Eventually, I wanted to branch out from the mathematics of security and learn more about the broader field\u2014security is so large and so interdisciplinary. So I did another master\u2019s in information security, which led to a Ph.D., which led to two internships at Mozilla. I\u2019d always been interested in the company, because I wholeheartedly agree with the principle\u2014also described in our manifesto<\/a>\u2014that user security and privacy is fundamental, not optional. Users deserve the best possible protection we can give them. I focused on security protocols during my internships, specifically the Transport Layer Security<\/a> protocol, then joined the team full-time as a security and privacy engineer in 2018.<\/p>\n Thyla at the Engineering and Physical Sciences Research Council<\/em> (EPSRC<\/em>) <\/span><\/p>\n photo credit: Dan Tsantilis<\/em> What are some projects the team is working on now?<\/b><\/p>\n One thing we\u2019ve been implementing is the new WebAuthn standard, which aims to standardize how users authenticate themselves to web services. WebAuthn relies on public-key cryptography rather than passwords, since passwords are both notoriously easy to guess and subject to phishing attacks.<\/p>\n We\u2019re also working on CRLite, which is a clever new technology that makes certificate revocation more efficient. It was designed in academia, and now we\u2019re working to translate it to Firefox. Eventually, it will help us get closer to what\u2019s known as a \u201cfail-closed\u201d paradigm. Most revocation mechanisms are \u201cfail-open,\u201d meaning your browser will go ahead even if it can\u2019t establish trust in the connection. At Mozilla, the entire mission is to create a web where people are safe, and trustworthy connections are a part of that. Security is central to everything we do.<\/p>\n How does Mozilla\u2019s team work with the broader cryptography community?<\/b><\/p>\n A lot of our collaboration happens through the SURF initiative, which stands for SecEng University Relationship Framework\u2060\u2014the CRLite project is a good example. SURF started a couple of years ago; a few of us on the Security Engineering team had been in PhD programs and were sitting on program committees and collaborating with research, but we started to think, \u201cThere\u2019s more we can do.\u201d So we decided to start hosting annual summits<\/a> where we could give talks to academic researchers about the open security problems we were facing, as a launchpad to partnering with them on projects that Mozilla alone wouldn\u2019t have the resources to tackle.<\/p>\n The members of SURF also serve on program committees for conferences and help supervise student projects, and we recently applied for a big research grant on high-assurance cryptography\u2060, which uses a variety of tools to help keep software free of bugs. It\u2019s been really rewarding so far, and I\u2019m interested to see how industry and academia can continue working together.<\/p>\n How do you see your role as a leader?<\/b><\/p>\n What I like about managing is giving my team a platform to do their best work\u2060\u2014helping them make significant security contributions to both Mozilla and the web. I also try to shine a light on what they\u2019re doing, because cryptography is like the plumbing of a browser; it\u2019s seen as mysterious and doesn\u2019t always get much visibility.<\/p>\n I\u2019m fortunate to work with a very talented, experienced team that I completely trust, but managing can still be a challenge just because there are so many responsibilities. One thing I\u2019ve personally had to adjust to is having less time to be technical and get my hands dirty. I think it\u2019s important for a manager to be conversant in the technical language a team is speaking\u2014last year, I took a Rust course because the team wanted to do more with it\u2060\u2014but I do have to balance that with everything else.<\/p>\n I try to keep things balanced for the team, too, in several ways. Maintenance is a core component of what we do, and there are weeks it takes over. But we\u2019re also keeping an eye on research and how standards are developing, talking with the CTO\u2019s office, and having our own conversations about how we can innovate. I also try to make sure our team members aren\u2019t overloaded. We get requests from all across Mozilla, and I\u2019m constantly asking about my team\u2019s workload so I can help defend their time. And I try to strike a balance in our hiring, as well. We have a lot of senior people, which is wonderful, but I do want to bring in more junior people, both so they can grow within the team and so our senior members can grow as mentors.<\/p>\n What are you excited about?<\/b><\/p>\n In terms of cryptography, there are a lot of new developments I\u2019m excited to see. Post-quantum cryptography\u2060, for example\u2060\u2014it will be very easy for quantum computers to solve the mathematical problems most public key cryptography is currently based on, so we\u2019re seeing a lot of exploration of solutions like lattice-based cryptography. The symmetric-key side will be less affected, but key lengths will still need to be much larger, to make sure they\u2019re computationally infeasible for a quantum computer to break. We\u2019ve started to do some research in these areas within Mozilla, and I\u2019m hopeful we can explore it even more through SURF.<\/p>\n We\u2019ve also brought on some new team members with very strong research backgrounds, and I\u2019m excited about how they can influence our direction. And I\u2019m excited, in general, about how our team can contribute to moving Mozilla forward. The company definitely recognizes that innovation is going to be critical in the months and years ahead, and I think we\u2019re at the beginning of a whole new phase.<\/p>\n ***<\/p>\n Does Thyla\u2019s work sound like your kind of challenge? Check out our open roles<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" Thyla van der Merwe\u2019s first goal is to keep users safe online. The cryptography engineering manager spent two summers interning at Mozilla before joining full time in 2018. Today, she … Read more<\/a><\/p>\n","protected":false},"author":144,"featured_media":351,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[327149,69,451108],"tags":[],"coauthors":[306191],"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/careers\/wp-json\/wp\/v2\/posts\/350"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/careers\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/careers\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/careers\/wp-json\/wp\/v2\/users\/144"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/careers\/wp-json\/wp\/v2\/comments?post=350"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/careers\/wp-json\/wp\/v2\/posts\/350\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/careers\/wp-json\/wp\/v2\/media\/351"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/careers\/wp-json\/wp\/v2\/media?parent=350"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/careers\/wp-json\/wp\/v2\/categories?post=350"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/careers\/wp-json\/wp\/v2\/tags?post=350"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/careers\/wp-json\/wp\/v2\/coauthors?post=350"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"Thyla](\"http:\/\/blog.mozilla.org\/careers\/files\/2020\/07\/EPSRC_Competition-600x399.jpg\")
<\/p>\n
\n<\/span><\/p>\n