In the Security Division (and at G-Research in general), we like to bring in skilled individuals at any point in their careers, and are very enthusiastic about partnering with universities. So after some University Open Day visits, including presentations by one of our current interns, we found ourselves with 324 intern applications, which was quite a lot more than we were expecting. In the past, we’ve asked for the most promising candidates to come for interview – interviews are a great way of meeting one-to-one, but the approach doesn’t scale. It can also be difficult to compare candidates across different interviewers and across different times of the day. Not all intern candidates are used to the interview process, either, so they can find it a bit off-putting. And to be honest, even the management team can find interviewing a couple of dozen candidates over a couple of days to be a challenge. So we decided to take the most promising 24 and run an assessment day.
Our Events Manager found us a great off-site venue, and we arranged for our willing victims to be with us reasonably close to first thing in the morning. After a round of greetings and NDA-signing, I gave a bit of background on the FinTech environment from a security perspective, what we have to achieve security-wise, and what it’s like to be an intern at G-Research. The interns were given a technical test, and after lunch, the fun began.
We had a scenario planned, which we called ‘A Bad Day at the Office’. The candidates were split into four teams of six, each with a manager and a current intern as observers. We explained that each team was the Security Division for a FinTech company, and that the aim of the exercise was to maintain the security of the organisation, manage any incidents, and respond to customer requests in a timely manner. The request tickets started to arrive and the teams got into the swing of checking privileges, granting access and trouble-shooting problems, all in line with the expected Service Levels. Then security events started to happen. The log files showed that the firewall was under attack, evidence came in of a potential data breach, and there were multiple tickets from users complaining that their access cards weren’t working. The managers and interns promptly forgot that they were observers and not competitors, and joined in the battle. Then things got worse with fake policemen trying to get into the office, physical camera failures, and a ransomware attack. Finally, it was revealed that the CEO’s daughter had been kidnapped. Everything was linked so there were lots of opportunities for collaboration, comparing notes, and technical detective work.
After they had weathered the storm for a couple of hours, and fixed as much as possible, they were asked to prepare a presentation to the CEO (i.e. me, in full ‘Alan Sugar’ mode) as to what had happened.
It gave us a really good view of all 24 potential interns in a single day, which is much more efficient and scalable than a series of interviews. The students were in a much more natural environment, and even the most introverted and reticent of them had a chance to shine without having the spotlight of a formal interview. The feedback from the undergrads, interns and managers was very positive. The students said it was “Brilliant, really stressful, but really exciting”, and “The best, most unique assessment day they’d ever had”, which is all we could have hoped for. The managers really enjoyed it, and had a great chance to evaluate which candidates would work well with their existing teams. The existing interns ended up acting as impromptu team leaders, which was great experience for them. And for the candidates, it was a masterclass in security management from some of the most talented managers in the industry.
We’re pretty enthusiastic about this whole approach now, and would like to run a broader version of it in 2018. Although my idea for a scenario based around a Zombie Apocalypse was pretty comprehensively outvoted.
Paul Jennings – Head of Information Security