Security Experts:

Apple Hires Former Microsoft Security Guru Kristin Paget

Before arriving at Apple this fall, Kristin Paget used to break things at Microsoft. Now, her job will be to help secure Mac OS X for Apple, as the company that was once blasé about security starts to take things seriously. Paget’s LinkedIn profile lists her as working at Apple since September 2012 as a “Core OS Security Researcher”.

Paget is linked to a rather impressive story regarding the release of Windows Vista in 2007. She is part of a team responsible for it being pushed back from initial release. When Microsoft asked Paget’s team at the time to check the code for bugs, they were confident that it was clean. Turns out they were wrong, and the release was halted so that the issues could be fixed.

Fast-forward a bit, and Paget landed as chief hacker at Recursion Ventures, a security consultancy based in New York. As it turns out, it wasn’t long before new options opened up and she arrived at Apple.

The move is a wise decision for Apple. It’s amazing that this job didn’t come sooner, given her presentation in 2010 at Black Hat, where she cloned GSM base stations in order to demonstrate low-budget interceptions. As it is, Apple has been hiring security talent for a few years now. Paget’s work with hardware is sure to be an asset for a company that owns the market on consumer mobile electronics.

The Cupertino, California tech titan made another big move on the security front earlier this year when it paid more than $350 million to acquire AuthenTec, a provider of mobile and network security technologies including biometric fingerprint sensors and encryption technology.

Given the attention being paid to the security of “BYOD” and the fact that Apple has become a viable target for malware peddlers, Paget likely has her work cut out for her. It’ll be interesting to see what’s next for Apple – maybe their talks at security conferences will get a bit more interesting and relevant.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.