Large scale distributed systems have unpredictable and complex outcomes that are costly when security incidents occur. Security incident response today is mostly a reactive and chaotic exercise. Chaos engineering allows security incident response teams to proactively experiment on recurring incident patterns to derive new information about underlying factors that were previously unknown.
What if you could flip that scenario on its head? Chaos engineering advances the security incident response framework by reversing the postmortem and preparation phase. This is done by developing live fire exercises that can be measured and managed. Contrary to red team game days, chaos engineering doesn’t use threat actor tactics, techniques, and procedures. Instead it develops teams through unique configuration, cyberthreat, and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones.
Join Aaron Rinehart to explore the hidden costs of security incidents, learn a new technique for uncovering system weaknesses in systems security, and more. You’ll also get a glimpse of ChaoSlingr, an open source security chaos engineering tool built and deployed within a Fortune 5 company. Aaron explains how the tool helped his team discover that many of their security controls didn’t function as intended and how, as a result, they were able to proactively improve them before they caused any real problems.
Aaron Rinehart has been expanding the possibilities of chaos engineering in its application to other safety-critical portions of the domain, notably cybersecurity. He pioneered the application of security in chaos engineering during his tenure as the chief security architect at UnitedHealth Group (UHG), the largest private healthcare company in the world. While at UHG, Aaron released ChaoSlingr, one of the first open source tools focused on using chaos engineering in cybersecurity to build more resilient systems. A frequent author, consultant, and speaker, Aaron also recently founded the first chaos engineering meetup in Washington, DC.
Comments on this page are now closed.
For exhibition and sponsorship opportunities, email velocity@oreilly.com
For information on trade opportunities with O'Reilly conferences, email partners@oreilly.com
View a complete list of Velocity contacts
©2019, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • confreg@oreilly.com
Comments
the slides can be found at the link in the comment prior to this one. please reach out if you have any questions or want to chat more at aaron@verica.io or hit me up on LInkedIn or Twitter at @aaronrinehart
https://www.slideshare.net/rinehartas/velocity-2019-security-precognition-2019-slides-san-jose-2019