This startup mails job applicants an encrypted hard drive with Bitcoin on it as a test of their hacking skills because good cybersecurity talent is so hard to find
- The "talent gap" is a perennial problem in cybersecurity, with top firms competing over a limited talent pool and often struggling to fill high-paying positions.
- Security firms are often hard-pressed to find job candidates with experience and skills that fit their highly-specialized work.
- Red Balloon Security, one of the leading cybersecurity firms specializing in internet-connected device security, aims to lure top talent for its security researcher roles, which pay up to $246,000.
- Red Balloon founder and CEO Ang Cui told Business Insider about the company's unorthodox hacker tests for job candidates, which are designed to select for people who fit the firm's niche.
- Visit Business Insider's homepage for more stories.
The box arrives in the mail containing a hard drive, an adapter, a cryptic note, and several cartons of Nerds candy.
"Hello Comrade!" the type-written note reads. "Welcome to your quest!"
Recipients are informed that locked inside the hard drive is 0.1337 Bitcoin — worth roughly $4,680 at the time of writing — along with a set of GPS coordinates. (The very specific amount of Bitcoin is an in-joke: a tongue-in-cheek reference to "1337," hacker-speak for "leet," itself short for "elite.")
If the recipient can crack the hard drive's encryption and claim the cryptocurrency, they're instructed to use their winnings to purchase a ticket to New York City to meet the box's sender at the location provided.
It may sound like a plot device from a spy novel, but the package is in fact a technical interview for a job as a cybersecurity researcher at Red Balloon Security. The test is meant to identify job candidates with the skills and passion that align with the job requirements — and it shows the creative lengths security firms will go to in order to find talent that matches the niche skill set their positions demand.
The field of cybersecurity is only growing, but demand for talent is rapidly outstripping supply. Contributing to that talent gap are many factors: The field is growing faster than higher education programs can train new specialists, even as the cybersecurity industry itself is perceived as niche and hard to break into.
Red Balloon designed its unorthodox hacker test to both entice potential applicants with the challenge, while also selecting for people with the skills necessary to work there, founder and CEO Ang Cui told Business Insider.
"We're a small company, we're looking for a very niche type of security person, and we don't have the massive amount of human energy to waste on screening through every single resume," Cui aid.
Founded by Cui in 2011, Red Balloon specializes in internet-of-things security, also known as embedded systems security. The firm focuses protecting against hackers trying to break into internet-connected devices ranging from printers and security cameras to Amazon Alexa-powered speakers and cribs.
The firm's business hinges on security consulting for large tech companies and public sector clients, and it licenses its own own technology to secure clients' firmware. Its past customers include Siemens and the ATM maker Nautilus Hyosung, and it previously led a Department of Homeland Security-funded research initiative. Red Balloon raised $21.9 million in Series A funding in 2018, according to Crunchbase.
Because of its narrow focus, the firm faces a recruiting dilemma that's common in cybersecurity: its area of specialization involves brand-new technology, so there's no single established education or career pipeline feeding a distinct talent pool. Cui said the technical test is designed to select for people with hacking know-how who can teach themselves how to solve a problem they've likely never encountered before.
"We're one of the few companies in the world that do this, outside of various intelligence agencies," Cui said. "This is not something that schools teach."
The test itself is deceptively simple. With sparse instructions included in the typewritten note, applicants are guided to make changes to the hard drive that would be permanent and invisible to others who access its operating system — a feat that was long believed to be impossible in the hacker community until the Russian cybersecurity firm Kaspersky published findings documenting such an execution in the wild in 2015.
Red Balloon is generous with its test materials, sending them out to almost everyone who applies, according to Cui. So far, the solve rate for the hacker test is around 1%, he said, adding that Red Balloon regularly changes parts of the test to make sure applicants can't share their work online. The New York-based company has 29 employees, six of whom have joined in the past year.
"If I send out 150 to 200 pounds of hard drives, I will typically get back one human team member," Cui said. "It's a worthy investment."
Source: Read Full Article