Chief Enterprise Security Architect
United Health Group
Modern Security looks completely different and there is a new playbook that changes how security exists from design, to operations, and all the way towards a shift in mindset from security testing to security experimentation. This talk breaks out three key areas: security chaos experimentation, adversity testing and operational instrumentation.
Chaos Engineering takes an approach to injecting controlled objective failure in complex systems. In this presentation, you will learn how to do this in real life from starting small with game day exercises, developing chaos experimentation, and eventually maturing into production level testing. After all, Production systems are always different that Stage. Your attacker is not going to be instrumenting your systems in Stage and neither should you. Aaron Rinehart, the innovation leader behind the Open Source Software tool, ChaoSlingr, will show you why this is important and how security automation and chaos experimentation can you help understand how your security really works.
Adversity Testing shifts security left and adds off-the-shelf attack tools to your CI/CD pipeline. This gets security testing moving in sync with software development and Aaron will cover both conceptual and pragmatic examples of accomplishing this in your organization.
Operational Instrumentation is not unfamiliar to modern engineering organizations, however in the area of security we hope to expose new types of monitoring that modern security teams are implementing. We will cover how this fits into a feedback loop from security to ops to dev and back again. This area is critical for achieving successful outcomes with modern security in distributed systems.
Security is changing and this talk gets you ready for what’s just around the corner.
•New Methods for Instrumenting Security
•Core differences in Security Testing & Security Experimentation
•How to Transform your Security Organization into a Learning Organization
•A broad understanding of Chaos Experimentation
•The Business Value of Security Chaos Engineering & Control Validation
•Exposure to a New Open Source Tool that uses this new method
•Ways to Think Differently about how we Build Security