Non-technical challenges

Below are the details of the Data Analysis stage of the selection process to become a part of Fluid Attacks.

The goal of this stage is to determine your ability to

  • discard irrelevant data;

  • identify relevant data;

  • complete incomplete data;

  • interpret the meaning of the data;

  • group data;

  • obtain metrics from raw data;

  • create graphs to present data;

  • draw conclusions based on the data;

  • identify concrete actions based on the conclusions;

  • ask new questions based on this process;

  • iterate this process several times until you determine that you are satisfied.

To determine these skills you will be given the findings or vulnerabilities found by Fluid Attacks in recent months. These will be delivered in a spreadsheet with all confidential data redacted from it. It is possible that the sheet may contain incomplete, irrelevant and inconsistent data, however, please proceed as you see fit in order to meet the objective.

You must take this spreadsheet and build a presentation (not a document) with slides (not pages) and deliver it in a PDF format (not PPTX). The presentation must contain a brief introduction (no more than 2 slides) and one graph per slide, analyzing the data in the dimensions and combinations that you consider relevant. The aim is that an executive from an information security company such as Fluid Attacks can make strategic decisions that improve the implementation of the company's mission in our society: "Find all existing vulnerabilities and report them as soon as possible."

The spreadsheet can be found in this file.

For each graph, you must draw one conclusion and suggest a corresponding concrete managerial action, that you believe Fluid Attacks should implement. At the end of the presentation, conclusions and general recommendations are expected, but please make sure these are different from those already mentioned on the previous slides (don't repeat, do group, do summarize). The number of slides and graphs is unlimited, you can choose to have 10 slides with 10 graphs or 100 slides with 100 graphs. What matters is that each graph is relevant and provides important information for management. If possible, and to minimize the number of graphs and maximize the number of variables, please use

  • stacked bars;

  • data in the X and Y axes;

  • box plots;

  • Pareto charts;

  • an "others" category to ignore all irrelevant categories.

Many of the graphs can be made for the entire period in order to draw global conclusions. One possibility is to make metrics or graphs that show the evolution of certain variables over time. These graphs are of great interest and importance since this set of data doesn't show this company as a static company that moves in annual units, but one that moves in monthly or quarterly units and evolves gradually. Consider combining these graphs with stacked bars. This type of graph can give a lot of relevant information.

You may ask all questions you consider necessary by sending us an email at [email protected]. All questions which are already answered in the material we provided will be quietly ignored. Questions regarding ideas or expected solutions will also be ignored. Questions that we consider necessary to give clarity to the exercise will be answered to you and to all other participants.

This document must be delivered via email ([email protected]) in no more than 7 calendar days after completing the previous stage. You may ask for a deadline extension if you send your progress and partial results and request it within 2 days of the deadline. Failure to meet this deadline will result in the termination of the application process.

The data that is given to you is confidential and, therefore, both the report you create and the information shared must only be analyzed and processed by you. In the same manner, it is expected that the report be made only by you and is 100% of your authorship. If you feel that you need help from other people to perform this task, this is a clue that the current needs of Fluid Attacks do not fit your current profile. This type of activity is the basis of the project and team management philosophy in Fluid Attacks (management based on data and metrics), effectively making this activity no more than a simulation of what your everyday tasks would be.

If you stated in your application that you are a fluent English speaker by checking the "Yes" box, the report must be submitted in English.

All data given to candidates in the selection process is the same, however, for security purposes and to control the leakage of information, we have changed some data specific to each candidate in order to identify the origin of a data leak in case there is one.

We kindly ask that if you consider you are no longer interested in continuing with the selection process, please explicitly notify us of your decision via email, so that we can minimize the time spent managing candidates.

The reports submitted by all the candidates will be compared with the master report that is carried out internally by the company, as well as with each other.

Higher points will be rewarded to those candidates who require fewer days for its completion and conclude the best actions and recommendations for the company, as well as integrate the greatest number of variables in easily understandable graphs.

We look forward to receiving an email with your report.

Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.