Google's top secret weapon – a hacker they call their Security Princess
Paid to attack her employer, Parisa Tabriz is a white-hat hacker on the front line in the fight against the Internet 'bad guys'
She is Google's top secret weapon, charged with guarding the world's most
valuable brand.
Parisa Tabriz is the company's card up the sleeve – a young professional
hacker they call their "Security Princess".
As a white-hat hacker, the Iranian-American is paid to attack her own employer
so the "bad guys", known as the black hats, do not get there
first.
Her task is to protect the nearly one billion users of Google Chrome – the
most-used Internet browser on the planet.
Miss Tabriz, 31, is something of an anomaly in Silicon Valley. Not only is she
a woman – a gender hugely under-represented in the booming tech industry –
but she is a boss heading up a mostly male team of 30 experts in the US and
Europe.
As such she has the power to choose her own title – and "Security Princess" is on her business card. She came up with it while attending a conference in Tokyo: "I knew I'd have to hand out my card and I thought Information Security Engineer sounded so boring. Guys in the industry all take it so seriously, so security princess felt suitably whimsical."
Earlier this year, Google became the first in the Valley to publish figures on the diversity of its workforce. They revealed just 30 out of every 100 staff members are female.
"Fifty years ago there were similar percentages of women in medicine and law, now thankfully that's shifted," Miss Tabriz says.
"Technology is one of the fastest-growing fields, but in that respect it has a lot of catching up to do."
While she says she has never encountered overt sexism at Google since she joined in 2007, when she was offered the job while still at college a male fellow student told her: 'you know you only got it cos you're a girl.' "He said it to my face, but I'm sure a lot of others were thinking it.
"The jerks are the ones that tend to be the most insecure, but that didn't stop me worrying he might be right," she says, dressed head-to-toe in black – the only colour she ever wears.
Parisa Tabriz on the Google campus in Mountain View (Tim Hussin/The Telegraph)
Miss Tabriz, who in 2012 was named one of the top 30 under 30 to watch by Forbes magazine, thinks the lack of women in tech is because they do themselves down. "There was a study done a few years ago which questioned people who had dropped out of their computer science course," she says.
"Women who left tended to have a B-minus average and the most common reason they gave was that they were finding it too hard, whereas among the men the most common grade was a low C but the reason they gave was that it wasn't interesting."
One of the most high-profile women in the industry, Sheryl Sandberg, a former vice president at Google who is now chief operating officer at Facebook, tells a similar tale. "Women systematically underestimate their own abilities. You ask men and women to guess their GPAs (grade point average) – men always get it slightly high and women get it slightly low," she told a TED talk a few years ago.
"It means they don't know their worth."
Miss Tabriz grew up in the suburbs of Chicago with her Iranian-immigrant father, a doctor, and Polish-American nurse mother, both of whom were incredibly smart but computer illiterate.
As the older sister of two brothers, she was used to bossing boys around from an early age.
"They'd say I was a bully, but I played them at their own game, in sports on the field, and at video games," she says.
"I was older and used to beat them up all the time," she adds. But when her brothers grew up and she was not able to anymore, she felt she had to beat them some other way.
"I didn't know what I wanted to do at first," she says. "I remember taking a careers test in high school to see which job would suit me, I got police officer.
"I laughed at the time but I realise now it wasn't all that far off, after all I'm in the business of protecting people."
She herself had not even touched a computer until her first year of college, the University of Illinois, where she was studying computer engineering.
Parisa Tabriz created her own job title: Security Princess (Tim Hussin/The Telegraph)
She was inspired by the story of one of the earliest hackers, John Draper, otherwise known as Captain Crunch. Draper was working as a US Air Force radar technician when, in the late 1960s, he discovered how to make free long-distance calls using a toy whistle packaged in boxes of Cap'n Crunch cereal.
The whistle emitted a tone at precisely 2600 hertz – the same frequency that was used at the time by the US's biggest phone network to route international calls.
Today, anyone can turn their hand to hacking, which makes profiling that much more difficult a job.
Miss Tabriz sees everything from the common criminal looking for ways to get hold of bank account details to the anti-establishment hactivst networks like Anonymous, to those with much grander aims like bringing down Iran's entire Gmail system.
Her ability to get inside the mind of the "bad guys" has seen her put in charge of the in-house training of Google engineers wanting to get into security. In her seminars she starts by asking them to think of a way to hack a vending machine for chocolate – but without the use of technology.
She knows immediately from their answers who has the curiosity and the mischievousness needed to make it.
One of the smartest – which came from a European employee – was to insert a 10 Thai Baht piece instead of a €2 coin as both are the same size, weight and alloy, but at 25 cent the Thai money is worth just a fraction of the euro coin.
Google is full of eccentric geniuses, and the company's sprawling campus in Mountain View, California, is designed to harness that genius.
On the day of our visit, a team from recruitment was holding a meeting on a seven-seater circular conference bike, while another had taken laptops into the giant ball pit to work.
One employee spent his break in the "thinking zone", taking drags of a cigarette while spinning quickly in circles to deprive his brain of oxygen in the hope that when it rushes back he will see the problem more clearly.
"I can't say I know what that was about," Miss Tabriz says, "but employees here are on the whole are good at outside-the-box thinking."
For many black-hat hackers, Google – the single most recognisable entity of the Internet age – is seen as the Alcatraz of hacks.
The tech giant has had to work to keep its enemies close. It now offers outside hackers cash rewards of up to $30,000 (£19,000) if they are able to find bugs, or faults, on Chrome, in an attempt to stop them reaching the wrong hands.
To date they have awarded $1.25 million, fixing more than 700 bugs.
Miss Tabriz says the incentive of money can turn black hats white. "There's a fine line between the two" she says. "You want these people on your side, not against you.
Parisa Tabriz on the Google campus in Mountain View (Tim Hussin/The Telegraph)
"Today, hacking can be ugly. The guy who published the private photos of those celebrities online made headlines everywhere. What he did was not only a violation of these women but it was criminal, and as a hacker I was very saddened by it.
"I feel like we, the hackers, need better PR to show we're not all like that."
She is doing her bit to give hacking a good name. She mentors under-16s at a yearly computer science conference in Las Vegas.
The children who take part in DEFCON are taught how to "hack for good" – and girls are more than encouraged to join.
Trinity Nordstrom, 16, one of those who attended, says: "Parisa is a good role model, because of her I'd like to be a hacker.
"In the computer security industry, skill is starting to matter a lot more than whether or not you're a man or a woman. I think that in order to get such a job, you'd need to earn it."
Miss Tabriz knows a little about hard work and the sleepless nights trying to keep a seventh of the world safe from harm every day.
As such she has the power to choose her own title – and "Security Princess" is on her business card. She came up with it while attending a conference in Tokyo: "I knew I'd have to hand out my card and I thought Information Security Engineer sounded so boring. Guys in the industry all take it so seriously, so security princess felt suitably whimsical."
Earlier this year, Google became the first in the Valley to publish figures on the diversity of its workforce. They revealed just 30 out of every 100 staff members are female.
"Fifty years ago there were similar percentages of women in medicine and law, now thankfully that's shifted," Miss Tabriz says.
"Technology is one of the fastest-growing fields, but in that respect it has a lot of catching up to do."
While she says she has never encountered overt sexism at Google since she joined in 2007, when she was offered the job while still at college a male fellow student told her: 'you know you only got it cos you're a girl.' "He said it to my face, but I'm sure a lot of others were thinking it.
"The jerks are the ones that tend to be the most insecure, but that didn't stop me worrying he might be right," she says, dressed head-to-toe in black – the only colour she ever wears.
Parisa Tabriz on the Google campus in Mountain View (Tim Hussin/The Telegraph)
Miss Tabriz, who in 2012 was named one of the top 30 under 30 to watch by Forbes magazine, thinks the lack of women in tech is because they do themselves down. "There was a study done a few years ago which questioned people who had dropped out of their computer science course," she says.
"Women who left tended to have a B-minus average and the most common reason they gave was that they were finding it too hard, whereas among the men the most common grade was a low C but the reason they gave was that it wasn't interesting."
One of the most high-profile women in the industry, Sheryl Sandberg, a former vice president at Google who is now chief operating officer at Facebook, tells a similar tale. "Women systematically underestimate their own abilities. You ask men and women to guess their GPAs (grade point average) – men always get it slightly high and women get it slightly low," she told a TED talk a few years ago.
"It means they don't know their worth."
Miss Tabriz grew up in the suburbs of Chicago with her Iranian-immigrant father, a doctor, and Polish-American nurse mother, both of whom were incredibly smart but computer illiterate.
As the older sister of two brothers, she was used to bossing boys around from an early age.
"They'd say I was a bully, but I played them at their own game, in sports on the field, and at video games," she says.
"I was older and used to beat them up all the time," she adds. But when her brothers grew up and she was not able to anymore, she felt she had to beat them some other way.
"I didn't know what I wanted to do at first," she says. "I remember taking a careers test in high school to see which job would suit me, I got police officer.
"I laughed at the time but I realise now it wasn't all that far off, after all I'm in the business of protecting people."
She herself had not even touched a computer until her first year of college, the University of Illinois, where she was studying computer engineering.
Parisa Tabriz created her own job title: Security Princess (Tim Hussin/The Telegraph)
She was inspired by the story of one of the earliest hackers, John Draper, otherwise known as Captain Crunch. Draper was working as a US Air Force radar technician when, in the late 1960s, he discovered how to make free long-distance calls using a toy whistle packaged in boxes of Cap'n Crunch cereal.
The whistle emitted a tone at precisely 2600 hertz – the same frequency that was used at the time by the US's biggest phone network to route international calls.
Today, anyone can turn their hand to hacking, which makes profiling that much more difficult a job.
Miss Tabriz sees everything from the common criminal looking for ways to get hold of bank account details to the anti-establishment hactivst networks like Anonymous, to those with much grander aims like bringing down Iran's entire Gmail system.
Her ability to get inside the mind of the "bad guys" has seen her put in charge of the in-house training of Google engineers wanting to get into security. In her seminars she starts by asking them to think of a way to hack a vending machine for chocolate – but without the use of technology.
She knows immediately from their answers who has the curiosity and the mischievousness needed to make it.
One of the smartest – which came from a European employee – was to insert a 10 Thai Baht piece instead of a €2 coin as both are the same size, weight and alloy, but at 25 cent the Thai money is worth just a fraction of the euro coin.
Google is full of eccentric geniuses, and the company's sprawling campus in Mountain View, California, is designed to harness that genius.
On the day of our visit, a team from recruitment was holding a meeting on a seven-seater circular conference bike, while another had taken laptops into the giant ball pit to work.
One employee spent his break in the "thinking zone", taking drags of a cigarette while spinning quickly in circles to deprive his brain of oxygen in the hope that when it rushes back he will see the problem more clearly.
"I can't say I know what that was about," Miss Tabriz says, "but employees here are on the whole are good at outside-the-box thinking."
For many black-hat hackers, Google – the single most recognisable entity of the Internet age – is seen as the Alcatraz of hacks.
The tech giant has had to work to keep its enemies close. It now offers outside hackers cash rewards of up to $30,000 (£19,000) if they are able to find bugs, or faults, on Chrome, in an attempt to stop them reaching the wrong hands.
To date they have awarded $1.25 million, fixing more than 700 bugs.
Miss Tabriz says the incentive of money can turn black hats white. "There's a fine line between the two" she says. "You want these people on your side, not against you.
Parisa Tabriz on the Google campus in Mountain View (Tim Hussin/The Telegraph)
"Today, hacking can be ugly. The guy who published the private photos of those celebrities online made headlines everywhere. What he did was not only a violation of these women but it was criminal, and as a hacker I was very saddened by it.
"I feel like we, the hackers, need better PR to show we're not all like that."
She is doing her bit to give hacking a good name. She mentors under-16s at a yearly computer science conference in Las Vegas.
The children who take part in DEFCON are taught how to "hack for good" – and girls are more than encouraged to join.
Trinity Nordstrom, 16, one of those who attended, says: "Parisa is a good role model, because of her I'd like to be a hacker.
"In the computer security industry, skill is starting to matter a lot more than whether or not you're a man or a woman. I think that in order to get such a job, you'd need to earn it."
Miss Tabriz knows a little about hard work and the sleepless nights trying to keep a seventh of the world safe from harm every day.
No comments:
Post a Comment