You usually don’t think about Google or Yahoo needing a front line defense, but naturally, the bigger you are, the more the hackers want to attack. So Google has one of the top white hat hackers working to stop those ‘black hatters’ before they can enter the kingdom and do real damage. Sony couldn’t do it, but the big G has been able to with the help of this very security conscious woman.
In fairy tales, it’s usually the princess that needs protecting. At Google’s headquarters in Silicon Valley, the princess is the one defending the castle.
Meet Parisa Tabriz, the 31-year-old with perhaps the most enchanted job title in engineering — “Google Security Princess.”
Her job is to hack into the most popular web browser on the planet, trying to find flaws in the system before the “black hats” do.
Out-hacking the hackers
Indeed, much like the good and bad witches of the Wizard of Oz, hackers are described as having “white” or “black” hats. To defeat Google’s attackers, Tabriz must firstly think like them.
In this cyberspace battle, the data of around a billion Chrome users hangs in the balance — and Tabriz wasn’t going to settle for any old moniker.
“When I started, my official job title was ‘Information Security Engineer,’ which I thought was a bit boring and not really meaningful,” said the Iranian-Polish-American, speaking a million miles an hour over the phone from Google HQ.
“So I changed it to ‘Security Princess’ as more of a tongue-in-cheek thing. I’ve never been exceptionally girly or fit the stereotype of a princess, so it was a bit ironic for me to go by that name — and then it stuck!”
Tabriz’s role has evolved dramatically in the eight years since she first started working at Google. Back then, the young graduate from Illinois University was one of 50 security engineers — today there are over 500.
“Our users include presidents of foreign countries — I hope Obama uses Chrome too. It includes really highly-targeted individuals, political dissidents, journalists, and people who just want to casually use the internet,” she said.
“Google depends on those users trusting us with their data. So if we can’t protect it, we have no business.”
Bits of crime
Cybercrime has come a long way in the past decade — from the cliched Nigerian Prince Scam to credit card theft, and suspected government surveillance over emails.
Tabriz’s biggest concern now is the people who find bugs in Google’s software, and sell the information to governments or criminals.
To combat this, the company has set up a Vulnerability Rewards Program, paying anywhere from $100 to $20,000 for reported glitches.
“What we’ve seen in the last couple of years is what we suspect to be governments trying to intercept communications,” said Tabriz. “In one case, there were Iranian-region Gmail users whose connection was being intercepted.”
“These incidents are especially scary since they seem to be carried out by large, well-funded organizations or governments,” she added.
It’s a world away from Tabriz’s computer-free childhhod home in Chicago. The daughter of an Iranian-American doctor father, and Polish-American nurse mother, Tabriz had little contact with computers until she started studying engineering at college.
Gaze across a line-up of Google security staff today and you’ll find women like Tabriz are few and far between — though in the last few years she has hired more female tech whizzes.
She admits there’s an obvious gender imbalance in Silicon Valley, but for once is stumped on the fault.
“Clearly the numbers make you think ‘what is the problem that there aren’t more women working in security, that there aren’t more women working in technology?” she said.
“And it does make me think what is the problem here? Is it the culture or the atmosphere?”
Thinking outside the screen
Funnily enough, during training sessions Tabriz first asks new recruits to hack not a computer, but a vending machine.
“There’s this idea that you need to be a super genius computer geek to be a hacker. But in reality, I think anybody can be a hacker in the real world — just think of all the non-software examples,” said Tabriz.
“A lot of people ask me what’s the best answer I’ve been given to the vending machine problem, and the real answer is there is none. Some people think about how they’d steal their favorite snack; some people figure out how to steal the entire machine of snacks; and some people figure out how they could add some sort of functionality to the machine that wasn’t there before”
Tabriz’s job is as much about technological know-how, as understanding the psychology of attackers.
“Anybody who’s working in defense — police officers, security, or law enforcement — has to stop and think ‘what is the enemy or the attacker going to do?'” she said.
“Because you always want to stay one step ahead of them.”