This startup mails job applicants an encrypted hard drive with Bitcoin on it as a test of their hacking skills because good cybersecurity talent is so hard to find

Ang Cui

Summary List Placement

The box arrives in the mail containing a hard drive, an adapter, a cryptic note, and several cartons of Nerds candy.

“Hello Comrade!” the type-written note reads. “Welcome to your quest!”

Recipients are informed that locked inside the hard drive is 0.1337 Bitcoin — worth roughly $4,680 at the time of writing — along with a set of GPS coordinates. (The very specific amount of Bitcoin is an in-joke: a tongue-in-cheek reference to “1337,” hacker-speak for “leet,” itself short for “elite.”)  

If the recipient can crack the hard drive’s encryption and claim the cryptocurrency, they’re instructed to use their winnings to purchase a ticket to New York City to meet the box’s sender at the location provided.

It may sound like a plot device from a spy novel, but the package is in fact a technical interview for a job as a cybersecurity researcher at Red Balloon Security. The test is meant to identify job candidates with the skills and passion that align with the job requirements — and it shows the creative lengths security firms will go to in order to find talent that matches the niche skill set their positions demand.

Red Balloon hacker test

The field of cybersecurity is only growing, but demand for talent is rapidly outstripping supply. Contributing to that talent gap are many factors: The field is growing faster than higher education programs can train new specialists, even as the cybersecurity industry itself is perceived as niche and hard to break into.

Red Balloon designed its unorthodox hacker test to both entice potential applicants with the challenge, while also selecting for people with the skills necessary to work there, founder and CEO Ang Cui told Business Insider.

“We’re a small company, we’re looking for a very niche type of security person, and we don’t have the massive amount of human energy to waste on screening through every single resume,” Cui aid.  

Founded by Cui in 2011, Red Balloon specializes in internet-of-things security, also known as embedded systems security. The firm focuses protecting against hackers trying to break into internet-connected devices ranging from printers and security cameras to Amazon Alexa-powered speakers and cribs.

The firm’s business hinges on security consulting for large tech companies and public sector clients, and it licenses its own own technology to secure clients’ firmware. Its past customers include Siemens and the ATM maker Nautilus Hyosung, and it previously led a Department of Homeland Security-funded research initiative. Red Balloon raised $21.9 million in Series A funding in 2018, according to Crunchbase.

Because of its narrow focus, the firm faces a recruiting dilemma that’s common in cybersecurity: its area of specialization involves brand-new technology, so there’s no single established education or career pipeline feeding a distinct talent pool. Cui said the technical test is designed to select for people with hacking know-how who can teach themselves how to solve a problem they’ve likely never encountered before.

“We’re one of the few companies in the world that do this, outside of various intelligence agencies,” Cui said. “This is not something that schools teach.”

Red Balloon

The test itself is deceptively simple. With sparse instructions included in the typewritten note, applicants are guided to make changes to the hard drive that would be permanent and invisible to others who access its operating system — a feat that was long believed to be impossible in the hacker community until the Russian cybersecurity firm Kaspersky published findings documenting such an execution in the wild in 2015.

Red Balloon is generous with its test materials, sending them out to almost everyone who applies, according to Cui. So far, the solve rate for the hacker test is around 1%, he said, adding that Red Balloon regularly changes parts of the test to make sure applicants can’t share their work online. The New York-based company has 29 employees, six of whom have joined in the past year.

“If I send out 150 to 200 pounds of hard drives, I will typically get back one human team member,” Cui said. “It’s a worthy investment.”

Join the conversation about this story »

NOW WATCH: This incredible animation shows how deep the ocean really is

Related Articles

See the pitch deck that landed startup Lacework $525 million in the largest investment round for a cybersecurity company in the last year

Summary List PlacementHow do you convince investors to give a startup $525 million? 
“You have to have a lot of proof points,” Lacework CEO Dan Hubbard told Insider, after his Silicon Valley startup raked in a half-billion-dollar round after previously raising a total of $74.4 million. 
The six-year-old Silicon Valley company addresses the booming area of providing cybersecurity to companies growing and moving their operations to public cloud providers like Amazon Web Services or Microsoft Azure.
Perhaps the most important proof point is the total addressable market (TAM) that Lacework is tackling – a figure that gauges revenue opportunity – is climbing 20% year over year and reaching $13 billion in 2024. Analysts back that up.
Analyst Daniel Ives, managing director of equity research at Wall Street analyst firm Wedbush Securities, told Insider on Friday that “there’s $200 billion up for grabs in the next five years in cloud security.”
“We have the right product in the right market at the right time,” Hubbard told Insider last week. “The problem has come to us.” 
The company says it has seen revenue triple each of the past two years as more businesses build and run applications on the major cloud platforms. The company did not disclose revenue or specific valuation, but says the latter is above $1 billion. 
PitchBook shows the funding round was the largest in the cybersecurity industry for the past year, and the 22nd largest in all US industries over that span. 
It could have been even larger, Hubbard said. “There was an incredible amount of interest. There are going to be some people who feel left out.” 
Mike Speiser, managing director at Sutter Hill Ventures, compared the startup to his firm’s runaway success investment Snowflake, which has rocketed to a market cap of some $76 billion after its September IPO. 
Here’s the pitch deck Lacework used to land the mammoth funding round. Some slides with customer and competitive data have been removed by the company to protect proprietary information.


Your email address will not be published. Required fields are marked *

Receive the latest news

Subscribe To Our Weekly Newsletter

Get notified about chronicles from TreatMyBrand directly in your inbox