TheBridge profile: Mark Risher
Name: Mark Risher
Current city: San Francisco, CA
Current job: Senior Director of Product Management, Security and Privacy, at Google
Past job: CEO and Founder of Impermium
Q. Favorite spot for a coffee meeting? I know it’s shocking in San Francisco, land of $5 single-origin pour-overs, but I’m actually happy with almost anywhere
Q. Describe how a skill you learned in a previous job helped you in your current job. Active listening. Technology can be so complex — and security even more so — that our users and customers often can’t describe exactly what they want. I try to suss out our users’ underlying motivations so I can represent them to our team back in the office and vice versa.
Q. Job advice in three words? Always be helpful
Q. How are you (or Google) currently bridging the gap between politics and tech / innovation and regulation? We’ve focused on bringing the best security to all our users, but realize that many in the political and regulatory world may have outsized risks. Defending against targeted cyber attacks requires state-of-the-art defenses, but many vulnerable groups — like journalists, policymakers, and political staff — aren’t fully aware of their threat model, and may even be following outdated security guidelines. Google designed the Advanced Protection Program to bundle our strongest security offerings into a single package, but unfortunately, complex government procurement and ethics regulations have made it difficult to roll this out in bulk to these high-risk groups.
Q. What can innovators teach regulators? Tech companies know that security solutions need to be designed as part of a product, not bolted on afterwards, so that they can evolve to keep pace with emerging threats. When regulations mandate a specific solution to a security danger — such as requiring a particular flavor of authentication or forced password rotations — it can become outdated or even provide a false sense of security. At Google, we’ve invested in making our products secure by default, and giving product teams the flexibility to choose the appropriate measures for their specific use case. For example, Advanced Protection was designed to take a fresh look at account security, providing our strongest security without the traditional usability headaches of complicated passwords and session timeouts.
Q. What can regulators teach innovators? The lesson Silicon Valley can learn from DC is that sometimes problems can’t be fixed purely by writing code, and require detailed discussion with experts representing many broad perspectives. Combating our common security and privacy threats would benefit everyone, and DC can create an environment where practitioners of all stripes can collaborate on these shared problems.
Q. Looking back, what advice would you give yourself in the beginning of your career? Don’t worry about your title or role, just find opportunities to work on important problems with people you love being around. I’ve made terrible missteps chasing a sexy project, and learned so much from random projects that just fell into my lap.
Q. Most underrated virtue in an employee? Radical candor. As a manager, it can be really difficult to know what your team members think, and many are reluctant to give critical feedback to a boss. I always appreciate when employees are able to point out my mistakes, and would be sad to learn someone was just going with the flow to avoid hurting my feelings.
Q. Last time you were completely unplugged? During the ten minutes between taking off on this flight and reaching the altitude where they switched on WiFi. Oh, wait, I was reading an e-book; does that still count?
Mark’s profile was featured in #TheBridgeUpdate. Enjoying TheBridge Profiles? Sign up for TheBridge Updates and never miss a profile!