Google ‘security princess’ reigns over web giant’s anti-hacking drive
Cybersecurity expert Parisa Tabriz oversees Chrome browser defence
Parisa Tabriz: “I generally think there is something really beautiful about checking assumptions, which is what hacking is all about.”
It isn’t unusual to meet people with distinctive job titles working in the tech sector. But even so, proclaiming yourself to be a “security princess” carries a certain risk.
It is attention-grabbing, but for a woman looking to be taken seriously in a male-dominated industry, and more particularly in software engineering, it could backfire spectacularly.
Thankfully for Parisa Tabriz, who adopted the moniker in place of her then-official (and dull as dishwater) title of “information security engineer” at Google a few years ago, the princess tag has served her well.
“I’ve no regrets over it. It is a great icebreaker,” she says cheerfully.
Tabriz, whose daytime job is to find flaws in Google’s products before the bad guys do, has become a role model to aspiring software engineers across the world. But that wasn’t the plan when she first adopted the title.
Tabriz says it started out as a joke. Heading to Tokyo on a work trip, she got it added to the business cards she was taking with her as she thought it would be amusing to see the reaction from people when they received one. The title stuck beyond the trip, however.
“It is funny that I became known as a princess because I didn’t really recognise gender when I was younger. I grew up with two brothers, played a lot of sports and computer games and was generally a bit of a tomboy when I was younger,” she says.
“That continued when I went to college to study computer science where I had a lot of male friends and never really noticed that I was often the only woman around. If anything, I was a little wary of all those groups trying to encourage more women to take up the subject. I just didn’t see it as the way to equality.”
Sometimes you are looking at a masterpiece when you see an exploit working and you realise how much smart thinking has gone into it
The cybersecurity expert is in Munich to visit Google’s offices on Safer Internet Day. If anyone knows about keeping people safe online, it’s her.
Formerly included in Forbes’s “30 under 30” list of people to watch, the now 34-year-old has spent more than a decade working for Google. She has also lectured at Harvard and served as a consultant to the White House’s US digital service, advising the government how to toughen up its defences.
If that was not enough, she has also spent a lot of time briefing entertainment writers in Hollywood on how hackers operate so they can create and depict more accurate stories rather than settling for the usual stereotype of the antisocial boy genius.
Tabriz joined Google as an intern, before being taken on as a “hired hacker” engineer. She ended up managing the team and is now officially director of engineering at Google. She is responsible for security for the Chrome browser and also manages the company’s Project Zero team, which is tasked with finding and fixing vulnerabilities of all kinds.
Her team’s work also includes secure architecture design and implementation for the Chrome platform, working on solutions for Google’s user experience (UX) cybersecurity problems and being a general security consulting/review group for its larger open source Chromium project.
With Chrome installed on more than two billion devices, Tabriz is carrying a heavy weight. But that doesn’t stop her making light of her role.
Her LinkedIn profile currently has her job title as “browser boss”, while she also refers to herself jokingly as “the guardian of stability”. Her team, meanwhile, is sometimes known as “the Department of Chromeland Security”.
Tabriz admits she fell into working in cybersecurity by accident after she herself was hacked. “I initially got into web design and a site I made got defaced via a PHP exploit that led to Viagra being sold through it. I wanted to know how it had happened so I started attending a security club meeting and it went from there,” she says.
“It wasn’t like I had it all mapped out, though. It was even an accident how I ended up doing computer programming initially. My father was a doctor who had come to the US from Iran. Education was always emphasised at home, so I got good grades in math and science. But I ended up doing engineering purely because my state school had a really good programme.”
Tabriz said she never really noticed that she was only one of a few women working in tech in her early years at Google, a company that has come in for criticism for the low number of women it employs. Last year the company fired James Damore, a software engineer who wrote a controversial memo in which he said Google had gone too far in its efforts to promote diversity. Damore had claimed the under-representation of women at the company was a result of women’s lesser interest in software engineering, rather than outright discrimination within the tech sector.
Tabriz says for her part that she has always had a good experience working at Google and has never personally experienced obvious sexism in the workplace.
“When I became a manager, people kept telling me it was weird I was leading a team of all men. It hadn’t been something I’d thought about but when people are commenting on it constantly it does make you that much more aware of it,” she says.
“As I continued to get promoted, I began to see there were obviously far fewer women in senior roles and increasingly I’ve also had more people share their experiences with me of being women in the workplace. The result is I’m very aware of the need for a diverse work environment in a way I possibly wasn’t before and maybe I did experience bias in the past that I didn’t notice greatly at the time.”
While she didn’t particularly set out to inspire others, Google’s security princess is happy if she does.
“I don’t seek to be a role model, but if other people think it’s cool when they see someone like me working in tech then that’s great,” she says.
Moreover, Tabriz is keen to ensure she gets an opportunity to help ensure that representations of people working in tech go beyond stereotypes.
“We know that girls decide what they want to be in part from what they see on television, so I’m proud that I get to advise writers in LA on what the reality is. In our team we have a number of women and they don’t necessarily look like the Girl with the Dragon Tattoo either,” she added.
Tabriz is also keen to see hackers be portrayed as more than just troublemakers. While she has always stayed on the right side of the law herself, she believes hackers serve a valuable role and she often admires the thinking behind hacking, it not the consequences.
“Sometimes you are looking at a masterpiece when you see an exploit working and you realise how much smart thinking has gone into it,” she says.
“I often give tech talks to policymakers and I always try to get them to understand that there are societal benefits to tolerating hackers. I generally think there is something really beautiful about checking assumptions, which is what hacking is all about.”