Build resilient systems at scale
28–30 October 2015 • Amsterdam, The Netherlands

Designing for security outcomes

Eleanor Saitta (Systems Structure Ltd.)
9:35–9:55 Friday, 30/10/2015
Location: Auditorium
Average rating: ***..
(3.44, 62 ratings)
Slides:   1-PDF 

Security is a property of human outcomes, not technical systems. Development teams have an increasing body of knowledge to draw on when thinking about the security of code, and increasingly even for the security of large, deployed systems. However, we’ve barely begun to think about how that knowledge changes security outcomes for humans. In many cases, teams ship systems without a clear understanding of what the humans that interact with them are trying to accomplish and what security means for those people’s goals. Let’s take a look at how security for humans affects the entire software development lifecycle, where it has the biggest impact, and some tools that can help teams get it right.

Photo of Eleanor Saitta

Eleanor Saitta

Systems Structure Ltd.

Eleanor Saitta is a practice lead at Systems Structure Ltd, a security architecture and strategy consultancy with media, finance, healthcare, infrastructure, and software clients across the US and Europe. She’s worked in security for 16 years, covering everything from core security engineering and architecture work for Fortune 50 software firms to cross-domain security for news organizations and NGOs targeted by nation states. She’s a cofounder and developer for Trike, an open source threat modeling methodology and tool that partially automates the art of security analysis, and has contributed to the Briar and Mailpile secure messaging projects. She’s also a regular speaker at industry conferences; past venues include the O’Reilly Velocity Conference, Kiwicon, ToorCon, CCC, Hack In The Box, and HOPE, among others. You can find her on twitter as @dymaxion and at SSL lives at