / Multiple Camera Policy

Require a full screen-share (entire desktop, not just the IDE) and a secondary camera (smartphone) angled to show their hands and desk. This prevents “hidden pilots” from typing for them or the use of secondary monitors for AI prompting.

---

Stage 3: The “Architectural Interrogation” (The Deep Dive)

The final stage is designed to expose “Vaporware” experts and “Thought Leaders” who haven’t touched a compiler in years.

The “Drill-Down” Technique

Pick one project from their resume. Ask them to whiteboard the architecture. Then, drill down into the why:

• “Why did you choose NoSQL for this specific schema?”
• “What was the biggest production outage you caused on this project, and how did you fix it?”
• The Red Flag: If the answer is purely buzzwords (“We used a scalable microservices architecture with high availability”), but they cannot explain the specific load-balancing configuration or the latency trade-offs, they were a passenger, not a driver.

The “Evolution” Test

Ask them to modify a design they just proposed. “Now, assume your user base grows by $1000\%$. Where does this architecture break first?” A true engineer will point to the database lock or the network bottleneck; a charlatan will suggest “adding more cloud.”

---

Verification Table: Competent vs. Charlatan

Feature	Competent Engineer	The “Industrial” Charlatan
Problem Solving	Asks clarifying questions about constraints.	Starts typing immediately (often a memorised script).
Error Handling	Admits when they don’t know a library; looks it up.	Confidently hallucinates or waits for the “proxy” to feed them.
Tooling	Fluid use of IDE shortcuts and the terminal.	Clumsy navigation; struggles with basic environment setup.
Communication	Explains the logic behind the code.	Narrates exactly what they are typing (“I am making a loop now”).
Resume	Specific, measurable impact (e.g., “Reduced latency by 20%”).	List of 40+ technologies and vague “leadership” claims.

---

The Hard Truth: This process is expensive and time-consuming. However, the alternative, onboarding a “North Korean proxy” or a “Hyderabad script-monkey”, costs $10\times$ more in security breaches, technical debt, and team burnout.