Skip to Content

What Snapchat Was Doing at Black Hat

Snapchat's mascot "Ghostface Chillah," the spy edition.Snapchat's mascot "Ghostface Chillah," the spy edition.
Snapchat's mascot "Ghostface Chillah," the spy edition.Courtesy of Snapchat

Tucked away among the booths in a far corner on the showroom floor at the Black Hat cybersecurity conference this year, one company’s signage—a ghostly silhouette on a vertically-oriented, lemon-hued banner—stood out like the sore thumb of an avid selfie-snapper: Snapchat.

Surprised, I asked my companion—Tomer Weingarten, CEO and cofounder of SentinelOne, a three-year-old cybersecurity startup that aims to supplant antivirus incumbents like Symantec (SYMC) and Intel (INTC) Security (née McAfee)—whether he wouldn’t mind pausing our interview while I moseyed over to investigate.

We ambled by people costumed as hokey superheroes at the Gemalto (GTOFF) booth, edged past a few neon green Nike-donning (NKE) women from Cylance (a fierce competitor to SentinelOne), and bellied up to the table. I nudged a bright-yellow, inflatable fitness ball bearing the Snapchat logo out of the way.

Get Data Sheet, Fortune’s technology newsletter.

“What’s Snapchat doing at Black Hat—hiring?” I inquired over a spread of cupcakes. The sugar wafers atop displayed “Ghostface Chillah,” the company’s mascot, blacked out.

“Yes we are!” the attendant said, leaping from his seat. Then he glanced down at my press badge.

“Nice try,” he corrected himself, assuming a jig-is-up-type grin. “Thanks for wearing your badge the right way.” He handed me a sheet formatted to the proportions of a smartphone screen that had more information, and told me to contact the communications team if I had any other questions.

The interaction was awkward; Weingarten agreed.

Here’s a picture of the handout I received. It also featured the undead Chillah, this time sporting wayfarers and a black fedora. Très hacker chic.

Job descriptions replete with infosec jargon on a hard-to-read black sheet courtesy of Snapchat
Courtesy of Snapchat

Initially, I was surprised to see the youthful consumer brand nestled among its more established peers in the exhibition area’s “career zone.” The booth sat beside Cisco (CSCO), Raytheon’s (RTN) Forcepoint, and PayPal (PYPL). Snapchat struck me as being out of place.

Snapchat’s appearance is not entirely shocking though. The company—last privately valued at $18 billion—has long billed itself as a security-conscious, privacy-minded alternative to other social networks. That’s despite the firm having suffered plenty of security snafus over the course of its short lifespan: a settlement with the Federal Trade Commission regarding not-exactly-ephemeral messages in 2014, a bug that exposed 4.6 million people’s usernames and phone numbers that same year, a third-party leak that released more than 90,000 private photos and videos online a few months later, and its recent victimization at the hands of W-2 tax form phishing scammers. Oh, and then there’s this one: A seeming operational security failure on the part of CEO Evan Spiegel, who wore some nifty prototype hardware outside the office. (Nice shades!)

With that said, the supersonically growing firm has evolved its security mindset over the years. The company rewrote its privacy policy, began issuing transparency reports, launched a bug bounty program, implemented anti-spam measures, and locked down its application programming interfaces so that third party app abusers could no longer spring leaks. Snapchat has done an admirable job hardening up. You can read about the company’s efforts in this story published last year on Backchannel, a tech blog recently acquired by Wired publisher Condé Nast.

For more on Snapchat, watch:

Still there’s room for improvement. Last I checked the messaging service did not employ end-to-end encryption, a feature that technically prevents outsiders—and the company itself—from snooping on one’s correspondence. This feature, which many security pros regard as a must-have, has gotten Facebook’s (FB) WhatsApp into trouble with law enforcement in Brazil lately. (Rumor has it Snapchat has toyed with the idea of deploying this kind of encryption, but no word yet on when or whether it’ll see daylight.) Snapchat has said, however, that it encrypts messages “at rest” on its servers and that it automatically deletes them after they’ve been opened or have expired. In other words, the company has the ability to access messages—as do cops with search warrants, or highly determined hackers—for a window of time that lasts anywhere from the moment of delivery up to as long as a month later. (More info on the company’s support page.)

Snapchat’s much bigger rival Facebook, for what it’s worth, always has feet on the ground at Black Hat and its sister hacking conference Defcon. Alex Stamos, the company’s security chief, is on Black Hat’s review board. Facebook sponsors r00tz asylum, a hacking event for children that runs concurrent with Defcon. The company has long touted its bug bounty program, hired hackers, and released open source software for the information security industry, such as osquery, an infrastructure checkup tool, and ThreatExchange, a social network for people to swap electronic attack and defense intel. It’s interesting to consider if—and how—Snapchat may attempt to build its name among the community of code crackers, too.

I’m told Snapchat employees visited Black Hat last year, albeit with less fanfare and baked goods SWAG. The company was a sponsor of an app security conference in Santa Monica, Calif. earlier this year, where Jad Boutros, an ex-Googler who serves as Snapchat’s director of information security, gave a talk that touched on how the company has armored up since the infamous “Snappening” breach of 2014. At this year’s Black Hat, Snapchat also apparently hosted a happy hour and a hacking contest, though I didn’t attend them. As far as I can tell, the company appears to be peeking outside its shell a bit more this year, popping its head into the information security world, much like Chillah in the top-right corner of the “jobs” sheet pictured above. Squint, and you’ll see.

Anyway, if you’re looking for an information security job, Snapchat’s got some. Perhaps you can at least help the company better protect its intellectual property. Looking at you, Instagram!