Build resilient systems at scale
28–30 October 2015 • Amsterdam, The Netherlands

Designing for security outcomes

Eleanor Saitta (Systems Structure Limited)
9:35–9:55 Friday, 30/10/2015
Location: Auditorium
Average rating: ***..
(3.44, 62 ratings)
Slides:   1-PDF 

Security is a property of human outcomes, not technical systems. Development teams have an increasing body of knowledge to draw on when thinking about the security of code, and increasingly even for the security of large, deployed systems. However, we’ve barely begun to think about how that knowledge changes security outcomes for humans. In many cases, teams ship systems without a clear understanding of what the humans that interact with them are trying to accomplish and what security means for those people’s goals. Let’s take a look at how security for humans affects the entire software development lifecycle, where it has the biggest impact, and some tools that can help teams get it right.

Photo of Eleanor Saitta

Eleanor Saitta

Systems Structure Limited

Eleanor Saitta is a security consultant specializing in architectural security for large-scale systems, integrating security into the development life-cycle, and cross-domain security for news organizations and NGOs targeted by nation states. Eleanor is a cofounder and developer for Trike, an open source threat-modeling methodology and tool, contributes to the Briar and Mailpile secure messaging projects, and is a frequent speaker.