Build resilient systems at scale
28–30 October 2015 • Amsterdam, The Netherlands

Designing for security outcomes

Eleanor Saitta (Systems Structure Limited)
9:35–9:55 Friday, 30/10/2015
Keynote
Location: Auditorium
Average rating: ***..
(3.44, 62 ratings)
Slides:   1-PDF 

Security is a property of human outcomes, not technical systems. Development teams have an increasing body of knowledge to draw on when thinking about the security of code, and increasingly even for the security of large, deployed systems. However, we’ve barely begun to think about how that knowledge changes security outcomes for humans. In many cases, teams ship systems without a clear understanding of what the humans that interact with them are trying to accomplish and what security means for those people’s goals. Let’s take a look at how security for humans affects the entire software development lifecycle, where it has the biggest impact, and some tools that can help teams get it right.

Photo of Eleanor Saitta

Eleanor Saitta

Systems Structure Limited

Eleanor Saitta leads Systems Structure Ltd, a security architecture and strategy consultancy with media, finance, healthcare, infrastructure, and software clients across the US and Europe. She has worked in security for 16 years, covering everything from core security engineering and architecture work for Fortune 50 software firms to cross-domain security for news organizations and NGOs targeted by nation states.

She is a co-founder and developer for Trike (http://octotrike.org/), an open source threat modeling methodology and tool which partially automates the art of security analysis, and has contributed to the Briar
(https://briarproject.org) and Mailpile (https://mailpile.is) secure messaging projects. She is also a regular speaker at industry conferences; past venues include O’Reilly Velocity, KiwiCon, ToorCon, CCC, Hack in The Box, and HOPE, among others. You can find her on twitter as @dymaxion, and at https://dymaxion.org. SSL lives at https://structures.systems.