The startup Red Balloon Security, specializing in connected devices, is looking for researchers who are paid up to $ 246,000 a year
The box is brought home by the postman. Inside are a hard drive, an adapter, a note with instructions, and several boxes of candy.
“Hello comrade!”, Can be read in the note. “Welcome to your challenge!”
Recipients are told that hidden inside the hard drive are GPS coordinates and about 0.1377 bitcoins, the value of which amounts – at the time these lines are written – to about 3,850 euros. The very specific amount of cryptocurrencies is also a kind of joke: 1337 is a way of reading leet, a word that in hacker jargon is used as a synonym for “elite”.
If the recipient is able to bypass the hard drive encryption and claim the cryptocurrencies, they will receive instructions to use that money to buy a ticket to New York and there meet the person who sent them the box.
It may sound like a spy novel plot, but These packages are actually a technical job interview for a position as a cybersecurity researcher at Red Balloon Security. The test is designed to identify the candidates with the skills and passion necessary to qualify for the job offered. It also demonstrates the creativity with which cybersecurity companies are trying to discover talent that can fit into the niches and positions they offer.
Ang Cui, CEO of Red Balloon Security
The field of cybersecurity does not stop growing, but the demand for talent is already exceeding the supply that exists in some markets. Several factors feed this gap: the industry grows faster than educational programs that are capable of generating new professional profiles, and the industry itself is perceived as a sector that is difficult to access.
For this reason, Red Balloon has designed these tests for hackers so unorthodox, who try to squeeze the maximum potential from their aspirants and thus be able to choose between the people who meet the necessary skill requirements to be able to work in the company, according to the CEO and founder of the same, Ang Cui.
“We are a small company looking for a very specific professional role, and we don’t have the capacity to massively review resumes,” adds Cui.
Founded in 2011, Red Balloon specializes in security for the internet of things (IoT). The company focuses on protecting connected devices from cybercriminals trying to access a wide range of products; from printers and security cameras to smart speakers like Amazon’s Alexa.
The company’s business is focused on security consulting for large technology companies and public administrations. It licenses its own technology to secure the services and firmware of its clients. Some of his clients have been Siemens or Nautilus Hyosung, and he has already led an investigation initiative of the US Department of Homeland Security. Red Balloon raised about $ 22 million in a Series A round in 2018, according to Crunchbase.
Due to the nature of its business, Red Balloon faces the same dilemma every time it opens a selection process, very common in the industry: His area of specialization involves new technologies, so there is no consolidated university degree or training career that can feed this demand for talent. Cui noted that the technical test has been designed to select personnel who have the ability to be self-taught and solve problems that they had not faced until now.
“We are one of the few companies in the world that do this, beyond several intelligence agencies,” acknowledges Cui. “This is not something they teach you in college.”
The box that applicants to work at Red Balloon receive
The test itself is relatively straightforward. With the instructions included in the note, applicants can discover how to make changes to the hard drive that would be permanent and invisible to other users accessing the same computer. This is something that was perceived as impossible in the hacking community, until the Russian firm Kaspersky demonstrated in 2015 that these actions could be carried out.
Red Balloon is very generous with the materials it sends out for testing. Almost everyone who applies for a position receives it, Cui advances. At the moment, the ratio of tests passed by all those sent does not exceed 1%. Additionally, the firm periodically changes parts of the challenge so that winners cannot share their discoveries online. The New York company has 29 workers, 6 of whom joined last year.
“If I send 150 or 200 hard drives, I will get a new worker”, says the founder of the firm. “It is a worthwhile investment.”