Heather was hacked and the rest is history. 

An 18-year veteran of Google’s security team, Heather Adkins’ interest in security was sparked when the small ISP she worked for in college suffered a data breach. Her reaction to the incident wasn’t exactly typical:

“Most people when they get hacked, panic. There's a sense of fear, and a sense of unknowing. But I did not panic or have any fear—I was really excited! I felt very curious: I wanted to know how the attackers did this, how they managed to bypass our security. And I fell in love with the role.”

In our latest edition of Public Key, Google's director of information security discusses the details of incident detection and response—“the function of security that looks for hackers and kicks them out of the network,” why COVID-19 marks a turning point in her team’s approach to securing people working and learning from home, how medieval history informs her work, and the future of online security.

In asymmetric cryptography, a common system for encrypting data, there are two decryption tools, or “keys.” The first is a private key that only the user knows, and the other is a public key, which is safe to share with everyone. 

Public Key is also the name of a new series about our approach to security, across Google. From home offices everywhere, Googlers and academics share their thoughts about how product design, threats to high-risk users, research partnerships, medieval history (yup!) and more, contribute to the ways we protect people online. We want to make sure people aren’t just aware of our automatic protections, but understand the thinking behind them too. That’s always been the case, but at this particular moment in time, it’s especially important.

You can think of this series as a public key, for Google security…on the Keyword. For a peek at what we’ll be covering, watch our video above. And stay tuned for more over the coming weeks.

Security is usually invisible. More often than not, we just protect you automatically and you don’t need to lift a finger. But sometimes, we’ll notify you and suggest that you take action to better secure your information, like check your Account activity after we block a suspicious attempt to sign in. Whether the issue is critical or less serious, getting these notifications right—making sure they’re written clearly and presented in a simple and useful way—is really important. These alerts shouldn’t just keep you safe, but help you feel safe too. 

Over the years, we’ve made changes to our notifications that have had a big impact on people’s security. In 2015 for example, we started using Android alerts to notify people about critical issues with their Google Accounts, like a suspected hack. Compared to email, we saw a 20-fold increase in the number of people that engaged with these new notifications within an hour of receiving them.

Today we announced a new type of critical alert that will display within the Google app you’re using. So we thought it was a good time to dive a bit deeper into the thinking behind how we develop useful security notices. In this video, Jonathan Skelker, a product manager who specializes in alerts and notifications, and Niti Arora, a UX designer for Google security, discuss how we think about communicating with users in our products to help them feel safe.