Window Snyder

Last updated
Window Snyder
Window Snyder Web Summit 2017 cropped.jpg
Born
Mwende Window Snyder

1975 (age 4950)
Honolulu, Hawaii
Occupation Software security officer

Mwende Window Snyder (born 1975), better known as Window Snyder, is an American computer security expert. [1] She has been a top security officer at Square, Inc., [2] Apple, Fastly, Intel and Mozilla Corporation. She was also a senior security strategist at Microsoft. She is co-author of Threat Modeling, a standard manual on application security.

Contents

Biography

Snyder was born in New Jersey, [3] of an American father and a Kenyan-born mother, Wayua Muasa. She goes by her middle name Window; her first name is used only by family members. She attended Boston College, [3] after graduating from Choate Rosemary Hall in 1993 and has served on their board. [4] While earning her undergraduate degree in computer science, she became interested in cryptography and crypto-analysis [5] and began actively working on the topic of cybersecurity with the Boston hacker community in the 1990s, building her own tools and getting familiar with multi-user systems. [6] She went by the nickname Rosie the Riveter in the hacker scene. [7]

She then pursued this career path as one of the first computer scientists to specialize in cybersecurity, and to proactively try to bridge the gap between corporations and the security researchers often termed 'hackers.' [5] She joined @stake as the 10th employee, [3] and rose to director of security architecture, until she left the company in 2002. Subsequently, she worked as a senior security strategist at Microsoft in the Security Engineering and Communications group. During this time, she was a contributor to the Security Design Lifecycle (SDL) and co-developed a new methodology for threat modeling software, as well as acting as security lead and signoff on Microsoft Windows XP Service Pack 2 and Windows Server 2003. [5] She also created the Blue Hat Microsoft Hacker Conference, an event bringing together engineers at Microsoft and hackers for a dialogue about the security of Microsoft's software. [8] After leaving Microsoft in 2005, she worked as a principal, founder, and CTO at Matasano Security, a security services and product company later acquired by NCC Group. [9] She joined Mozilla in September 2006. [10] [11]

On December 10, 2008, Snyder said that she would be leaving Mozilla Corporation at the end of the year. [12] [ better source needed ] On March 1, 2010, Snyder began work at Apple Inc. as product manager responsible for the privacy and security of all Apple products. [13]

In 2015, Snyder became chief security officer at content distribution network Fastly. [14]

Intel's Software and Services Group senior vice president and general manager, Doug Fisher, announced in July 2018 that Snyder would become the company's Platforms Security Division's chief security officer, vice president and general manager. [15] [16] She has since left Intel and in May 2019 joined Square, Inc. [2]

On April 22, 2021, Snyder announced she had started a new company, Thistle Technologies, which describes itself as providing a "secure foundation for devices." [17]

Works

Public appearances

Window Snyder has been appearing publicly to speak about challenges in computer security at several conferences and hackathons. In May 2017 Snyder spoke at Next Generation Threats, held by Techworld, IDG in Stockholm, Sweden. [18] Earlier in April Snyder was a keynote speaker at HITBSecConf, held by Hack in the Box in Amsterdam. [19] Later in November Snyder spoke at O'Reilly Security Conference. [20] In April 2018 she spoke at RSA Conference, [21] and in August 2018 Snyder was a keynote speaker at the Open Source Summit held by the Linux Foundation. [22]

She has talked about career paths of women in cybersecurity, as for example in a keynote at the Women in Tech Symposium on March 6, 2020, on the UC Berkeley campus. [23]

Related Research Articles

<span class="mw-page-title-main">Peiter Zatko</span> American computer security expert

Peiter C. Zatko, better known as Mudge, is an American network security expert, open source programmer, writer, and hacker. He is currently the chief information officer of DARPA. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the computer and culture hacking cooperative the Cult of the Dead Cow.

ATstake, Inc. was a computer security professional services company in Cambridge, Massachusetts, United States. It was founded in 1999 by Battery Ventures and Ted Julian. Its initial core team of technologists included Dan Geer and the East Coast security team from Cambridge Technology Partners. Its initial core team of executives included Christopher Darby, James T. Mobley, and Christina Luconi.

<span class="mw-page-title-main">Trusted Platform Module</span> Type of standardized secure cryptoprocessors

A Trusted Platform Module (TPM) is a secure cryptoprocessor that implements the ISO/IEC 11889 standard. Common uses are verifying that the boot process starts from a trusted combination of hardware and software and storing disk encryption keys.

Dr. Herbert Hugh Thompson is a computer security expert, an adjunct professor in the Computer Science Department at Columbia University, and the Chief Technology Officer of NortonLifeLock. He is also the Chairman of RSA Conference the world's largest information security conference with over 25,000 attendees annually. Thompson is the co-author of a book on human achievement titled The Plateau Effect: Getting from Stuck to Success published by Penguin in 2013 and has co-authored three books on information security including, How to Break Software Security: Effective Techniques for Security Testing published by Addison-Wesley, and The Software Vulnerability Guide published by Charles River 2005. He is known for his role in exposing electronic voting machine vulnerabilities as part of the HBO Documentary Hacking Democracy. He was named one of the "Top 5 Most Influential Thinkers in IT Security" by SC Magazine and has been referred to by the Financial Times as "One of the world’s foremost cryptology and internet security experts."

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

<span class="mw-page-title-main">Computer security conference</span> Convention for individuals involved in computer security

A computer security conference is a convention for individuals involved in computer security. They generally serve as meeting places for system and network administrators, hackers, and computer security experts. Common activities at hacker conventions may include:

Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in March 2024. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.

BlueHat is a term used to refer to outside computer security consulting firms that are employed to bug test a system prior to its launch, looking for exploits so they can be closed. Their role involves searching for weaknesses or security gaps that could be exploited, and their aim is to rectify and close these potential vulnerabilities prior to a product or system launch. In particular, Microsoft uses the term to refer to the computer security professionals they invited to find the vulnerability of their products, such as Windows.

A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014.

FREAK is a security exploit of a cryptographic weakness in the SSL/TLS protocols introduced decades earlier for compliance with U.S. cryptography export regulations. These involved limiting exportable software to use only public key pairs with RSA moduli of 512 bits or fewer, with the intention of allowing them to be broken easily by the National Security Agency (NSA), but not by other organizations with lesser computing resources. However, by the early 2010s, increases in computing power meant that they could be broken by anyone with access to relatively modest computing resources using the well-known Number Field Sieve algorithm, using as little as $100 of cloud computing services. Combined with the ability of a man-in-the-middle attack to manipulate the initial cipher suite negotiation between the endpoints in the connection and the fact that the finished hash only depended on the master secret, this meant that a man-in-the-middle attack with only a modest amount of computation could break the security of any website that allowed the use of 512-bit export-grade keys. While the exploit was only discovered in 2015, its underlying vulnerabilities had been present for many years, dating back to the 1990s.

Nitrokey is an open-source USB key used to enable the secure encryption and signing of data. The secret keys are always stored inside the Nitrokey which protects against malware and attackers. A user-chosen PIN and a tamper-proof smart card protect the Nitrokey in case of loss and theft. The hardware and software of Nitrokey are open-source. The free software and open hardware enables independent parties to verify the security of the device. Nitrokey is supported on Microsoft Windows, macOS, Linux, and BSD.

<span class="mw-page-title-main">Katie Moussouris</span> American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure

Katie Moussouris is an American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure, and is best known for her ongoing work advocating responsible security research. Previously a member of @stake, she created the bug bounty program at Microsoft and was directly involved in creating the U.S. Department of Defense's first bug bounty program for hackers. She previously served as Chief Policy Officer at HackerOne, a vulnerability disclosure company based in San Francisco, California, and currently is the founder and CEO of Luta Security.

<span class="mw-page-title-main">Iftach Ian Amit</span> Israeli Hacker

Iftach Ian Amit is an Israeli Hacker/computer security researcher and practitioner. He is one of the co-founders of the Tel Aviv DEF CON Group DC9723, the Penetration Testing Execution Standard, and presented at hacker conventions such as DEF CON, Black Hat, BlueHat, RSA Conference. He has been named SC Magazine's top experts and featured at Narratively's cover piece on Attack of the Superhackers and is frequently quoted and interviewed

A medical device hijack is a type of cyber attack. The weakness they target are the medical devices of a hospital. This was covered extensively in the press in 2015 and in 2016.

<span class="mw-page-title-main">RSA Conference</span> Annual cryptography convention

The RSA Conference is a series of IT security conferences. Approximately 45,000 people attend one of the conferences each year. It was founded in 1991 as a small cryptography conference. RSA conferences take place in the United States, Europe, Asia, and the United Arab Emirates each year. The conference also hosts educational, professional networking, and awards programs.

PLATINUM is the name given by Microsoft to a cybercrime collective active against governments and related organizations in South and Southeast Asia. They are secretive and not much is known about the members of the group. The group's skill means that its attacks sometimes go without detection for many years.

<span class="mw-page-title-main">Mozilla VPN</span> Virtual private network service

Mozilla VPN is an open-source virtual private network developed by Mozilla. It launched in beta as Firefox Private Network on September 10, 2019, and officially launched on July 15, 2020, as Mozilla VPN.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

<span class="mw-page-title-main">Jonathan Brossard</span> French computer scientist

Jonathan Brossard also known under the username 'endrazine', is a French security hacker, engineer and a Professor of computer science at the Conservatoire National des Arts et Metiers. He is best known as a pioneer in firmware cybersecurity, having presented the first public example of a hardware backdoor. The MIT Technology Review called it "undetectable and uncurable". He has presented several times at conferences such as Defcon and Blackhat, as the Director of Security at Salesforce.

References

  1. Rudolph, Laura C. (2014), "Kenyan Americans", in Riggs, Thomas (ed.), Gale Encyclopedia of Multicultural America, vol. 3 (3 ed.), Detroit, pp. 1–9{{citation}}: CS1 maint: location missing publisher (link)
  2. 1 2 @window (June 3, 2019). "I started a new role at Square a couple weeks ago. Very excited to join the team!" (Tweet) via Twitter.
  3. 1 2 3 Franceschi-Bicchierai, Lorenzo (2023-08-04). "Meet Window Snyder, the trailblazer who helped secure the internet and billions of devices". TechCrunch. Retrieved 2023-08-05.
  4. Swartz, Jon (June 17, 2008). "'Geek girl' helps keep Mozilla safe in scary times". USA Today.
  5. 1 2 3 Grimes, Roger A. (2017). "46 - Profile: Window Snyder". Hacking the hacker : learn from the experts who take down hackers. Indianapolis, IN: Wiley. ISBN   978-1-119-39626-0. OCLC   983465946.
  6. Rosenblatt, Seth (2016-07-06). "How one woman protects almost the whole Internet (Q&A)". The Parallax. Retrieved 2020-06-10.
  7. Menn, Joseph (2019). Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. New York: Public Affairs. p. 49–50.
  8. Evers, Joris. "Mozilla looks to Microsoft for security". ZDNet. CBS Interactive. Retrieved September 23, 2017.
  9. Brenner, Bill (2012-08-02). "NCC Group acquires Matasano Security". CSO Online. Retrieved 2020-06-10.
  10. Mozilla taps former Microsoft executive for security strategy (Robert McMillan, Computerworld Security, September 6, 2006)
  11. Welcome to Window Snyder! (schrep's blog, September 6, 2006) Mozilla hiring announcement
  12. "Leaving Mozilla".
  13. "Ex-Mozilla Security Chief Takes Job at Apple". PCWorld. 2010-03-01. Retrieved 2021-02-21.
  14. "Fastly Adds Key Enterprise Security Leadership" (Press release).
  15. Jackson Higgins, Kelly (June 25, 2018). "Intel Names Window Snyder as Chief Software Security Officer". DarkReading.
  16. Fisher, Doug. "The Cybersecurity Community Driving Insights into Security Solutions" (Press release).
  17. @window (April 22, 2021). "I started a company, Thistle Technologies. @thistlesec" (Tweet) via Twitter.
  18. Snyder, Window. "Next Generation Threats 2017". Techworld. Retrieved March 7, 2019.
  19. Snyder, Window. "HITBSecConf". Hack in the Box. Retrieved March 7, 2019.
  20. Snyder, Window. "O'Reilly Security Conference". O'Reilly. Retrieved March 7, 2019.
  21. Snyder, Window. "RSA Conference 2018". RSA Conference. Retrieved March 7, 2019.
  22. Snyder, Window. "Open Source Summit 2018". Linux Foundation. Retrieved March 7, 2019.
  23. "Cisco's Nather and Square's Snyder to keynote Women in Tech 2020". CITRIS and the Banatao Institute. 2020-01-21. Retrieved 2020-06-10.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.