Parisa Tabriz takes the stage as the keynote speaker at one of the year’s most attended cybersecurity events—the annual Black Hat Conference. Her hair, a bright magenta, stands out against her white, sleeveless dress amid a sea of black.
Just a few minutes into her talk she says—or rather declares, “Computer security is increasingly becoming the security of the world.”
It is a statement the audience of cybersecurity experts would be hard-pressed to refute. They are there to learn from Parisa and each other about where security weaknesses lie and how to combat them in order to protect users. Yet, as she concedes at the start of her presentation, it feels a bit like Whack-A-Mole. Yes, that arcade game: whack one mole only to see another emerge.
The onetime “security princess” now “browser boss”—job titles Parisa gave herself—has made a career of identifying software vulnerabilities that could be exploited within Google’s Chrome browser.
As director of engineering, the actual role she has at Google Chrome, Parisa manages two hundred people located throughout the world. A big part of their work is effectively trying to protect billions of Chrome platform users from nefarious online behavior. Parisa and her team of “hired hackers” have been at this never-ending undertaking for almost a decade, and the mission has never seemed more urgent.
“There’s the theoretical pieces of computer security that you can learn about in a classroom, and then there’s practice; the state of the art is always advancing, and today there are very motivated attackers,” says Parisa. “You can see from the last election or other high-profile security incidents that we need to consider sophisticated and well-funded adversaries, including other countries and their militaries as cybersecurity threats. Other countries, no doubt, consider the U.S. government or the NSA as that threat as well.”
However, that wasn’t the case when Parisa—who hails from the Chicago suburbs—was an undergraduate and then graduate student at Illinois in the early-to-mid-2000s.
“I got interested in web security at a time when it was considered lame and not really important,” Parisa recalls. “I joined the security club at the University of Illinois, and all the members were guys. They were interested in operating systems and network security, and that was seen as where “real hackers” would spend their attention—not as much on the web. At that time the web was not as central to people’s lives in terms of shopping and business and banking as it is today.”
Parisa credits her time spent with the Association for Computing Machinery, ACM, as “really the core” of her experience at Illinois. She joined Web Monkeys, a web development club and SigMIL, a computer security club. That was where she discovered her interest in the field, and where she got the chance to work on problems that she found meaningful and important, beyond just getting homework done. To this day, Parisa is close with those members of ACM, especially those that live and work near her in Silicon Valley.
“In some ways, it felt like I was part of a startup or organization that was not just a club, like I was part of something that was bigger than any one class. To me the bottoms-up, student-run events were what made Illinois really special,” she says.
When Parisa looks to hire someone at Chrome, she seeks out self-starting individuals who are driven and show passion for their work.
“I was an overachiever as a high school student and while grades are important, I think they’re overemphasized. What I think is more important is figuring out what you’re interested in and demonstrating your interest in doing those things,” she said. “I’m very happy to take concessions on grades if they have some work experience and they have some understanding of what they enjoy doing.”
Her one regret at Illinois, she admits, is not taking a psychology or sociology class. Much of her work at Google Chrome is communicating to users ways in which they can protect themselves. She has found, however, that encouraging people to adopt new behaviors has been challenging.
“I think I very much focused on technical and engineering classes and didn’t fully appreciate how much engineering is really about solving problems for society and humanity,” Parisa says. “You actually need to understand humanity and society to know what problems to solve and how to solve them.”
Parisa is among the most sought-after elite professionals in the cybersecurity world, and she is using her position to encourage more gender diversity within her field—which is still overwhelmingly male—through conferences and coding workshops for girls.
Her experiences have given her insight into the importance of building a team with varying expertise and perspectives to combat rapidly evolving cyber systems. She sees an interdisciplinary approach as essential to handling one of the most critical issues facing the world today.
“It’s become much more central to think about cybersecurity for critical infrastructure or national security. The risk and the cost are so much higher today than they’ve ever been.”