OWASP 20th Anniversary Event

Hope isn’t a strategy. Likewise, perfection isn’t a plan. The systems we are responsible for are failing as a normal function of how they operate, whether we like it or not, whether we see it or not. Security chaos engineering is about increasing confidence that our security mechanisms are effective at performing under the conditions for which we designed them. Through continuous security experimentation, we become better prepared as an organization and reduce the likelihood of being caught off guard by unforeseen disruptions. Security Chaos Engineering serves as a foundation for developing a learning culture around how organizations build, operate, instrument, and secure their systems. The goal of these experiments is to move security in practice from subjective assessment into objective measurement. Chaos experiments allow security teams to reduce the “unknown unknowns” and replace “known unknowns” with information that can drive improvements to security posture. During this session Aaron Rinehart, the O’Reilly Author and pioneer behind Security Chaos Engineering will share how you can implement Security Chaos Engineering as a practice at your organization to proactively discover system weakness before they are an advantage of a malicious adversary. In this session Aaron will introduce a new concept known as Security Chaos Engineering and share some best practices and experiences in applying the emerging discipline to create highly secure, performant, and resilient distributed systems.