How to hire cryptographers
Need help securing IT and computer systems through algorithms, ciphers, and encryption? Or are you trying to decrypt a secure file to access its contents? Cryptographers are here to help.
So how do you hire cryptographers? What follows are some tips for finding top cryptography consultants on Upwork.
How to shortlist cryptography professionals
As you’re browsing available cryptography consultants, it can be helpful to develop a shortlist of the professionals you may want to interview. You can screen profiles on criteria such as:
- Technology fit. You want a cryptographer who understands the technologies behind the IT or computer system you wish to encrypt or decrypt.
- Project experience. Screen candidate profiles for specific skills and experience (e.g., securing blockchain transactions with cryptographic hash functions in your supply chain management system).
- Feedback. Check reviews from past clients for glowing testimonials or red flags that can tell you what it’s like to work with a particular cryptographer.
How to write an effective cryptography job post
With a clear picture of your ideal cryptographer in mind, it’s time to write that job post. Although you don’t need a full job description as you would when hiring an employee, aim to provide enough detail for a contractor to know if they’re the right fit for the project.
Job post title
Create a simple title that describes exactly what you’re looking for. The idea is to target the keywords that your ideal candidate is likely to type into a job search bar to find your project. Here are some sample cryptographer job post titles:
- Cybersecurity consultant experienced encrypting/decrypting files with AES
- Seeking a blockchain cryptography expert to help implement a smart contract system with Hyperledger
- Need an ethical hacker to decrypt IT systems infected by ransomware
It’s worth noting that you will rarely find freelancers branding themselves as cryptographers. Based on your cryptography needs, your title should be more specific and target the type of professional who is relevant to your job post.
Cryptography project description
An effective cryptography job post should include:
- Scope of work: From recovering locked files to beefing up security with encryption, list all the deliverables you’ll need.
- Project length: Your job post should indicate whether this is a smaller or larger project.
- Background: If you prefer experience with certain industries, technologies, and cryptography specializations, mention this here.
- Budget: Set a budget and note your preference for hourly rates vs. fixed-price contracts.
Here are some examples of cryptographer job responsibilities:
- Identify and patch weaknesses in existing cryptography-based security systems
- Design and implement technology-specific encryption solutions (e.g., cryptographic hash functions for blockchain implementations)
- Create a cybersecurity plan for following encryption/decryption best practices
Cryptographer requirements and qualifications
Be sure to include any requirements and qualifications you’re looking for in a cryptographer. Here are some examples:
- Mathematical/statistical analysis
- A working knowledge of algorithms, ciphers, and encryption technologies
- Platform-specific experience with the computer and IT systems of your project (e.g., AWS cloud infrastructure)
What is cryptography?
Cryptography is the study of information and communication security techniques. While the practice of securing communications through coded messages is nothing new, today’s cryptographers leverage computer science and mathematical concepts to encrypt and decrypt information. Cryptography plays a major role in securing communications between IT infrastructure, computer systems, and software. It’s also one of the foundational technologies behind blockchain, a distributed ledger system that secures its transactions through cryptographic hash functions.
How much does it cost to hire a cryptographer?
The first step to determining the cost to hire a cryptographer will be to define your needs. Rates can vary due to many factors, including expertise and experience, location, and market conditions.
Cost factor #1: project scope
The first variable to consider when determining scope is the nature of the work that needs to be completed. Not all cryptography projects are created equal. Setting up basic encryption keys to handle authentication within a mobile app will typically take less time than creating your cryptographic system for a new blockchain technology.
Tip: The more accurately your job description describes the scope of your project, the easier it will be for talent to give you accurate cost estimates and proposals.
Cost factor #2: cryptography experience
Choosing the right level of expertise for the job is closely tied to how well you determined the scope of your project. You wouldn’t need an advanced cryptographer to leverage an existing blockchain technology such as Ethereum to set up a single smart contract. On the other hand, decrypting your company’s files after a ransomware attack will require an expert ethical hacker.
Beyond experience level, you need to consider the type of experience the talent possesses. The following table breaks down the rates of the typical types of cryptographers you can find on Upwork.
Rates charged by cryptographers on Upwork
Types of Cryptographers
Leverages ciphers, algorithms, and encryption solutions to secure communications between IT infrastructure, software, and devices.
Leverages cryptography to design and implement blockchain solutions such as cryptocurrencies, smart contracts, and smart supply chains.
Leverages cryptography to decrypt files, recover lost data, or harden security systems through security testing.
Cost factor #3: location
Location is another variable that can impact a cryptographer’s cost. It’s no secret that you can leverage differences in purchasing power between countries to gain savings on talent. But it’s also important to factor in hidden costs such as language barriers, time zones, and the logistics of managing a remote team. The real advantage to sourcing talent remotely on Upwork is the ability to scan a global talent pool for the best possible person for the job. Location is no longer an obstacle.
Cost factor #4: independent contractor vs. agency
The final variable regarding talent cost is hiring an independent contractor vs. an agency. An agency is often a “one size fits all” model, so you’ll often have access to a designer, a project manager, an engineer, and more. When hiring individuals you have total autonomy regarding who is responsible for which part of the project, but you’ll need to source each of those skills separately.
The trade-off between hiring individuals vs. hiring an agency is the level of administrative overhead you incur personally in coordinating tasks among all members of the team. Project scope and personal preference will determine which style is a better fit for your needs.
Cryptography Tips and Best Practices
Encrypt sensitive information in transit
Sensitive data such as personally identifiable information (PII), transactions, and trade secrets should be safeguarded by encryption whenever possible. When information is in transit, such as through API gateways between apps via transport protocols (e.g., HTTP), an encryption protocol such as TLS (transport layer security) should be used.
Consider end-to-end encryption (E2EE)
As important as it is to secure information in transit, it’s also important to consider mapping your entire encryption strategy to cover all points across an encryption path including the endpoints.
Cryptographic keys used to encrypt messages and are stored exclusively at the endpoints. Normally a file can only be decrypted if it can obtain the public key of the other endpoint. However, it’s possible to perform a man-in-the-middle attack in which the decoding key is intercepted in transit to the other player.
The solution is to use public and private keys to ensure two parties are able to exchange keys with each other without exposing the keys to malicious third parties. If you encrypt a message with your public key, only someone with a matching private key can decrypt it.
The recipient shares their public key with you to allow you to send an encrypted message to them. This is done to identify both parties. There are many types of E2EE, each with its own weaknesses and strengths, using this concept of public and private key pairs to verify the identity of the other side of a transaction.
Determine if decentralized E2EE is preferred
There are many aspects of business and industry that ultimately boil down to transactions in a ledger. Sometimes those transactions are financial; other times the transactions are the transfer of information between two parties. With the advent of the blockchain, security specialists have begun to explore its applications to encryption protocols.
Conventional E2EE messaging apps rely on centralized systems to handle the identity validation of senders and receivers in encrypted transactions. The public key serves as the encryption key and is published to a trusted centralized authority to allow others to send encrypted messages to the owner of the public key. From the perspective of a sender, ownership of the public key is verified by this trusted centralized authority. The centralized authority is responsible for preventing a man in the middle from masquerading as the owner of the public key. But what happens if something about the nature of your data means you can’t trust a third-party centralized authority?
You can use a blockchain, a distributed ledger technology (DLT), to ensure information transactions are validated for both senders and receivers. Combine DLT with encryption and you get a decentralized public key infrastructure (DPKI). Here’s how it works:
- Digital signatures consist of two keys: a signing key (private key) and a verification key (public key).
- Digital signatures for information transactions are recorded on a blockchain as pairs.
- Anyone can write to the blockchain, which uses cryptography to make it computationally infeasible to alter.
- Since the blockchain of information transactions is immutable, and everyone has a copy of the blockchain, it becomes computationally infeasible to commit fraud.
In this way it’s possible to enhance the security of your encryption scheme by relying on the cryptography and transparency of a blockchain to add another layer of security to your encryption.