Getting hacked isn't really something you think about — until your email address is being used to spam hundreds of your contacts and your private photos are all over Google. And, that's where these four women come into play. As members of the Google security team, they protect us by finding holes in the system, improving user experience, and working toward developing a secure online environment. From a white-hat hacker whose job it is to think and work like an attacker to an engineer who focuses on building a seamless warning system for users, these tech gurus are whip-smart and making a difference every single day. We ventured to the Google campus to pull back the curtain and hear more about their strange, exciting jobs — and pick up a few tricks for protecting our own data.
The Hacker: Parisa Tabriz Your job title is Security Princess. Tell us more about what that means.
"When I joined Google, my job title was information-security engineer in the information-security engineering team — boring! I didn’t think the title was very meaningful, so I decided to pick something with a bit more whimsy. Practically, it means I make Google’s products more secure, which has meant a mix of engineering, developer education, hacking, and people management."
How did you find yourself in this field?
"I have a degree in computer science and a history of breaking things, both accidentally and intentionally."
When did you realize you had an interest in hacking?
"I joined a computer club in college comprised of other students interested in computer security. We met on Friday nights, and everyone took turns teaching each other about topics we were interested in, and we worked on security projects and some harmless pranks. I’m still best friends with a lot of those guys!" What's the coolest part about hacking for a profession?
"It’s fun to think like an attacker, but work on the good side. The best part of my job is working alongside some of the most passionate, creative, smart people in the world, and having the freedom and support to pursue ambitious projects. Also, some amount of mischief within the team is expected — if not encouraged."
What's the most challenging part of your job?
"Chrome is a project that has many millions of lines of security critical code and hundreds of engineers working on it at the same time around the world. We’re constantly trying to make it safer, faster, and more useful for everyone: people of all ages, education, cultures, and technical aptitude. At the same time, we know that attackers target the browser because it’s such a central part of people’s Internet usage. All those factors add up to a lot of complexity!" What are some precautions we can take as users to keep our information safe?
"You should check or update your account-recovery options, especially for your primary email address! Most online services have a way to reset or recover a forgotten password. Attackers know this, too, and may try to exploit your recovery information. Be mindful of all software or applications you install on your computer and phone. Lots of malware is disguised to be enticing, like free software or security updates. That goes for alluring mobile apps and browser extensions that may ask for lots of permissions. Be cautious! Also, keep your programs up to date. I’m biased, but I strongly recommend Chrome and Chromebooks — which use the Chrome operating system. It automatically stays updated, so you don’t have to worry about it." What’s one thing people would be surprised to know about hacking?
"People might be surprised to know that most of the people that 'hack' — and find flaws in software — don’t look anything like the stereotypes portrayed in media. You also don’t need to be an eccentric genius that’s been programming since childhood to work in this field."
The Engineer: Emily Stark
Tell us more about your role on the Google security team.
"I’m a software engineer working on security for Chrome. I work on browser features that help keep our users safe when they might be under attack. I also work on features that enable developers to build more secure web applications. If you’ve ever tried to visit a website in Chrome and seen a warning telling you that your connection to the website is not secure, that’s a project I’m working on. We’re trying to make Chrome better at distinguishing real attacks from website misconfigurations, so that we can make the warning more helpful." What does your day-to-day look like?
"I spend most of the day writing, reviewing, and debugging code, working on design documents, and meeting with co-workers to discuss what we’re working on. I work in Google’s San Francisco office, where we have a close-knit Chrome security team that always eats lunch together. Sometimes, I take a break to go to a yoga class, which is awesome." What’s the biggest misconception people have about your role?
"People think that being a software engineer means spending every day staring at a screen all day long by yourself. Software engineering is actually a very collaborative job. We spend lots of time brainstorming together, discussing challenges face to face, and even working on code together, which is called pair programming." What’s the most fun part about being on the Google security team?
"Well, a co-worker just unicycled past my desk, so that’s pretty fun. I also love getting to work on software that’s used by more than 750 million people. It’s very gratifying to feel that my work is important in keeping those users safe and secure on the web." Did you always know you wanted to work in tech?
"I wanted to be a novelist when I was really young, but I started programming when I was about 10 or 11, and then there was no turning back." What are some precautions we can take as users to keep our information safe?
"Whenever you are about to enter sensitive information such as a password or credit card number on a website, look up at the address bar and make sure you are on the right website. Look for the expected address — such as google.com or paypal.com — in the address bar, with 'https://' in front of it and a green lock icon. The 's' in 'https' and the lock icon indicate that you have a secure connection to the website. Beware of phishing attacks, where you might be tricked into entering your Google password — for example on www.go0gle.com instead of the real www.google.com. And, while we're on the subject of passwords, use strong passwords and don't reuse them across websites! Passwords are much easier to guess than you would think. Using a password manager is a great way to help with this." What do you do when you aren’t hacking?
"I like to read — mostly fiction and The New Yorker — bake pies, exercise, and travel."
The Designer: Rebecca Rolfe Tell us more about your role on the Google security team.
"I am an interaction designer for Chrome. Visual designers determine what the typography should look like, what the color scheme should be, how the icons are shaped, that sort of thing. Then, interaction designers apply those principles to problems in the interface, like figuring out where to put a new button and what happens when you click it. You are responsible for the user's experience of a product. My goal, ultimately, is to be invisible. I want users of Chrome to never have to know anything has been designed for them, because it all works perfectly. It's an interesting challenge to just get out of the way and let the web shine." What's one thing about your role people would be surprised to know?
"Sometimes, the best design is no design! When you talk through problems as a team, it becomes easier to address ways to resolve issues without any design work at all. Instead of showing the user an alert that something might not work, maybe we can build a smarter algorithm. Instead of asking the user to make a choice up front, maybe we can set a smart default and see if there is high demand after launch for more customization. I know it’s weird, but a lot of my job is telling people they actually don’t need me." What's been the biggest challenge you've faced being a woman in tech?
"There are definitely talented women on the Chrome security team, which is great. There is one detail about working in tech that has always surprised me: bathroom lines! A lot of times, the guys have to wait in line. It sounds ridiculous, but on the day that I head to the restroom and there’s an equal number of men and women lined up outside the doors, I am going to jump for joy." What's been your favorite project to date?
"Say you allow a website to know your location, and now you want to turn that off. That can be a needlessly hard thing to do, so that’s what we’re working to fix. We still have work to do, but now users are way more empowered to understand and manage how sites are accessing their information. I’m really proud of us for prioritizing these details, because it’s easy for that sort of thing to get lost in the shuffle."
The Product Manager: Elisabeth Morant Tell us more about your role on the Google security team.
"I work to help users make safe decisions when browsing the web." What's one thing about your role people would be surprised to know?
"When it comes to attacks aimed at stealing user information or accessing personal accounts, one of the most effective ways to do so is through social engineering. This means attackers sending people to, say, a website that may look like the real Etsy, but is actually an imitation built to capture their passwords. This is one reason why security UX is so important, and it’s our job to effectively warn people when they’re on a site that’s trying to trick them into divulging sensitive information." What's the most challenging part of your job?
"Working in security means dealing with a new threat every day. This can be really exciting at times, but when we’re dealing with high-risk threats, it can also be quite stressful!" What projects are you working on that you're really excited about?
"One project I’m excited about is the Chrome Experience Survey we’re launching next week. This is the first project of its kind for Chrome, where we are asking people for in-the-moment feedback triggered by interesting or unusual events. We’re planning to use that feedback to directly improve Chrome." Did you always know you wanted to work in tech?
"When I was three years old, my father introduced me to the Beauty and the Beast video game for DOS, and I’ve been a big fan of computers ever since. I started programming years later because I wanted to use technology to tell my own stories, but it wasn’t until college that I realized I liked computer science enough to major in it and eventually pursue a career in tech." What do you do when you're not working?
"In my free time, I collaborate with a group at Google devoted to improving the media’s depiction of women in tech. This typically means meeting with writers and producers to discuss technical topics and consult on scripts. I also enjoy writing and playing tennis."