Equitable management of cybersecurity workforce meal-related debts with questionable integrity protections

By Jeff Spielberg | April 1, 2021


For the modern cybersecurity workforce, there is oftentimes nothing more important than a satisfying meal. While COVID-19 has meant that most employees are working from home, we address some important issues for employees who may be returning to offices soon – and will need satiation.

Some offices, including many lab spaces, may have few ideal local lunch options. While a trip to a local artisan food establishment may be a welcome distraction from a long day of reverse engineering, the time spent going back and forth to pick up meals may be considered a distraction to some. Thus, often one person may pick up meal for several employees. However, the protection of the purchasing employee’s monetary outlay is critical.

In this article, we outline a time-tested method for managing meal-related debts that has a relative level of integrity protections. This system (colloquially known as Jimmy John’s eXchange Rate (JJXR) or “marbles”) is an effective method at allowing a small to medium sized cybersecurity workforce effectively pool their time and resources to obtain lunch while avoiding inter-employee conflict over lunch debts.

Goals and Early Design

When designing a meal-related debt tracking system for our workforce, our goals included:

  • Make it equitable: Everyone should feel that the system is relatively fair and advantageous to them to use.
  • Make it easy: The system cannot be cumbersome – otherwise other less favorable or equitable methods may be used.
  • Make it trustworthy: The system must be able to be trusted to a degree that anyone feels safe entrusting some level of money in the system (on the order of $10-$50 or so)
  • Encourages comradery: Any system should encourage, not discourage, the team to have lunch together

Given the constraints, the physical JJXR tracking system was chosen over another electronic method. While there are apps galore for this sort of work, it did not appear that software had any significant advantages for this use case. Another key consideration includes location – the system must be fairly centrally located and visible to all employees to be used often and maintain its integrity protections.

While early design was on a whiteboard, this was quickly transitioned to a more robust design. The key element is facilitating indications of when one employee pays for lunch for another. This assumes that all lunches are within a reasonable cost of another. For example, an $11 Chipotle bowl and $12 Pho are close enough that both are considered the same from a tracking perspective. This is an important distinction – this system does not allow for exact (to the dollar and cents) tracking of debts. Rather, it allows a tracking of relative money owed from one employee to another.

How it works

The system works as follows – every employee is issued a tube within the JJXR unit. The tube is labeled in some form (Sharpie or otherwise) with the employee initials or another identifying marker. There are two reserved tubes: green and red. The green tube contains a large set of green marbles. Conversely, the red tube contains a large set of red marbles. These two reserved tubes are used purely for storage purposes and have no monetary value or other purpose.

On any given day, there are generally a handful of employees who do not bring lunch from home and must purchase lunch. The employees must first choose where to buy lunch. As noted above, assuming all lunches are within about $10-15, one person orders and pays for lunch, and either that person or another one picks it up (the person performing pickup is assumed to have no impact on outcomes). Accounting is performed as follows:

  • For each meal purchased by the purchaser for another employee, the purchaser receives one green marble
  • For each meal purchased for an employee by someone else, the employee receives a red marble

Employees should never have marbles of two different colors in their tube at the same time. Since in this system one red marble equals the inverse of a green marble, an employee may, for example, remove a red marble from their tube instead of receiving a green marble when they buy a meal for someone else.

Data integrity protections Key to this system is the fact that there is relative data integrity and therefore the system can be trusted by all employees. Data integrity comes from several facets of the design:

  1. The unit is placed in a central location in the office where it is visible both from lunch spots as well as desks. This makes tampering difficult. For example, any manipulation outside of lunch hours would be viewed as suspicious.
  2. There are always multiple parties involved in the direct exchange of marbles. The lunch purchaser, when receiving their green marbles, is aware that for each green they receive, the same number of red marbles are issued to others.
  3. Tubes are clear and visible and thus any wide-scale tampering (e.g., and employee who rarely buys lunch buy it seen with many green marbles) would be viewed suspiciously.
  4. Any employee who is not permanently based in a given office may not maintain a debt (red marbles) beyond the time of their visit to an office, leaving no long-term idle tubes.

In the next section, we provide suggestions for future research and improvement – since like even in the best cryptographic systems, there are weaknesses in every implementation.

Future research

While this system has proven to help employee engagement and fairness when it comes to lunch ordering and repayment, our team has some recommendations for future research and improvements, including:

  • Robotic mechanization: Manual exchange of marbles can be tiresome. Further, when dropped on a concrete lab floor, they may make loud sounds and roll a long distance. Mechanization may provide a more reliable way to transfer marbles between tubes.
  • Tokenization or blockchainization: No explanation needed on this one.
  • Name collisions: With a growing team, we now find ourselves with several near-collisions on names as well as repeats of initials. As such, writing letters on a tube may be inevasible as the team grows. The use of custom printed tubes or a label maker may improve this process.
  • Future use cases: We imagine a well implemented system of this sort may help with other aspects of intra-office decision making including where to each lunch and facilitating actual repayment of debts.