Parisa Tabriz

Last updated

Parisa Tabriz
Parisa Tabriz Blackhat'17 profile.jpg
Born1983 (age 4041)
Nationality American
Occupation Computer security engineer
Known for
  • Google's "Security Princess"
  • Co-founder, Our Security Advocates

Parisa Tabriz is an Iranian-American computer security expert who works for Google as a Vice President of engineering. She chose the title "Security Princess" on her business card. [1] [2] [3]

Contents

Early life

Parisa Tabriz was born to an Iranian father, a doctor, and an American mother, a nurse, of Polish-American descent. [1] She grew up in the suburbs of Chicago and is the older sister of two brothers. [1] Tabriz was not exposed to coding and computer science until her first year at university. [4]

Education

Tabriz initially enrolled at the University of Illinois at Urbana–Champaign to study computer engineering, but soon became interested in computer science instead. [4] [5] She completed a bachelor of science and master of science degree at the university [4] [6] and did research in wireless security and attacks on privacy-enhancing technologies, co-authoring papers with her advisor Nikita Borisov. [5] [7] [8] She was an active member of a student club interested in computer security, which she joined because her own website was hacked. [4]

Career

Tabriz was offered a summer internship with Google's security team while at college, [9] and joined the company a few months after her graduation in 2007. [1] [10] While preparing to attend a conference in Tokyo with Google, she decided to use the job title "Security Princess" on her business card rather than the conventional "information security engineer" since it sounded less boring and considered it ironic. [1] [2] Tabriz trained Google staff interested in learning more about security and worked with youth at DEFCON and Girl Scouts of the USA to expose a more diverse set of people to the field of computer security. [11] [1] [12]

In 2013, Tabriz took over responsibility for the security of Google Chrome.

In 2013, Tabriz conducted the talk "Got SSL?" at the Chrome Dev Summit. [13]

In 2014, Tabriz started an effort to drive adoption of the HTTPS protocol. [14] [15] In 2015, less than 50% of traffic seen by Chrome was over HTTPS, and by 2019, the percentage of HTTPS traffic had increased to 73-95% across all platforms. [16] Tabriz has spoken out against government interception of HTTPS connections on the public Internet. [17]

In 2014 Tabriz conducted the talk "Do Know Evil" at the Chrome Developers Conference. [18]

In 2016, Tabriz took over responsibility for Project Zero, an offensive security research group. [3] [19]

In 2016 Tabriz was the keynote speaker at the Python Conference (PyCon) in Portland, Oregon. [20]

In 2018, Tabriz was the keynote speaker at Black Hat Conference. [21]

In 2018, in response to the RSA Conference having only one non-male keynote speaker in a line-up of 20 keynotes, Tabriz co-founded the Our Security Advocates conference, OURSA. In only five days, Tabriz and organizers pulled together a speaker line-up consisting of expert speakers from under-represented backgrounds, 14 speakers of which were women. [22]

In 2020, Tabriz became head of product, Engineering, & UX, Chrome. [23]

Recognition

In 2012, Forbes included her in their "Top 30 People Under 30 To Watch in the Technology Industry" list. [1] [24]

In 2017, Wired included her in their list of 20 Tech Visionaries. [25]

In 2018, Fortune included her in their annual "40 under 40" most influence young people in business list. [26]

Related Research Articles

<span class="mw-page-title-main">HTTPS</span> Extension of the HTTP communications protocol to support TLS encryption

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

In cryptography and computer security, a man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

<span class="mw-page-title-main">Peiter Zatko</span> American computer security expert

Peiter C. Zatko, better known as Mudge, is an American network security expert, open source programmer, writer, and hacker. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the computer and culture hacking cooperative the Cult of the Dead Cow.

Xcitium, formerly known as Comodo Security Solutions, Inc., is a cybersecurity company headquartered in Bloomfield, New Jersey.

Black Hat Briefings is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together a variety of people interested in information security ranging from non-technical individuals, executives, hackers, and security professionals. The conference takes place regularly in Las Vegas, Barcelona, London and Riyadh. The conference has also been hosted in Amsterdam, Tokyo, and Washington, D.C. in the past.

<span class="mw-page-title-main">David Brumley</span> American cryptographer

David Brumley is a professor at Carnegie Mellon University. He is a well-known researcher in software security, network security, and applied cryptography. Prof. Brumley also worked for 5 years as a Computer Security Officer for Stanford University.

<span class="mw-page-title-main">Moxie Marlinspike</span> American entrepreneur

Moxie Marlinspike is an American entrepreneur, cryptographer, and computer security researcher. Marlinspike is the creator of Signal, co-founder of the Signal Technology Foundation, and served as the first CEO of Signal Messenger LLC. He is also a co-author of the Signal Protocol encryption used by Signal, WhatsApp, Google Messages, Facebook Messenger, and Skype.

<span class="mw-page-title-main">Niels Provos</span> German-American computer scientist and software engineer

Niels Provos is a German-American researcher in security engineering, malware, and cryptography. He received a PhD in computer science from the University of Michigan. From 2003 to 2018, he worked at Google as a Distinguished Engineer on security for Google. In 2018, he left Google to join Stripe as its new head of security. In 2022, Provos left Stripe and joined Lacework as head of Security Efficacy.

Eric Hughes is an American mathematician, computer programmer, and cypherpunk. He is considered one of the founders of the cypherpunk movement, alongside Timothy C. May and John Gilmore. He is notable for founding and administering the Cypherpunk mailing list, authoring A Cypherpunk's Manifesto, creating and hosting the first anonymous remailer, and coining the motto, "Cypherpunks write code".

HTTPS Everywhere is a discontinued free and open-source browser extension for Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, Brave, Vivaldi and Firefox for Android, which was developed collaboratively by The Tor Project and the Electronic Frontier Foundation (EFF). It automatically makes websites use a more secure HTTPS connection instead of HTTP, if they support it. The option "Encrypt All Sites Eligible" makes it possible to block and unblock all non-HTTPS browser connections with one click. Due to the widespread adoption of HTTPS on the World Wide Web, and the integration of HTTPS-only mode on major browsers, the extension was retired in January 2023.

Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

<span class="mw-page-title-main">HackMIT</span>

HackMIT is an annual student-run hackathon held in the fall at the Massachusetts Institute of Technology.

<span class="mw-page-title-main">Eva Galperin</span> American cybersecurity, privacy and anti-stalkerware activist

Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and technical advisor for the Freedom of the Press Foundation. She is noted for her extensive work in protecting global privacy and free speech and for her research on malware and nation-state spyware.

<span class="mw-page-title-main">Rob Joyce</span> American cybersecurity official

Robert E. Joyce is an American cybersecurity official who served as special assistant to the President and Cybersecurity Coordinator on the U.S. National Security Council. He also began serving as White House Homeland Security Adviser to President Donald Trump on an acting basis after the resignation of Tom Bossert from April 10, 2018 to May 31, 2018. He completed his detail to the White House in May 2018 and returned to the National Security Agency, where he served as the Senior Advisor to the Director NSA for Cyber Security Strategy, until July 2019 when he went to London and served in the US Embassy as the NSA's senior cryptologic representative to the UK. Joyce previously performed as acting Deputy Homeland Security Advisor since October 13, 2017. On January 15, 2021 the NSA announced that Joyce would replace Anne Neuberger as its Director of Cybersecurity.

SwiftOnSecurity is a pseudonymous computer security expert and influencer on Twitter, inspired from Taylor Swift. As of May 2024, they have over 405,400 followers. The account was originally created to post Taylor Swift-related memes about the Heartbleed bug. The name was chosen due to Swift's caution with regard to digital security, and the account's original focus on cybersecurity. The account has been cited in news articles about computer security. They are a Microsoft MVP, and work as an endpoint monitoring lead for a Fortune 500 company. Their blog contains general computer security advice, with a large amount dedicated to Windows and phishing.

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

Jessica Hullman is a computer scientist and the Ginni Rometty associate professor of Computer Science at Northwestern University. She is known for her research in Information visualization.

Adrienne Porter Felt is an American computer scientist.

References

  1. 1 2 3 4 5 6 7 Josie Ensor (October 4, 2014). "Google's top secret weapon – a hacker they call their Security Princess". The Daily Telegraph . Retrieved October 4, 2014. I knew I'd have to hand out my card and I thought Information Security Engineer sounded so boring. Guys in the industry all take it so seriously, so security princess felt suitably whimsical.
  2. 1 2 "Moon Walking". Click. September 1, 2018. BBC . Retrieved September 8, 2018.
  3. 1 2 Jillian d'Onfro (July 12, 2014). "Google's 'Security Princess' Leads A Team Of Hackers Paid To Think Like Criminals". Business Insider . Retrieved January 5, 2016.
  4. 1 2 3 4 Clare Malone (July 8, 2014). "Meet Google's Security Princess". Elle . Retrieved January 5, 2016.
  5. 1 2 "Parisa Tabriz". Google AI. Retrieved September 8, 2018.
  6. "CS @ Illinois Alumna, and Google's Security Princess". Archived from the original on July 19, 2014. Retrieved July 15, 2014.
  7. Jason Franklin; Damon McCoy; Parisa Tabriz (2006). "Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting". Usenix-Ss'06. Berkeley, California: USENIX: 167–178. Retrieved October 4, 2014.
  8. Parisa Tabriz; Nikita Borisov (2006). "Breaking the Collusion Detection Mechanism of MorphMix". In George Danezis; Philippe Golle (eds.). Privacy Enhancing Technologies. Lecture Notes in Computer Science. Vol. 4258. Cambridge. pp. 368–383. doi:10.1007/11957454_21. ISBN   978-3-540-68790-0. Archived from the original on October 4, 2014. Retrieved October 4, 2014.{{cite book}}: |work= ignored (help)CS1 maint: location missing publisher (link)
  9. Cade Metz (August 26, 2014). "With Any Luck, This Googler Will Turn More Girls Into Hackers". Wired . Retrieved January 5, 2016.
  10. Peter Osterlund (October 10, 2013). "Parisa Tabriz, Google security, talks about college". 60second Recap . Retrieved August 10, 2014.
  11. Sheena McKenzie (March 17, 2015). "The cyber warrior 'princess' who guards Google". CNN . Retrieved January 5, 2018.
  12. Metz, Cade (August 26, 2014). "With Any Luck, This Googler Will Turn More Girls Into Hackers". Wired. ISSN   1059-1028 . Retrieved January 5, 2020.
  13. Got SSL? - Chrome Dev Summit 2013 (Parisa Tabriz), December 4, 2013, retrieved October 6, 2021
  14. Greenberg, Andy (November 4, 2016). "Google's Chrome Hackers Are About to Upend Your Idea of Web Security". Wired. ISSN   1059-1028 . Retrieved January 3, 2020.
  15. Schechter, Emily (2017). "Inside "MOAR TLS:" How We Think about Encouraging External HTTPS Adoption on the Web".{{cite journal}}: Cite journal requires |journal= (help)
  16. "Google Transparency Report". transparencyreport.google.com. Retrieved January 3, 2020.
  17. "Google and Mozilla move to stop Kazakhstan 'snooping'". August 21, 2019. Retrieved January 5, 2020.
  18. Do Know Evil - Parisa Tabriz, June 2, 2014, retrieved October 6, 2021
  19. Tabriz, Parisa (September 11, 2018). "Optimistic dissatisfaction with the status quo of security".
  20. Parisa Tabriz - Keynote - PyCon 2016, May 31, 2016, retrieved October 6, 2021
  21. Black Hat USA 2018 Keynote: Parisa Tabriz, August 8, 2018, retrieved October 6, 2021
  22. Iain Thomson (March 7, 2008). "Women of Infosec call bullsh*t on RSA's claim it could only find one female speaker". The Register . Retrieved March 8, 2018.
  23. Tabriz, Parisa. "Parisa Tabriz". LinkedIn. Retrieved October 6, 2021.
  24. Victoria Barret; Connie Guglielmo (July 30, 2014). "30 Under 30 — Tech". Forbes . Retrieved August 10, 2014.
  25. Wired Staff (April 25, 2017). "Next List 2017: 20 Tech Visionaries You Should Have Heard of by Now". Wired. ISSN   1059-1028 . Retrieved December 7, 2019.
  26. "Fortune 40 under 40: Parisa Tabriz". Fortune. Retrieved December 7, 2019.