Name
Security Chaos Engineering - Turning the Tide in the War on Uncertainty in Cyber Security
Aaron Rinehart
Description

Hope isn’t a strategy. Likewise, perfection isn’t a plan. The systems we are responsible for are failing as a normal function of how they operate, whether we like it or not, whether we see it or not. Security chaos engineering is about increasing confidence that our security mechanisms are effective at performing under the conditions for which we designed them. Through continuous security experimentation, we become better prepared as an organization and reduce the likelihood of being caught off guard by unforeseen disruptions. Security Chaos Engineering serves as a foundation for developing a learning culture around how organizations build, operate, instrument, and secure their systems. The goal of these experiments is to move security in practice from subjective assessment into objective measurement. Chaos experiments allow security teams to reduce the “unknown unknowns” and replace “known unknowns” with information that can drive improvements to security posture. During this session Aaron Rinehart, the O’Reilly Author and pioneer behind Security Chaos Engineering will share how you can implement Security Chaos Engineering as a practice at your organization to proactively discover system weakness before they are an advantage of a malicious adversary.

In this session Aaron will introduce a new concept known as Security Chaos Engineering and share some best practices and experiences in applying the emerging discipline to create highly secure, performant, and resilient distributed systems.

Learning Objectives
Learn a new technique for uncovering system weaknesses in cyber security.
Realize the importance of recalibration and learning through proactive failure experimentation to improve distributed systems security
Gain insights and knowledge of an open-source tool for running Security Chaos experiments
How to apply Security based Chaos Engineering in a DevSecOps culture
How to get started realizing the value of Chaos Engineering for Cyber Security
Transform security incident response from a reactive “post-mortem” culture to a proactive “pre-mortem” practice through Chaos Engineering.
Track
Technical
Session Type
Talk