Window Snyder

Last updated
Window Snyder
Window Snyder Web Summit 2017 cropped.jpg
Born
Mwende Window Snyder

1975 (age 4647)
Occupation Software security officer

Mwende Window Snyder (born 1975), better known as Window Snyder, is an American computer security expert. [1] She has been a top security officer at Square, Inc., [2] Apple, Fastly, Intel and Mozilla Corporation. She was also a Senior Security Strategist at Microsoft. She is co-author of Threat Modeling, a standard manual on application security.

Contents

Biography

Snyder is the daughter of an African-American father and a Kenyan-born mother, Wayua Muasa. She goes by her middle name Window; her first name is used only by family members. She graduated from Choate Rosemary Hall in 1993 and has served on their board. [3] At college, she got a computer science major, and during that time got interested in cryptography and crypto-analysis [4] and started actively working on the topic of cyber-security with the Boston hacker community in the 1990s, building her own tools and getting familiar with multi-user systems. [5] She went by the nickname Rosie the Riveter in the hacker scene. [6]

She then pursued this career path as one of the first computer scientists to specialize in cyber security, and to proactively try to bridge the gap between corporations and the security researchers often termed 'hackers [4] '. Until 2002, Snyder was Director of Security Architecture at @stake. Subsequently, she worked as a senior security strategist at Microsoft in the Security Engineering and Communications group. During this time, she was a contributor to the Security Design Lifecycle (SDL) and co-developed a new methodology for threat modeling software, as well as acting as security lead and signoff on Microsoft Windows XP Service Pack 2 and Windows Server 2003. [4] She also created the Blue Hat Microsoft Hacker Conference, an event bringing together engineers at Microsoft and hackers for a dialogue about the security of Microsoft's software. [7] After leaving Microsoft in 2005, she worked as a principal, founder, and CTO at Matasano Security, a security services and product company later acquired by NCC Group. [8] She joined Mozilla in September 2006. [9] [10]

On December 10, 2008, Snyder said that she would be leaving Mozilla Corporation at the end of the year. [11] [ better source needed ] On March 1, 2010, Snyder began work at Apple Inc. [12]

In 2015, Snyder became chief security officer at content distribution network Fastly. [13]

Intel's Software and Services Group senior vice president and general manager, Doug Fisher, announced in July 2018 that Snyder would become the company's Platforms Security Division's chief security officer, vice president and general manager. [14] [15] She has since left Intel and in May 2019 joined Square, Inc. [2]

On April 22, 2021, Snyder announced she had started a new company, Thistle Technologies, which describes itself as providing a "secure foundation for devices." [16]

Works

Public appearances

Window Snyder has been appearing publicly to speak about challenges in computer security at several conferences and hackathons. In May 2017 Snyder spoke at Next Generation Threats, held by Techworld, IDG in Stockholm, Sweden. [17] Earlier in April Snyder was a keynote speaker at HITBSecConf, held by Hack in the Box in Amsterdam. [18] Later in November Snyder spoke at O'Reilly Security Conference. [19] In April 2018 she spoke at RSA Conference, [20] and in August 2018 Snyder was a keynote speaker at the Open Source Summit held by the Linux Foundation. [21]

She has talked about career paths of women in cybersecurity, as for example in a keynote at the Women in Tech Symposium on March 6, 2020 on the UC Berkeley campus. [22]

Related Research Articles

Bruce Perens

Bruce Perens is an American computer programmer and advocate in the free software movement. He created The Open Source Definition and published the first formal announcement and manifesto of open source. He co-founded the Open Source Initiative (OSI) with Eric S. Raymond. Today, he is a partner at OSS Capital.

Eric S. Raymond American computer programmer, author, and advocate for the open source movement

Eric Steven Raymond, often referred to as ESR, is an American software developer, open-source software advocate, and author of the 1997 essay and 1999 book The Cathedral and the Bazaar. He wrote a guidebook for the Roguelike game NetHack. In the 1990s, he edited and updated the Jargon File, published as The New Hacker's Dictionary.

A computing platform or digital platform is an environment in which a piece of software is executed. It may be the hardware or the operating system (OS), even a web browser and associated application programming interfaces, or other underlying software, as long as the program code is executed with it. Computing platforms have different abstraction levels, including a computer architecture, an OS, or runtime libraries. A computing platform is the stage on which computer programs can run.

Peiter Zatko American computer security expert

Peiter C. Zatko, better known as Mudge, is a network security expert, open source programmer, writer, and a hacker. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the long-lived computer and culture hacking cooperative the Cult of the Dead Cow.

Trusted Platform Module Standard for secure cryptoprocessors

Trusted Platform Module is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard.

Jeff Moss (hacker) American computer security expert

Jeff Moss, also known as Dark Tangent, is an American hacker, computer and internet security expert who founded the Black Hat and DEF CON computer security conferences.

Bitdefender is a Romanian cybersecurity technology company headquartered in Bucharest, Romania, with offices in the United States, Europe, Australia and the Middle East.

Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in April 2021. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.

BlueHat is a term used to refer to outside computer security consulting firms that are employed to bug test a system prior to its launch, looking for exploits so they can be closed. In particular, Microsoft uses the term to refer to the computer security professionals they invited to find the vulnerability of their products such as Windows.

Mary Gardiner Australian computer scientist and activist

Mary Gardiner is an Australian Linux programmer who was director of operations at the Ada Initiative, described as a "non-profit organization dedicated to increasing participation of women in open technology and culture". She was a council member of Linux Australia until September 2011. In 2012, Gardiner and Ada Initiative co-founder Valerie Aurora were named two of the most influential people in computer security by SC Magazine.

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

Nitrokey is an open-source USB key used to enable the secure encryption and signing of data. The secret keys are always stored inside the Nitrokey which protects against malware and attackers. A user-chosen PIN and a tamper-proof smart card protect the Nitrokey in case of loss and theft. The hardware and software of Nitrokey are open-source. The free software and open hardware enables independent parties to verify the security of the device. Nitrokey is supported on Microsoft Windows, macOS, Linux, and BSD.

Katie Moussouris American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure

Katie Moussouris is an American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure, and is best known for her ongoing work advocating responsible security research. Previously a member of @stake, she created the bug bounty program at Microsoft and was directly involved in creating the U.S. Department of Defense's first bug bounty program for hackers. She previously served as Chief Policy Officer at HackerOne, a vulnerability disclosure company based in San Francisco, California, and currently is the founder and CEO of Luta Security.

Iftach Ian Amit Israeli Hacker

Iftach Ian Amit is an Israeli Hacker/computer security researcher and practitioner. He is one of the co-founders of the Tel Aviv DEF CON Group DC9723, the Penetration Testing Execution Standard, and presented at hacker conventions such as DEF CON, Black Hat, BlueHat, RSA Conference. He has been named SC Magazine's top experts and featured at Narratively's cover piece on Attack of the Superhackers and is frequently quoted and interviewed

RSA Conference Annual cryptography convention

The RSA Conference is a series of IT security conferences. Approximately 45,000 people attend one of the conferences each year. It was founded in 1991 as a small cryptography conference. RSA conferences take place in the United States, Europe, Asia, and the United Arab Emirates each year. The conference also hosts educational, professional networking, and awards programs.

Meltdown (security vulnerability) Microprocessor security vulnerability

Meltdown is a hardware vulnerability affecting Intel x86 microprocessors, IBM POWER processors, and some ARM-based microprocessors. It allows a rogue process to read all memory, even when it is not authorized to do so.

Microarchitectural Data Sampling CPU vulnerabilities

The Microarchitectural Data Sampling (MDS) vulnerabilities are a set of weaknesses in Intel x86 microprocessors that use hyper-threading, and leak data across protection boundaries that are architecturally supposed to be secure. The attacks exploiting the vulnerabilities have been labeled Fallout, RIDL, ZombieLoad., and ZombieLoad 2.

CodeSonar is a static code analysis tool from GrammaTech. CodeSonar is used to find and fix bugs and security vulnerabilities in source and binary code. It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++, C#, Java, as well as x86 and ARM binary executables and libraries. CodeSonar is typically used by teams developing or assessing software to track their quality or security weaknesses. CodeSonar supports Linux, BSD, FreeBSD, NetBSD, MacOS and Windows hosts and embedded operating systems and compilers.

Thunderspy is a type of security vulnerability, based on the Intel Thunderbolt port, first reported publicly on 10 May 2020, that can result in an evil maid attack gaining full access to a computer's information in about five minutes, and may affect millions of Apple, Linux and Windows computers, as well as any computers manufactured before 2019, and some after that. According to Björn Ruytenberg, the discoverer of the vulnerability, "All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop. All of this can be done in under five minutes."

Mozilla VPN Virtual private network service

Mozilla VPN is an open-source virtual private network web browser extension, desktop application, and mobile application developed by Mozilla. It launched in beta as Firefox Private Network on September 10, 2019, and officially launched on July 15, 2020 as Mozilla VPN.

References

  1. Rudolph, Laura C. (2014), "Kenyan Americans", in Riggs, Thomas (ed.), Gale Encyclopedia of Multicultural America, vol. 3 (3 ed.), Detroit, pp. 1–9
  2. 1 2 @window (June 3, 2019). "I started a new role at Square a couple weeks ago. Very excited to join the team!" (Tweet) via Twitter.
  3. Swartz, Jon (June 17, 2008). "'Geek girl' helps keep Mozilla safe in scary times". USA Today.
  4. 1 2 3 Grimes, Roger A. (2017). "46 - Profile: Window Snyder". Hacking the hacker : learn from the experts who take down hackers. Indianapolis, IN: Wiley. ISBN   978-1-119-39626-0. OCLC   983465946.
  5. Rosenblatt, Seth (2016-07-06). "How one woman protects almost the whole Internet (Q&A)". The Parallax. Retrieved 2020-06-10.
  6. Menn, Joseph (2019). Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. New York: Public Affairs. p. 49–50.
  7. Evers, Joris. "Mozilla looks to Microsoft for security". ZDNet. CBS Interactive. Retrieved September 23, 2017.
  8. Brenner, Bill (2012-08-02). "NCC Group acquires Matasano Security". CSO Online. Retrieved 2020-06-10.
  9. Mozilla taps former Microsoft executive for security strategy (Robert McMillan, Computerworld Security, September 6, 2006)
  10. Welcome to Window Snyder! (schrep's blog, September 6, 2006) Mozilla hiring announcement
  11. "Leaving Mozilla".
  12. "Ex-Mozilla Security Chief Takes Job at Apple". PCWorld. 2010-03-01. Retrieved 2021-02-21.
  13. "Fastly Adds Key Enterprise Security Leadership" (Press release).
  14. Jackson Higgins, Kelly (June 25, 2018). "Intel Names Window Snyder as Chief Software Security Officer". DarkReading.
  15. Fisher, Doug. "The Cybersecurity Community Driving Insights into Security Solutions" (Press release).
  16. @window (April 22, 2021). "I started a company, Thistle Technologies. @thistlesec" (Tweet) via Twitter.
  17. Snyder, Window. "Next Generation Threats 2017". Techworld. Retrieved March 7, 2019.
  18. Snyder, Window. "HITBSecConf". Hack in the Box. Retrieved March 7, 2019.
  19. Snyder, Window. "O'Reilly Security Conference". O'Reilly. Retrieved March 7, 2019.
  20. Snyder, Window. "RSA Conference 2018". RSA Conference. Retrieved March 7, 2019.
  21. Snyder, Window. "Open Source Summit 2018". Linux Foundation. Linux Foundation. Retrieved March 7, 2019.
  22. "Cisco's Nather and Square's Snyder to keynote Women in Tech 2020". CITRIS and the Banatao Institute. 2020-01-21. Retrieved 2020-06-10.