Staff Software Engineer · Google Chrome
“To be frank, I became a software engineer by accident. I first became interested in computing in high school. I went to a science and tech high school High Technology High School. I liked working with computers. I didn’t have a concept of what software engineering was, but I knew that I liked playing around with computers.”
“I went on to study Computer Science at the University of Virginia. I originally wanted to be a pilot, so I studied Aerospace engineering. I took a Computer Science class as a requirement and really enjoyed it. I did well on an exam and my professor David Evans left a note on my exam asking if I’d like to do summer research on security in his security research lab Jefferson’s Wheel. He reached out to me. I didn’t have anything else to do that summer and I enjoyed the class, so I dove in. UVA has an amazing track record of getting undergraduates involved in research. Having that help as an access point was really meaningful to me.”
“I was inspired to learn more about security and went to UC Berkeley for my PhD in Computer Security as part of the Security Research Group. My dissertation was on permissions systems on platforms like Android and Facebook. Instead of following the Windows model where all apps get all privileges (like access to your contacts), app developers choose a narrow set of permissions. I studied whether these new permissions systems benefit security in terms of usable security or systems security. One potential benefit is that permissions can help people get more control or understanding of what applications can do. I wanted to know whether they were understandable or usable controls. From a systems security perspective, the fact that an app only has a subset of permissions means that there is a bound on the damage that can be done with a compromised app. I found that Android permissions were not very well understood by people, but the permissions model was still useful as a tool for restricting the damage that rogue apps can do. Subsequently, I’ve seen a significant improvement in the way that Android requests permissions that help with the usability of permissions.”
“Now, at Google I build usable security for Chrome. Chrome has added a lot of powerful APIs that are making the web more powerful and customizable, similar to native apps. Like my dissertation research, we’ve been trying to learn from native permission systems how to build something that’s both user-friendly and developer-friendly.”
“My main project now is HTTPS adoption. I’m helping developers to adopt HTTPS and also help explain the benefits of HTTPS to end users. When you visit a website on HTTP, anyone on the network — for example, someone on the same wifi hotspot, or your ISP — has the ability to spy on any information transmitted, and also the ability to modify the website. There is no protection. HTTPS, however, provides privacy and integrity so that people sharing the connection can’t see or modify the content. Most people are surprised to learn that their information isn’t always private in transit. They expect internet browsing to be private. HTTPS gives them that privacy, but websites have to adopt it in order for them to be able to use it.”
“Chrome has new security indicators that are rolling out. They explain different security states with new iconography and text. It’s the result of 2 years of cross-team collaboration, user research, and engineering work. I’m excited about it because it represents a big step forward in how Chrome communicates security info to end users.”
“When handling a difficult challenge, I have a rule that I’m allowed to spend 10 minutes panicking but I’m not allowed to send any email. Once it’s over I have to find something productive to do. I also try hard to see others’ perspectives. We are all working together with the same end goals, we just may have different ideas of how to get there.”
“Gumption is the most important skill you can have. If you have self drive and an ability work independently, you can teach yourself technical skills, communication skills, or whatever else you need to learn. The important thing is that you have the drive to do it and stick to it.
“When I was younger, I benefited from a lot of people who were more senior than me providing mentorship. Now that I’m more senior I try to remember to offer a helping hand to people that I work with, even if I feel busy.”
