Google’s Security Princess
By: Alice Marshall
Parisa Tabriz is Google’s Security Princess. Yes, that’s her actual title — she likes it better than “Information Security Engineer.” Her job is to hack Google Chrome, and she heads a team of over 30 hackers in the US and Europe handling security threats to Chrome and other parts of Google. As Elle Magazine put it, “she gets paid to think like a criminal, to suss out weaknesses in Google Chrome — the world’s most-used internet browser — that could be exploited — then ensure that they’re fixed before that can happen.” Her work protects millions of people around the world from identity theft. She’s been featured in WIRED magazine, Forbes, and has helped enhance network and software security at the White House.
One of the remarkable things about her story is that she “didn’t touch computers up until college.” (Elle) What she had instead of experience with computers, though, was curiosity and determination. She’s a master of self-teaching. While studying engineering in college, she taught herself web design using the web design service Angelfire. She didn’t like the banner ads that Angelfire put on her pages, so she hacked Angelfire and found a way to get rid of the ads. Angelfire would then update itself so that her fixes wouldn’t work, and she’d have to find a new way to block the ads. That challenge is how she got into computer security. Then, when one of her sites got hacked, her curiosity about why it happened inspired her to join a student website security group, where the members taught and learned from each other. She soon got a summer internship with Google’s core security team, joined Google full-time in 2007, and the rest is history.
In addition to being amazing at her job, she’s also a big advocate for more gender equality and diversity in tech. Here’s #GETBlog’s interview with Parisa.
What’s the most awesome experience you’ve had working in tech?
Picking a most awesome experience is impossible, but one really memorable experience I had was outside of the office last summer. A group of my security teammates and I visited a Girl Scout camp at the University of San Bernardino and spent 2 days teaching girls about the basics of web hacking and cryptography with lots of hands-on activities. Kids have no filter and a short attention span, so it’s one of the most challenging audiences to teach, but it’s also one of the most rewarding. A lot of the girls were eager to learn, quick to pick up the topics, and gave my colleagues and I some fresh perspective on what the next generation cares about when it comes to security and privacy online. A lot of exercises we used we’ve made publicly available at http://infosec.rocks.
What was the moment that you knew you wanted to study computer science?
I’ll be honest, I never had a moment of epiphany. I’ve always wanted to study lots of things, and I still do. I taught myself the basics of HTML and Javascript in college to make a personal website, and at some point, I realized that learning how to code, and then learning more about computers, would mean I could do other things — like create art or automate boring tasks — faster and more efficiently. Studying computer science actually seemed like something that could open a lot more doors because technology is becoming such an integral part of society, and that’s what attracted me to it.
What’s the coolest thing you’ve built/constructed/deconstructed?
Chrome is the software project I’m most proud of, and my team and I have had a role in both adding and breaking (or hacking) different Chrome features, all with the end goal of making them more robust and secure from attackers. Chrome is many millions of lines of C++ code, most of which are security critical. The code is constantly being changed and updated by hundreds of developers around the world, and a web browser has to render a lot of different input formats and support both legacy and cutting-edge web features. That’s a lot of software complexity! Trying to keep over a billion Chrome users safe with all of that going on is pretty cool.
If you had one piece of career advice for yourself at 20, what would it be?
I’d tell myself to not feel so much pressure to, “have it all figured out.” Thinking about, “my career,” is still intimidating and feels limiting since there are so many things I’m interested in outside of just my current job and software security.
I’d also remind myself that it takes time and investment to get better at anything, and usually some frustration, but that’s what learning feels like! I remember feeling very intimidated by other people that had more coding experience than me because I got a relatively late start, but some of that fear goes away if you optimize for learning instead of just optimizing for success.
What are some of the most interesting things happening right now to improve gender equality in tech, in your opinion?
It’s encouraging to see large tech companies share their employee diversity statistics. All of the stats are pretty dismal, but sharing the data has prompted more public discourse on the topic, and it also gives companies a baseline to improve upon and some accountability to the public eye to do so.
Get our weekly blog updates here. Follow us on Twitter using the #GETBlog hashtag.
