Window Snyder

Last updated
Window Snyder
Window Snyder Web Summit 2017 cropped.jpg
Born
Mwende Window Snyder

1975 (age 4849)
Occupation Software security officer

Mwende Window Snyder (born 1975), better known as Window Snyder, is an American computer security expert. [1] She has been a top security officer at Square, Inc., [2] Apple, Fastly, Intel and Mozilla Corporation. She was also a senior security strategist at Microsoft. She is co-author of Threat Modeling, a standard manual on application security.

Contents

Biography

Snyder was born in New Jersey, [3] of an American father and a Kenyan-born mother, Wayua Muasa. She goes by her middle name Window; her first name is used only by family members. She attended Boston College, [3] after graduating from Choate Rosemary Hall in 1993 and has served on their board. [4] While earning her undergraduate degree in computer science, she became interested in cryptography and crypto-analysis [5] and began actively working on the topic of cybersecurity with the Boston hacker community in the 1990s, building her own tools and getting familiar with multi-user systems. [6] She went by the nickname Rosie the Riveter in the hacker scene. [7]

She then pursued this career path as one of the first computer scientists to specialize in cybersecurity, and to proactively try to bridge the gap between corporations and the security researchers often termed 'hackers.' [5] She joined @stake as the 10th employee, [3] and rose to director of security architecture, until she left the company in 2002. Subsequently, she worked as a senior security strategist at Microsoft in the Security Engineering and Communications group. During this time, she was a contributor to the Security Design Lifecycle (SDL) and co-developed a new methodology for threat modeling software, as well as acting as security lead and signoff on Microsoft Windows XP Service Pack 2 and Windows Server 2003. [5] She also created the Blue Hat Microsoft Hacker Conference, an event bringing together engineers at Microsoft and hackers for a dialogue about the security of Microsoft's software. [8] After leaving Microsoft in 2005, she worked as a principal, founder, and CTO at Matasano Security, a security services and product company later acquired by NCC Group. [9] She joined Mozilla in September 2006. [10] [11]

On December 10, 2008, Snyder said that she would be leaving Mozilla Corporation at the end of the year. [12] [ better source needed ] On March 1, 2010, Snyder began work at Apple Inc. as product manager responsible for the privacy and security of all Apple products. [13]

In 2015, Snyder became chief security officer at content distribution network Fastly. [14]

Intel's Software and Services Group senior vice president and general manager, Doug Fisher, announced in July 2018 that Snyder would become the company's Platforms Security Division's chief security officer, vice president and general manager. [15] [16] She has since left Intel and in May 2019 joined Square, Inc. [2]

On April 22, 2021, Snyder announced she had started a new company, Thistle Technologies, which describes itself as providing a "secure foundation for devices." [17]

Works

Public appearances

Window Snyder has been appearing publicly to speak about challenges in computer security at several conferences and hackathons. In May 2017 Snyder spoke at Next Generation Threats, held by Techworld, IDG in Stockholm, Sweden. [18] Earlier in April Snyder was a keynote speaker at HITBSecConf, held by Hack in the Box in Amsterdam. [19] Later in November Snyder spoke at O'Reilly Security Conference. [20] In April 2018 she spoke at RSA Conference, [21] and in August 2018 Snyder was a keynote speaker at the Open Source Summit held by the Linux Foundation. [22]

She has talked about career paths of women in cybersecurity, as for example in a keynote at the Women in Tech Symposium on March 6, 2020, on the UC Berkeley campus. [23]

Related Research Articles

ATstake, Inc. was a computer security professional services company in Cambridge, Massachusetts, United States. It was founded in 1999 by Battery Ventures and Ted Julian. Its initial core team of technologists included Dan Geer and the east coast security team from Cambridge Technology Partners. Its initial core team of executives included Christopher Darby, James T. Mobley, and Christina Luconi.

<span class="mw-page-title-main">Trusted Platform Module</span> Standard for secure cryptoprocessors

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard ISO/IEC 11889. Common uses are to verify platform integrity, and to store disk encryption keys.

<span class="mw-page-title-main">Jeff Moss (hacker)</span> American computer security expert (born 1975)

Jeff Moss, also known as Dark Tangent, is an American hacker, computer and internet security expert who founded the Black Hat and DEF CON computer security conferences.

<span class="mw-page-title-main">Bitdefender</span> Romanian cybersecurity technology company

Bitdefender is a Romanian cybersecurity technology company headquartered in Bucharest, Romania, with offices in the United States, Europe, Australia and the Middle East.

Dr. Herbert Hugh Thompson is a computer security expert, an Adjunct Professor in the Computer Science Department at Columbia University, and the Chief Technology Officer of NortonLifeLock. He is also the Chairman of RSA Conference the world's largest information security conference with over 25,000 attendees annually. Thompson is the co-author of a book on human achievement titled The Plateau Effect: Getting from Stuck to Success published by Penguin in 2013 and has co-authored three books on information security including, How to Break Software Security: Effective Techniques for Security Testing published by Addison-Wesley, and The Software Vulnerability Guide published by Charles River 2005. He is known for his role in exposing electronic voting machine vulnerabilities as part of the HBO Documentary Hacking Democracy. He was named one of the "Top 5 Most Influential Thinkers in IT Security" by SC Magazine and has been referred to by the Financial Times as "One of the world’s foremost cryptology and internet security experts."

Apache Cordova is a mobile application development framework created by Nitobi. Adobe Systems purchased Nitobi in 2011, rebranded it as PhoneGap, and later released an open-source version of the software called Apache Cordova. Apache Cordova enables software programmers to build hybrid web applications for mobile devices using CSS3, HTML5, and JavaScript, instead of relying on platform-specific APIs like those in Android, iOS, or Windows Phone. It enables the wrapping up of CSS, HTML, and JavaScript code depending on the platform of the device. It extends the features of HTML and JavaScript to work with the device. The resulting applications are hybrid, meaning that they are neither truly native mobile application nor purely Web-based. They are not native because all layout rendering is done via Web views instead of the platform's native UI framework. They are not Web apps because they are packaged as apps for distribution and have access to native device APIs. Mixing native and hybrid code snippets has been possible since version 1.9.

<span class="mw-page-title-main">Computer security conference</span> Convention for individuals involved in computer security

A computer security conference is a convention for individuals involved in computer security. They generally serve as meeting places for system and network administrators, hackers, and computer security experts.

Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in March 2024. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.

BlueHat is a term used to refer to outside computer security consulting firms that are employed to bug test a system prior to its launch, looking for exploits so they can be closed. Their role involves searching for weaknesses or security gaps that could be exploited, and their aim is to rectify and close these potential vulnerabilities prior to a product or system launch. In particular, Microsoft uses the term to refer to the computer security professionals they invited to find the vulnerability of their products, such as Windows.

<span class="mw-page-title-main">HackMiami</span>

HackMiami is a formal organization of information security professionals who host the annual international hacker conference that takes place in Miami Beach, FL known as the 'HackMiami Conference.'

A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014.

Nitrokey is an open-source USB key used to enable the secure encryption and signing of data. The secret keys are always stored inside the Nitrokey which protects against malware and attackers. A user-chosen PIN and a tamper-proof smart card protect the Nitrokey in case of loss and theft. The hardware and software of Nitrokey are open-source. The free software and open hardware enables independent parties to verify the security of the device. Nitrokey is supported on Microsoft Windows, macOS, Linux, and BSD.

<span class="mw-page-title-main">Katie Moussouris</span> American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure

Katie Moussouris is an American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure, and is best known for her ongoing work advocating responsible security research. Previously a member of @stake, she created the bug bounty program at Microsoft and was directly involved in creating the U.S. Department of Defense's first bug bounty program for hackers. She previously served as Chief Policy Officer at HackerOne, a vulnerability disclosure company based in San Francisco, California, and currently is the founder and CEO of Luta Security.

<span class="mw-page-title-main">Iftach Ian Amit</span> Israeli Hacker

Iftach Ian Amit is an Israeli Hacker/computer security researcher and practitioner. He is one of the co-founders of the Tel Aviv DEF CON Group DC9723, the Penetration Testing Execution Standard, and presented at hacker conventions such as DEF CON, Black Hat, BlueHat, RSA Conference. He has been named SC Magazine's top experts and featured at Narratively's cover piece on Attack of the Superhackers and is frequently quoted and interviewed

<span class="mw-page-title-main">RSA Conference</span> Annual cryptography convention

The RSA Conference is a series of IT security conferences. Approximately 45,000 people attend one of the conferences each year. It was founded in 1991 as a small cryptography conference. RSA conferences take place in the United States, Europe, Asia, and the United Arab Emirates each year. The conference also hosts educational, professional networking, and awards programs.

PLATINUM is the name given by Microsoft to a cybercrime collective active against governments and related organizations in South and Southeast Asia. They are secretive and not much is known about the members of the group. The group's skill means that its attacks sometimes go without detection for many years.

Thunderspy is a type of security vulnerability, based on the Intel Thunderbolt 3 port, first reported publicly on 10 May 2020, that can result in an evil maid attack gaining full access to a computer's information in about five minutes, and may affect millions of Apple, Linux and Windows computers, as well as any computers manufactured before 2019, and some after that.

<span class="mw-page-title-main">Mozilla VPN</span> Virtual private network service

Mozilla VPN is an open-source virtual private network developed by Mozilla. It launched in beta as Firefox Private Network on September 10, 2019, and officially launched on July 15, 2020, as Mozilla VPN.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

References

  1. Rudolph, Laura C. (2014), "Kenyan Americans", in Riggs, Thomas (ed.), Gale Encyclopedia of Multicultural America, vol. 3 (3 ed.), Detroit, pp. 1–9{{citation}}: CS1 maint: location missing publisher (link)
  2. 1 2 @window (June 3, 2019). "I started a new role at Square a couple weeks ago. Very excited to join the team!" (Tweet) via Twitter.
  3. 1 2 3 Franceschi-Bicchierai, Lorenzo (2023-08-04). "Meet Window Snyder, the trailblazer who helped secure the internet and billions of devices". TechCrunch. Retrieved 2023-08-05.
  4. Swartz, Jon (June 17, 2008). "'Geek girl' helps keep Mozilla safe in scary times". USA Today.
  5. 1 2 3 Grimes, Roger A. (2017). "46 - Profile: Window Snyder". Hacking the hacker : learn from the experts who take down hackers. Indianapolis, IN: Wiley. ISBN   978-1-119-39626-0. OCLC   983465946.
  6. Rosenblatt, Seth (2016-07-06). "How one woman protects almost the whole Internet (Q&A)". The Parallax. Retrieved 2020-06-10.
  7. Menn, Joseph (2019). Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. New York: Public Affairs. p. 49–50.
  8. Evers, Joris. "Mozilla looks to Microsoft for security". ZDNet. CBS Interactive. Retrieved September 23, 2017.
  9. Brenner, Bill (2012-08-02). "NCC Group acquires Matasano Security". CSO Online. Retrieved 2020-06-10.
  10. Mozilla taps former Microsoft executive for security strategy (Robert McMillan, Computerworld Security, September 6, 2006)
  11. Welcome to Window Snyder! (schrep's blog, September 6, 2006) Mozilla hiring announcement
  12. "Leaving Mozilla".
  13. "Ex-Mozilla Security Chief Takes Job at Apple". PCWorld. 2010-03-01. Retrieved 2021-02-21.
  14. "Fastly Adds Key Enterprise Security Leadership" (Press release).
  15. Jackson Higgins, Kelly (June 25, 2018). "Intel Names Window Snyder as Chief Software Security Officer". DarkReading.
  16. Fisher, Doug. "The Cybersecurity Community Driving Insights into Security Solutions" (Press release).
  17. @window (April 22, 2021). "I started a company, Thistle Technologies. @thistlesec" (Tweet) via Twitter.
  18. Snyder, Window. "Next Generation Threats 2017". Techworld. Retrieved March 7, 2019.
  19. Snyder, Window. "HITBSecConf". Hack in the Box. Retrieved March 7, 2019.
  20. Snyder, Window. "O'Reilly Security Conference". O'Reilly. Retrieved March 7, 2019.
  21. Snyder, Window. "RSA Conference 2018". RSA Conference. Retrieved March 7, 2019.
  22. Snyder, Window. "Open Source Summit 2018". Linux Foundation. Retrieved March 7, 2019.
  23. "Cisco's Nather and Square's Snyder to keynote Women in Tech 2020". CITRIS and the Banatao Institute. 2020-01-21. Retrieved 2020-06-10.