Parisa Tabriz calls herself Google's "Security Princess." No, really--that's the title on her business card. And what duties, you might be wondering, come along with such a grand and cheeky title? This particular princess heads a 27-person team of Google engineers who build and protect Chrome, the world's most-used web browser. As a "white hat" hacker, meaning she is on the law-abiding side of the spectrum of tinkerers and technologists, Tabriz has all the skills to break into software and systems but has the moral compass to put them together and make them better.
She is tasked with protecting Chrome's more than 750 million users from "black hat" hackers--nation states, groups, or individuals--who find and exploit vulnerabilities to steal data or sell those vulnerabilities to other criminals for a big pay day. Her Google Chrome security team sounds straight out of the 1995 movie Hackers, but she says the only similarities are the fact that she wears a lot of black and neon and works on big monitors. For the most part, Tabriz says her team writes code to build features into the browser, builds the security technology, fixes holes and bugs, and sends out fixes to users.
When you think about how much data a Google product like Chrome collects, and how potentially valuable that data is to nefarious cybercriminals (and certain governmental agencies--thank you Edward Snowden), you start to realize the high stakes involved in the work Tabriz and her team perform. Her staff, which is spread across seven offices around the world, is constantly working with security researchers to sniff out bugs and vulnerabilities. When one comes in, it's all hands on deck and they find out what's at risk, how serious the threat is, and fix it.
As a woman working within the Silicon Valley establishment in security, she is used to being a minority. Google's demographics, which the company released in 2014, are a sad sight: 70 percent of Google's 50,000 employees are male. Almost all of the company's U.S. employees, 91 percent, are either white or Asian. Google's leadership positions are 79 percent male and 72 percent white. Tabriz, who didn't start studying computer security until college in Illinois, says the lack of diversity is an opportunity. "It is a good time to be a woman in tech because there's such a big discussion about it," she tells Inc. She says it is important for more women to pursue technology jobs, but at the end of the day, she just wants to do her job and it not be a big deal. "One day, I hope soon, my gender will not be such a topic of discussion."
Inc. spoke with Tabriz about what she's learned leading one of Google's most critical teams. Here's what the Security Princess has to say.
Just let your people work.
The idea behind Tabriz's approach to leadership is simple. It's all about building a solid team and then letting them work. "A huge part of my leadership style is this: Hire the best people, hire really smart people, and make sure they are working on hard problems, have what they need to be successful, and just get out of the way," she says. "I have never been accused of being a micromanager. I think that I support my team, recognize their achievements, and shed light on them and make sure they are working on hard problems and pursue what they're interested in."
Hire for motivation.
Hiring in the world of computer security is a distinct skill. Tabriz and her team must constantly work with outside contractors and the wider community of hackers to find vulnerabilities. Google's Vulnerability Rewards Program will pay a researcher tens of thousands of dollars for finding a seriously threatening bug. But that kind of bounty also attracts seedier characters who try to blackmail the company, Tabriz says, although they are never successful. "We don't negotiate" with cybercriminals, she says.
When it comes to hiring the right engineer, Tabriz has to navigate all the different shades of hackers. "I want people who know how to break software, are truly passionate about finding vulnerabilities, and understand how to use exploits but are highly motivated to fix it and make it better," she says. This is difficult: "Certainly based on your ethics and motivations, there are places where you can make more money with this knowledge. If you can find vulnerabilities, you can sell them to interested parties for hundreds of thousands of dollars." She says to separate a black hat from a white hat comes down to the inexact science of trying to understand someone's ethics. "It's a huge consideration I think about while building my team as a leader. I work hard to really understand someone's incentives to do this because the whole business lies on the users trusting us," she says. "Protection of this data is paramount."
When mistakes happen, embrace the hacker mindset.
Chrome has millions of lines of security-critical code, which many engineers all over the world are working on, Tabriz says. It sounds like things can get chaotic, unless you're comfortable with mistakes. "We recognize that mistakes are going to happen, we're human," she says. "There will be bugs, there will be flaws, and that's why you don't want security to rest on one technology." Accepting mistakes is not easy for most leaders, but Tabriz says that's the hacker way. "The hacker mindset is that there will be mistakes, so you test assumptions," she says. Her definition of hacker is trying to use software or a system in an unintended way. "I don't think the term assumes any malice. It's driven by curiosity--the quest for knowledge and doing things the original designers didn't intend," she says.
It's never too late to try something new.
Tabriz did not grow up hacking systems on the family computer. She didn't even start studying computer security until college. Her advice to women is simple: You don't have to be a brainiac out-of-the-womb, you don't have to strive to have it all, and you shouldn't feel pressured by society to fit into an antiquated role.
"Never be afraid to try something brand new and be bad at it. Ask for help, and be prepared to put in a lot of work. That's how anyone learns anything new, and for some reason, that becomes harder as we get older, and we feel more pressure to, 'have it all figured out,'" Tabriz says. "I think if you optimize for challenging work that you enjoy and think is important, and just change something when you're not enjoying it anymore, you'll end up in a good spot."