�ݺ�ߣshows by User: rinehartas

�ݺ�ߣshows by User: rinehartas / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: rinehartas / Wed, 26 May 2021 17:30:44 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: rinehartas RSA 2021 Navigating the Unknowable: Resilience through Security Chaos Engineering /slideshow/rsa-2021-navigating-the-unknowable-resilience-through-security-chaos-engineering-248576348/248576348 dso-r04navigatingtheunknowableresiliencethroughsecuritychaosengineering-210526173045
RSA 2021 Session on Security Chaos Engineering.]]>
RSA 2021 Session on Security Chaos Engineering.]]> Wed, 26 May 2021 17:30:44 GMT /slideshow/rsa-2021-navigating-the-unknowable-resilience-through-security-chaos-engineering-248576348/248576348 rinehartas@slideshare.net(rinehartas) RSA 2021 Navigating the Unknowable: Resilience through Security Chaos Engineering rinehartas RSA 2021 Session on Security Chaos Engineering. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/dso-r04navigatingtheunknowableresiliencethroughsecuritychaosengineering-210526173045-thumbnail.jpg?width=120&height=120&fit=bounds" /> RSA 2021 Session on Security Chaos Engineering.

RSA 2021 Navigating the Unknowable: Resilience through Security Chaos Engineering from Aaron Rinehart

]]> 165 0 https://cdn.slidesharecdn.com/ss_thumbnails/dso-r04navigatingtheunknowableresiliencethroughsecuritychaosengineering-210526173045-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing Cyber Security in Healthcare /slideshow/healthcondx-virtual-summit-2021-how-security-chaos-engineering-is-changing-cyber-security-in-healthcare/246155466 healthcondx2021-scetrimmed-210413155147
The complex ordeal of delivering secure and reliable software in Healthcare will continue to become exponentially more difficult unless we begin approaching the craft differently. Enter Chaos Engineering, but now also for security. Instead of a focus on resilience against service disruptions, the focus is to identify the truth behind our current state security and determine what “normal” operations actually look like when it's put to the test. The speed, scale, and complex operations within modern systems make them tremendously difficult for humans to mentally model their behavior. Security Chaos Engineering is an emerging practice that is helping engineers and security professionals realign the actual state of operational security and build confidence that it works the way it was intended to. Join Aaron Rinehart to learn how he implemented Security Chaos Engineering as a practice at the world’s largest healthcare company to proactively discover system weakness before they were taken advantage of by malicious adversaries. In this session Aaron will share his experience of applying Security Chaos Engineering to create highly secure, performant, and resilient distributed systems.]]>
The complex ordeal of delivering secure and reliable software in Healthcare will continue to become exponentially more difficult unless we begin approaching the craft differently. Enter Chaos Engineering, but now also for security. Instead of a focus on resilience against service disruptions, the focus is to identify the truth behind our current state security and determine what “normal” operations actually look like when it's put to the test. The speed, scale, and complex operations within modern systems make them tremendously difficult for humans to mentally model their behavior. Security Chaos Engineering is an emerging practice that is helping engineers and security professionals realign the actual state of operational security and build confidence that it works the way it was intended to. Join Aaron Rinehart to learn how he implemented Security Chaos Engineering as a practice at the world’s largest healthcare company to proactively discover system weakness before they were taken advantage of by malicious adversaries. In this session Aaron will share his experience of applying Security Chaos Engineering to create highly secure, performant, and resilient distributed systems.]]> Tue, 13 Apr 2021 15:51:46 GMT /slideshow/healthcondx-virtual-summit-2021-how-security-chaos-engineering-is-changing-cyber-security-in-healthcare/246155466 rinehartas@slideshare.net(rinehartas) HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing Cyber Security in Healthcare rinehartas The complex ordeal of delivering secure and reliable software in Healthcare will continue to become exponentially more difficult unless we begin approaching the craft differently. Enter Chaos Engineering, but now also for security. Instead of a focus on resilience against service disruptions, the focus is to identify the truth behind our current state security and determine what “normal” operations actually look like when it's put to the test. The speed, scale, and complex operations within modern systems make them tremendously difficult for humans to mentally model their behavior. Security Chaos Engineering is an emerging practice that is helping engineers and security professionals realign the actual state of operational security and build confidence that it works the way it was intended to. Join Aaron Rinehart to learn how he implemented Security Chaos Engineering as a practice at the world’s largest healthcare company to proactively discover system weakness before they were taken advantage of by malicious adversaries. In this session Aaron will share his experience of applying Security Chaos Engineering to create highly secure, performant, and resilient distributed systems. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/healthcondx2021-scetrimmed-210413155147-thumbnail.jpg?width=120&height=120&fit=bounds" /> The complex ordeal of delivering secure and reliable software in Healthcare will continue to become exponentially more difficult unless we begin approaching the craft differently. Enter Chaos Engineering, but now also for security. Instead of a focus on resilience against service disruptions, the focus is to identify the truth behind our current state security and determine what “normal” operations actually look like when it's put to the test. The speed, scale, and complex operations within modern systems make them tremendously difficult for humans to mentally model their behavior. Security Chaos Engineering is an emerging practice that is helping engineers and security professionals realign the actual state of operational security and build confidence that it works the way it was intended to. Join Aaron Rinehart to learn how he implemented Security Chaos Engineering as a practice at the world’s largest healthcare company to proactively discover system weakness before they were taken advantage of by malicious adversaries. In this session Aaron will share his experience of applying Security Chaos Engineering to create highly secure, performant, and resilient distributed systems.

HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing Cyber Security in Healthcare from Aaron Rinehart

]]> 47 0 https://cdn.slidesharecdn.com/ss_thumbnails/healthcondx2021-scetrimmed-210413155147-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering /slideshow/rsac-365-2021-virtual-summit-spotlite-presentation-on-security-chaos-engineering/241245216 rsac365virtualsummitsecuritychaosengineering-210112162757
Navigating the Unknowable: Resilience through Security Chaos Engineering When applied to Cyber Security, Chaos Engineering is advancing our ability to reveal objective information about the effectiveness of operational security measures proactively through empirical experimentation. In this session we will introduce the core concepts behind this new technique and how you can get started in building and applying it.]]>
Navigating the Unknowable: Resilience through Security Chaos Engineering When applied to Cyber Security, Chaos Engineering is advancing our ability to reveal objective information about the effectiveness of operational security measures proactively through empirical experimentation. In this session we will introduce the core concepts behind this new technique and how you can get started in building and applying it.]]> Tue, 12 Jan 2021 16:27:57 GMT /slideshow/rsac-365-2021-virtual-summit-spotlite-presentation-on-security-chaos-engineering/241245216 rinehartas@slideshare.net(rinehartas) RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering rinehartas Navigating the Unknowable: Resilience through Security Chaos Engineering When applied to Cyber Security, Chaos Engineering is advancing our ability to reveal objective information about the effectiveness of operational security measures proactively through empirical experimentation. In this session we will introduce the core concepts behind this new technique and how you can get started in building and applying it. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/rsac365virtualsummitsecuritychaosengineering-210112162757-thumbnail.jpg?width=120&height=120&fit=bounds" /> Navigating the Unknowable: Resilience through Security Chaos Engineering When applied to Cyber Security, Chaos Engineering is advancing our ability to reveal objective information about the effectiveness of operational security measures proactively through empirical experimentation. In this session we will introduce the core concepts behind this new technique and how you can get started in building and applying it.

RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering from Aaron Rinehart

]]> 52 0 https://cdn.slidesharecdn.com/ss_thumbnails/rsac365virtualsummitsecuritychaosengineering-210112162757-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 DevSecOps Days Istanbul 2020 Security Chaos Engineering /slideshow/devsecops-days-istanbul-2020-security-chaos-engineering/239920914 devsecopsdaysistanbul-securitychaosengineeringsh-201209131810
DevSecOps Days Istanbul 2020 Security Chaos Engineering]]>
DevSecOps Days Istanbul 2020 Security Chaos Engineering]]> Wed, 09 Dec 2020 13:18:10 GMT /slideshow/devsecops-days-istanbul-2020-security-chaos-engineering/239920914 rinehartas@slideshare.net(rinehartas) DevSecOps Days Istanbul 2020 Security Chaos Engineering rinehartas DevSecOps Days Istanbul 2020 Security Chaos Engineering <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/devsecopsdaysistanbul-securitychaosengineeringsh-201209131810-thumbnail.jpg?width=120&height=120&fit=bounds" /> DevSecOps Days Istanbul 2020 Security Chaos Engineering

DevSecOps Days Istanbul 2020 Security Chaos Engineering from Aaron Rinehart

]]> 62 0 https://cdn.slidesharecdn.com/ss_thumbnails/devsecopsdaysistanbul-securitychaosengineeringsh-201209131810-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 AllDayDevOps 2020 Aaron Rinehart Security Differently /slideshow/alldaydevops-2020-aaron-rinehart-security-differently/239224250 aaronaddo2020-201112181316
The reactionary state of the industry means that we quickly identify the ‘root cause’ in terms of ‘human-error’ as an object to attribute and shift blame. Hindsight bias often confuses our personal narrative with truth, which is an objective fact that we as investigators can never fully know. The poor state of self-reflection, human factors knowledge, and the nature of resource constraints further incentivize this vicious pattern. This approach results in unnecessary and unhelpful assignment of blame, isolation of the engineers involved, and ultimately a culture of fear throughout the organization. Mistakes will always happen. Rather than failing fast and encouraging experimentation, the traditional process often discourages creativity and kills innovation. As an alternative to simply reacting to failures, the security industry has been overlooking valuable chances to further understand and nurture ‘accidents’ or ‘mistakes’ as opportunities to proactively strengthen system resilience. Expose the failures, build resilient systems, and develop an "Applied security" model to minimize the impact of failures. In this session we will cover discuss the role of ‘human-error’, root cause, and resilience engineering in our industry and how we can use new techniques such as Chaos Engineering to make a difference. Security focused Chaos Engineering proposes that the only way to understand this uncertainty is to confront it objectively by introducing controlled signals. During this session we will cover some key concepts in Safety & Resilience Engineering work based on Sydney Dekker’s 30 years of research into airline accident investigations and how new techniques such as Chaos Engineering are making a difference in improving our ability to learn from incidents proactively before they become destructive]]>
The reactionary state of the industry means that we quickly identify the ‘root cause’ in terms of ‘human-error’ as an object to attribute and shift blame. Hindsight bias often confuses our personal narrative with truth, which is an objective fact that we as investigators can never fully know. The poor state of self-reflection, human factors knowledge, and the nature of resource constraints further incentivize this vicious pattern. This approach results in unnecessary and unhelpful assignment of blame, isolation of the engineers involved, and ultimately a culture of fear throughout the organization. Mistakes will always happen. Rather than failing fast and encouraging experimentation, the traditional process often discourages creativity and kills innovation. As an alternative to simply reacting to failures, the security industry has been overlooking valuable chances to further understand and nurture ‘accidents’ or ‘mistakes’ as opportunities to proactively strengthen system resilience. Expose the failures, build resilient systems, and develop an "Applied security" model to minimize the impact of failures. In this session we will cover discuss the role of ‘human-error’, root cause, and resilience engineering in our industry and how we can use new techniques such as Chaos Engineering to make a difference. Security focused Chaos Engineering proposes that the only way to understand this uncertainty is to confront it objectively by introducing controlled signals. During this session we will cover some key concepts in Safety & Resilience Engineering work based on Sydney Dekker’s 30 years of research into airline accident investigations and how new techniques such as Chaos Engineering are making a difference in improving our ability to learn from incidents proactively before they become destructive]]> Thu, 12 Nov 2020 18:13:15 GMT /slideshow/alldaydevops-2020-aaron-rinehart-security-differently/239224250 rinehartas@slideshare.net(rinehartas) AllDayDevOps 2020 Aaron Rinehart Security Differently rinehartas The reactionary state of the industry means that we quickly identify the ‘root cause’ in terms of ‘human-error’ as an object to attribute and shift blame. Hindsight bias often confuses our personal narrative with truth, which is an objective fact that we as investigators can never fully know. The poor state of self-reflection, human factors knowledge, and the nature of resource constraints further incentivize this vicious pattern. This approach results in unnecessary and unhelpful assignment of blame, isolation of the engineers involved, and ultimately a culture of fear throughout the organization. Mistakes will always happen. Rather than failing fast and encouraging experimentation, the traditional process often discourages creativity and kills innovation. As an alternative to simply reacting to failures, the security industry has been overlooking valuable chances to further understand and nurture ‘accidents’ or ‘mistakes’ as opportunities to proactively strengthen system resilience. Expose the failures, build resilient systems, and develop an "Applied security" model to minimize the impact of failures. In this session we will cover discuss the role of ‘human-error’, root cause, and resilience engineering in our industry and how we can use new techniques such as Chaos Engineering to make a difference. Security focused Chaos Engineering proposes that the only way to understand this uncertainty is to confront it objectively by introducing controlled signals. During this session we will cover some key concepts in Safety & Resilience Engineering work based on Sydney Dekker’s 30 years of research into airline accident investigations and how new techniques such as Chaos Engineering are making a difference in improving our ability to learn from incidents proactively before they become destructive <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/aaronaddo2020-201112181316-thumbnail.jpg?width=120&height=120&fit=bounds" /> The reactionary state of the industry means that we quickly identify the ‘root cause’ in terms of ‘human-error’ as an object to attribute and shift blame. Hindsight bias often confuses our personal narrative with truth, which is an objective fact that we as investigators can never fully know. The poor state of self-reflection, human factors knowledge, and the nature of resource constraints further incentivize this vicious pattern. This approach results in unnecessary and unhelpful assignment of blame, isolation of the engineers involved, and ultimately a culture of fear throughout the organization. Mistakes will always happen. Rather than failing fast and encouraging experimentation, the traditional process often discourages creativity and kills innovation. As an alternative to simply reacting to failures, the security industry has been overlooking valuable chances to further understand and nurture ‘accidents’ or ‘mistakes’ as opportunities to proactively strengthen system resilience. Expose the failures, build resilient systems, and develop an "Applied security" model to minimize the impact of failures. In this session we will cover discuss the role of ‘human-error’, root cause, and resilience engineering in our industry and how we can use new techniques such as Chaos Engineering to make a difference. Security focused Chaos Engineering proposes that the only way to understand this uncertainty is to confront it objectively by introducing controlled signals. During this session we will cover some key concepts in Safety & Resilience Engineering work based on Sydney Dekker’s 30 years of research into airline accident investigations and how new techniques such as Chaos Engineering are making a difference in improving our ability to learn from incidents proactively before they become destructive

AllDayDevOps 2020 Aaron Rinehart Security Differently from Aaron Rinehart

]]> 95 0 https://cdn.slidesharecdn.com/ss_thumbnails/aaronaddo2020-201112181316-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Conf42-SRE - 2020 - "Applied Security: Crafting Secure and Resilient Distributed Systems using Chaos Engineering" /slideshow/conf42sre-2020-applied-security-crafting-secure-and-resilient-distributed-systems-using-chaos-engineering/237398058 conf42-sre-appliedsecurity-chaosengineeringcopy-200730090641
Applied Security: Crafting Secure and Resilient Distributed Systems using Chaos Engineering CO-TALK BY AARON RINEHART, CTO @ VERICA & JAMIE DICKEN, MANAGER OF SECURITY ENGINEERING @ CARDINAL HEALTH Modern systems pose a number of thorny challenges and securing the transformation from legacy monolithic systems to distributed systems demands a change in mindset and engineering toolkit. The security engineering toolkit is unfortunately out-of-style and outdated with today's approach to building, security and operating distributed systems. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. Security Chaos Engineering helps teams realign the actual state of operational security as well as build confidence that their security actually works the way we think it does. Join Jamie Dicken and Aaron Rinehart to learn about how they implemented Security Chaos Engineering as a practice at their organizations to proactively discover system weakness before they were taken advantage of by malicious adversaries.In this session Jamie and Aaron will introduce a new concept known as Security Chaos Engineering and share their experiences in applying Security Chaos Engineering to create highly secure, performant, and resilient distributed systems.]]>
Applied Security: Crafting Secure and Resilient Distributed Systems using Chaos Engineering CO-TALK BY AARON RINEHART, CTO @ VERICA & JAMIE DICKEN, MANAGER OF SECURITY ENGINEERING @ CARDINAL HEALTH Modern systems pose a number of thorny challenges and securing the transformation from legacy monolithic systems to distributed systems demands a change in mindset and engineering toolkit. The security engineering toolkit is unfortunately out-of-style and outdated with today's approach to building, security and operating distributed systems. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. Security Chaos Engineering helps teams realign the actual state of operational security as well as build confidence that their security actually works the way we think it does. Join Jamie Dicken and Aaron Rinehart to learn about how they implemented Security Chaos Engineering as a practice at their organizations to proactively discover system weakness before they were taken advantage of by malicious adversaries.In this session Jamie and Aaron will introduce a new concept known as Security Chaos Engineering and share their experiences in applying Security Chaos Engineering to create highly secure, performant, and resilient distributed systems.]]> Thu, 30 Jul 2020 09:06:41 GMT /slideshow/conf42sre-2020-applied-security-crafting-secure-and-resilient-distributed-systems-using-chaos-engineering/237398058 rinehartas@slideshare.net(rinehartas) Conf42-SRE - 2020 - "Applied Security: Crafting Secure and Resilient Distributed Systems using Chaos Engineering" rinehartas Applied Security: Crafting Secure and Resilient Distributed Systems using Chaos Engineering CO-TALK BY AARON RINEHART, CTO @ VERICA & JAMIE DICKEN, MANAGER OF SECURITY ENGINEERING @ CARDINAL HEALTH Modern systems pose a number of thorny challenges and securing the transformation from legacy monolithic systems to distributed systems demands a change in mindset and engineering toolkit. The security engineering toolkit is unfortunately out-of-style and outdated with today's approach to building, security and operating distributed systems. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. Security Chaos Engineering helps teams realign the actual state of operational security as well as build confidence that their security actually works the way we think it does. Join Jamie Dicken and Aaron Rinehart to learn about how they implemented Security Chaos Engineering as a practice at their organizations to proactively discover system weakness before they were taken advantage of by malicious adversaries.In this session Jamie and Aaron will introduce a new concept known as Security Chaos Engineering and share their experiences in applying Security Chaos Engineering to create highly secure, performant, and resilient distributed systems. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/conf42-sre-appliedsecurity-chaosengineeringcopy-200730090641-thumbnail.jpg?width=120&height=120&fit=bounds" /> Applied Security: Crafting Secure and Resilient Distributed Systems using Chaos Engineering CO-TALK BY AARON RINEHART, CTO @ VERICA & JAMIE DICKEN, MANAGER OF SECURITY ENGINEERING @ CARDINAL HEALTH Modern systems pose a number of thorny challenges and securing the transformation from legacy monolithic systems to distributed systems demands a change in mindset and engineering toolkit. The security engineering toolkit is unfortunately out-of-style and outdated with today's approach to building, security and operating distributed systems. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. Security Chaos Engineering helps teams realign the actual state of operational security as well as build confidence that their security actually works the way we think it does. Join Jamie Dicken and Aaron Rinehart to learn about how they implemented Security Chaos Engineering as a practice at their organizations to proactively discover system weakness before they were taken advantage of by malicious adversaries.In this session Jamie and Aaron will introduce a new concept known as Security Chaos Engineering and share their experiences in applying Security Chaos Engineering to create highly secure, performant, and resilient distributed systems.

Conf42-SRE - 2020 - "Applied Security: Crafting Secure and Resilient Distributed Systems using Chaos Engineering" from Aaron Rinehart

]]> 378 0 https://cdn.slidesharecdn.com/ss_thumbnails/conf42-sre-appliedsecurity-chaosengineeringcopy-200730090641-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 ADDO - Navigating the DevSecOps App-ocalypse 2020 /slideshow/addo-navigating-the-devsecops-appocalypse-2020/232196766 addospringeditionscesession04152020-200417191346
The speed and scale of complex system operations within cloud-driven architectures make them extremely difficult for humans to mentally model their behavior. This often results in unpredictable and catastrophic outcomes that become costly when unexpected security incidents occur. There is a need to realign the actual state of operational security measures in order to maintain an acceptable level of confidence that our security actually works when we need it to. As an alternative to simply reacting to failures, the security industry has been overlooking valuable chances to further understand and nurture ‘accidents’ or ‘mistakes’ as opportunities to proactively strengthen system resilience. Chaos Engineering allows us to proactively expose the failures, build resilient systems, and develop an "Applied Security" model to minimize the impact of failures. Chaos Engineering allows for security teams to proactively experiment and derive new information about underlying factors that were previously unknown. This is done by developing live fire exercises that can be measured, managed, and automated. Contrary to Red/Purple Team exercises, chaos engineering does not use threat actor or adversarial tactics, techniques and procedures. As far as we know it Chaos Engineering is the only proactive mechanism for detecting availability and security incidents before they happen. We proactively introduce turbulent conditions, faults, and failures into our systems to determine the conditions by which our security will fail before it actually does. In this session we will introduce a new concept known as Security Chaos Engineering and how it can be applied to create highly secure, performant, and resilient distributed systems.]]>
The speed and scale of complex system operations within cloud-driven architectures make them extremely difficult for humans to mentally model their behavior. This often results in unpredictable and catastrophic outcomes that become costly when unexpected security incidents occur. There is a need to realign the actual state of operational security measures in order to maintain an acceptable level of confidence that our security actually works when we need it to. As an alternative to simply reacting to failures, the security industry has been overlooking valuable chances to further understand and nurture ‘accidents’ or ‘mistakes’ as opportunities to proactively strengthen system resilience. Chaos Engineering allows us to proactively expose the failures, build resilient systems, and develop an "Applied Security" model to minimize the impact of failures. Chaos Engineering allows for security teams to proactively experiment and derive new information about underlying factors that were previously unknown. This is done by developing live fire exercises that can be measured, managed, and automated. Contrary to Red/Purple Team exercises, chaos engineering does not use threat actor or adversarial tactics, techniques and procedures. As far as we know it Chaos Engineering is the only proactive mechanism for detecting availability and security incidents before they happen. We proactively introduce turbulent conditions, faults, and failures into our systems to determine the conditions by which our security will fail before it actually does. In this session we will introduce a new concept known as Security Chaos Engineering and how it can be applied to create highly secure, performant, and resilient distributed systems.]]> Fri, 17 Apr 2020 19:13:46 GMT /slideshow/addo-navigating-the-devsecops-appocalypse-2020/232196766 rinehartas@slideshare.net(rinehartas) ADDO - Navigating the DevSecOps App-ocalypse 2020 rinehartas The speed and scale of complex system operations within cloud-driven architectures make them extremely difficult for humans to mentally model their behavior. This often results in unpredictable and catastrophic outcomes that become costly when unexpected security incidents occur. There is a need to realign the actual state of operational security measures in order to maintain an acceptable level of confidence that our security actually works when we need it to. As an alternative to simply reacting to failures, the security industry has been overlooking valuable chances to further understand and nurture ‘accidents’ or ‘mistakes’ as opportunities to proactively strengthen system resilience. Chaos Engineering allows us to proactively expose the failures, build resilient systems, and develop an "Applied Security" model to minimize the impact of failures. Chaos Engineering allows for security teams to proactively experiment and derive new information about underlying factors that were previously unknown. This is done by developing live fire exercises that can be measured, managed, and automated. Contrary to Red/Purple Team exercises, chaos engineering does not use threat actor or adversarial tactics, techniques and procedures. As far as we know it Chaos Engineering is the only proactive mechanism for detecting availability and security incidents before they happen. We proactively introduce turbulent conditions, faults, and failures into our systems to determine the conditions by which our security will fail before it actually does. In this session we will introduce a new concept known as Security Chaos Engineering and how it can be applied to create highly secure, performant, and resilient distributed systems. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/addospringeditionscesession04152020-200417191346-thumbnail.jpg?width=120&height=120&fit=bounds" /> The speed and scale of complex system operations within cloud-driven architectures make them extremely difficult for humans to mentally model their behavior. This often results in unpredictable and catastrophic outcomes that become costly when unexpected security incidents occur. There is a need to realign the actual state of operational security measures in order to maintain an acceptable level of confidence that our security actually works when we need it to. As an alternative to simply reacting to failures, the security industry has been overlooking valuable chances to further understand and nurture ‘accidents’ or ‘mistakes’ as opportunities to proactively strengthen system resilience. Chaos Engineering allows us to proactively expose the failures, build resilient systems, and develop an "Applied Security" model to minimize the impact of failures. Chaos Engineering allows for security teams to proactively experiment and derive new information about underlying factors that were previously unknown. This is done by developing live fire exercises that can be measured, managed, and automated. Contrary to Red/Purple Team exercises, chaos engineering does not use threat actor or adversarial tactics, techniques and procedures. As far as we know it Chaos Engineering is the only proactive mechanism for detecting availability and security incidents before they happen. We proactively introduce turbulent conditions, faults, and failures into our systems to determine the conditions by which our security will fail before it actually does. In this session we will introduce a new concept known as Security Chaos Engineering and how it can be applied to create highly secure, performant, and resilient distributed systems.

ADDO - Navigating the DevSecOps App-ocalypse 2020 from Aaron Rinehart

]]> 460 0 https://cdn.slidesharecdn.com/ss_thumbnails/addospringeditionscesession04152020-200417191346-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 AllTheTalks Security Chaos Engineering /rinehartas/allthetalks-security-chaos-engineering allthetalkssecuritychaosengineeringsh-200415221753
In this session Aaron will uncover the importance of using Chaos Engineering in developing a learning culture in a DevSecOps world. Aaron will walk us through how to get started with Chaos Engineering for security and how it can be practically applied to enhance system performance, resilience and security. Security focused Chaos Engineering allows engineering teams to derive new information about the state of security within their distributed systems that was previously unknown. This new technique of instrumentation attempts to proactively inject security turbulent conditions or faults into our systems to determine the conditions by which our security will fail so that we can fix it before it causes customer pain. During this session we will cover some key concepts in Safety & Resilience Engineering and how new techniques such as Chaos Engineering are making a difference in improving our ability to learn from incidents proactively before they become destructive.]]>
In this session Aaron will uncover the importance of using Chaos Engineering in developing a learning culture in a DevSecOps world. Aaron will walk us through how to get started with Chaos Engineering for security and how it can be practically applied to enhance system performance, resilience and security. Security focused Chaos Engineering allows engineering teams to derive new information about the state of security within their distributed systems that was previously unknown. This new technique of instrumentation attempts to proactively inject security turbulent conditions or faults into our systems to determine the conditions by which our security will fail so that we can fix it before it causes customer pain. During this session we will cover some key concepts in Safety & Resilience Engineering and how new techniques such as Chaos Engineering are making a difference in improving our ability to learn from incidents proactively before they become destructive.]]> Wed, 15 Apr 2020 22:17:53 GMT /rinehartas/allthetalks-security-chaos-engineering rinehartas@slideshare.net(rinehartas) AllTheTalks Security Chaos Engineering rinehartas In this session Aaron will uncover the importance of using Chaos Engineering in developing a learning culture in a DevSecOps world. Aaron will walk us through how to get started with Chaos Engineering for security and how it can be practically applied to enhance system performance, resilience and security. Security focused Chaos Engineering allows engineering teams to derive new information about the state of security within their distributed systems that was previously unknown. This new technique of instrumentation attempts to proactively inject security turbulent conditions or faults into our systems to determine the conditions by which our security will fail so that we can fix it before it causes customer pain. During this session we will cover some key concepts in Safety & Resilience Engineering and how new techniques such as Chaos Engineering are making a difference in improving our ability to learn from incidents proactively before they become destructive. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/allthetalkssecuritychaosengineeringsh-200415221753-thumbnail.jpg?width=120&height=120&fit=bounds" /> In this session Aaron will uncover the importance of using Chaos Engineering in developing a learning culture in a DevSecOps world. Aaron will walk us through how to get started with Chaos Engineering for security and how it can be practically applied to enhance system performance, resilience and security. Security focused Chaos Engineering allows engineering teams to derive new information about the state of security within their distributed systems that was previously unknown. This new technique of instrumentation attempts to proactively inject security turbulent conditions or faults into our systems to determine the conditions by which our security will fail so that we can fix it before it causes customer pain. During this session we will cover some key concepts in Safety & Resilience Engineering and how new techniques such as Chaos Engineering are making a difference in improving our ability to learn from incidents proactively before they become destructive.

AllTheTalks Security Chaos Engineering from Aaron Rinehart

]]> 256 0 https://cdn.slidesharecdn.com/ss_thumbnails/allthetalkssecuritychaosengineeringsh-200415221753-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Security Differently - DevSecOps Days Austin 2019 /slideshow/security-differently-devsecops-days-austin-2019/207315750 securitydifferentlyaustindsod2019-191218174501
Security Differently Session from DevSecOps Days Austin 2019]]>
Security Differently Session from DevSecOps Days Austin 2019]]> Wed, 18 Dec 2019 17:45:00 GMT /slideshow/security-differently-devsecops-days-austin-2019/207315750 rinehartas@slideshare.net(rinehartas) Security Differently - DevSecOps Days Austin 2019 rinehartas Security Differently Session from DevSecOps Days Austin 2019 <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/securitydifferentlyaustindsod2019-191218174501-thumbnail.jpg?width=120&height=120&fit=bounds" /> Security Differently Session from DevSecOps Days Austin 2019

Security Differently - DevSecOps Days Austin 2019 from Aaron Rinehart

]]> 391 1 https://cdn.slidesharecdn.com/ss_thumbnails/securitydifferentlyaustindsod2019-191218174501-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 AllDayDevOps Security Chaos Engineering 2019 /slideshow/alldaydevops-security-chaos-engineering-2019/191151151 addosecuritychaosengineeringsessionrinehart-191106231139
AllDayDevOps Security Chaos Engineering 2019 ]]>
AllDayDevOps Security Chaos Engineering 2019 ]]> Wed, 06 Nov 2019 23:11:39 GMT /slideshow/alldaydevops-security-chaos-engineering-2019/191151151 rinehartas@slideshare.net(rinehartas) AllDayDevOps Security Chaos Engineering 2019 rinehartas AllDayDevOps Security Chaos Engineering 2019 <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/addosecuritychaosengineeringsessionrinehart-191106231139-thumbnail.jpg?width=120&height=120&fit=bounds" /> AllDayDevOps Security Chaos Engineering 2019

AllDayDevOps Security Chaos Engineering 2019 from Aaron Rinehart

]]> 439 0 https://cdn.slidesharecdn.com/ss_thumbnails/addosecuritychaosengineeringsessionrinehart-191106231139-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering" /slideshow/vmware-tech-talk-the-road-from-rugged-devops-to-security-chaos-engineering/175858064 vmwareroadfromruggedtochaospubsm-190925062101
This session will cover the foundations DevSecOps and the application of Chaos Engineering for Cyber Security. We will cover how the craft has evolved by sharing some lessons learned driving digital transformation at the largest healthcare company in the world, UnitedHealth Group. During the session we will talk about DevSecOps, Rugged DevOps, Open Source, and how we pioneered the application of Chaos Engineering to Cyber Security. We will cover how DevSecOps and Security Chaos Engineering allows for teams to proactively experiment on recurring failure patterns in order to derive new information about underlying problems that were previously unknown. The use of Chaos Engineering techniques in DevSecOps pipelines, allows incident response and engineering teams to derive new information about the state of security within the system that was previously unknown. As far as we know Chaos Engineering is one of the only proactive mechanisms for detecting systemic availability and security failures before they manifest into outages, incidents, and breaches. In other words, Security focused Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.]]>
This session will cover the foundations DevSecOps and the application of Chaos Engineering for Cyber Security. We will cover how the craft has evolved by sharing some lessons learned driving digital transformation at the largest healthcare company in the world, UnitedHealth Group. During the session we will talk about DevSecOps, Rugged DevOps, Open Source, and how we pioneered the application of Chaos Engineering to Cyber Security. We will cover how DevSecOps and Security Chaos Engineering allows for teams to proactively experiment on recurring failure patterns in order to derive new information about underlying problems that were previously unknown. The use of Chaos Engineering techniques in DevSecOps pipelines, allows incident response and engineering teams to derive new information about the state of security within the system that was previously unknown. As far as we know Chaos Engineering is one of the only proactive mechanisms for detecting systemic availability and security failures before they manifest into outages, incidents, and breaches. In other words, Security focused Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.]]> Wed, 25 Sep 2019 06:21:01 GMT /slideshow/vmware-tech-talk-the-road-from-rugged-devops-to-security-chaos-engineering/175858064 rinehartas@slideshare.net(rinehartas) VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering" rinehartas This session will cover the foundations DevSecOps and the application of Chaos Engineering for Cyber Security. We will cover how the craft has evolved by sharing some lessons learned driving digital transformation at the largest healthcare company in the world, UnitedHealth Group. During the session we will talk about DevSecOps, Rugged DevOps, Open Source, and how we pioneered the application of Chaos Engineering to Cyber Security. We will cover how DevSecOps and Security Chaos Engineering allows for teams to proactively experiment on recurring failure patterns in order to derive new information about underlying problems that were previously unknown. The use of Chaos Engineering techniques in DevSecOps pipelines, allows incident response and engineering teams to derive new information about the state of security within the system that was previously unknown. As far as we know Chaos Engineering is one of the only proactive mechanisms for detecting systemic availability and security failures before they manifest into outages, incidents, and breaches. In other words, Security focused Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/vmwareroadfromruggedtochaospubsm-190925062101-thumbnail.jpg?width=120&height=120&fit=bounds" /> This session will cover the foundations DevSecOps and the application of Chaos Engineering for Cyber Security. We will cover how the craft has evolved by sharing some lessons learned driving digital transformation at the largest healthcare company in the world, UnitedHealth Group. During the session we will talk about DevSecOps, Rugged DevOps, Open Source, and how we pioneered the application of Chaos Engineering to Cyber Security. We will cover how DevSecOps and Security Chaos Engineering allows for teams to proactively experiment on recurring failure patterns in order to derive new information about underlying problems that were previously unknown. The use of Chaos Engineering techniques in DevSecOps pipelines, allows incident response and engineering teams to derive new information about the state of security within the system that was previously unknown. As far as we know Chaos Engineering is one of the only proactive mechanisms for detecting systemic availability and security failures before they manifest into outages, incidents, and breaches. In other words, Security focused Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.

VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering" from Aaron Rinehart

]]> 192 0 https://cdn.slidesharecdn.com/ss_thumbnails/vmwareroadfromruggedtochaospubsm-190925062101-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 OWASP AppSec Global 2019 Security & Chaos Engineering /slideshow/owasp-appsec-global-2019-security-chaos-engineering/175847594 appsecglobalsecurityprecognition2019pubsm2-190925055117
Security today is customarily a reactive and chaotic exercise. In this session, we will introduce a new concept known as Security Chaos Engineering and how it can be applied to create highly secure, performant, and resilient distributed systems.]]>
Security today is customarily a reactive and chaotic exercise. In this session, we will introduce a new concept known as Security Chaos Engineering and how it can be applied to create highly secure, performant, and resilient distributed systems.]]> Wed, 25 Sep 2019 05:51:17 GMT /slideshow/owasp-appsec-global-2019-security-chaos-engineering/175847594 rinehartas@slideshare.net(rinehartas) OWASP AppSec Global 2019 Security & Chaos Engineering rinehartas Security today is customarily a reactive and chaotic exercise. In this session, we will introduce a new concept known as Security Chaos Engineering and how it can be applied to create highly secure, performant, and resilient distributed systems. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/appsecglobalsecurityprecognition2019pubsm2-190925055117-thumbnail.jpg?width=120&height=120&fit=bounds" /> Security today is customarily a reactive and chaotic exercise. In this session, we will introduce a new concept known as Security Chaos Engineering and how it can be applied to create highly secure, performant, and resilient distributed systems.

OWASP AppSec Global 2019 Security & Chaos Engineering from Aaron Rinehart

]]> 258 2 https://cdn.slidesharecdn.com/ss_thumbnails/appsecglobalsecurityprecognition2019pubsm2-190925055117-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 RSA Conference APJ 2019 DevSecOps Days Security Chaos Engineering /rinehartas/rsa-conference-apj-2019-devsecops-days-security-chaos-engineering devsecopsdaysrsaapj2019sh-190725051356
Distributed systems at scale have unpredictable and complex outcomes that are costly when security incidents occur. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. If the latter is even remotely true how is it possible to adequately secure services that are not even fully comprehended by the engineering teams that built them. How do we realign the actual state of operational security measures to maintain an acceptable level of confidence that our security actually works. Security Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.]]>
Distributed systems at scale have unpredictable and complex outcomes that are costly when security incidents occur. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. If the latter is even remotely true how is it possible to adequately secure services that are not even fully comprehended by the engineering teams that built them. How do we realign the actual state of operational security measures to maintain an acceptable level of confidence that our security actually works. Security Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.]]> Thu, 25 Jul 2019 05:13:56 GMT /rinehartas/rsa-conference-apj-2019-devsecops-days-security-chaos-engineering rinehartas@slideshare.net(rinehartas) RSA Conference APJ 2019 DevSecOps Days Security Chaos Engineering rinehartas Distributed systems at scale have unpredictable and complex outcomes that are costly when security incidents occur. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. If the latter is even remotely true how is it possible to adequately secure services that are not even fully comprehended by the engineering teams that built them. How do we realign the actual state of operational security measures to maintain an acceptable level of confidence that our security actually works. Security Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/devsecopsdaysrsaapj2019sh-190725051356-thumbnail.jpg?width=120&height=120&fit=bounds" /> Distributed systems at scale have unpredictable and complex outcomes that are costly when security incidents occur. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. If the latter is even remotely true how is it possible to adequately secure services that are not even fully comprehended by the engineering teams that built them. How do we realign the actual state of operational security measures to maintain an acceptable level of confidence that our security actually works. Security Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.

RSA Conference APJ 2019 DevSecOps Days Security Chaos Engineering from Aaron Rinehart

]]> 153 0 https://cdn.slidesharecdn.com/ss_thumbnails/devsecopsdaysrsaapj2019sh-190725051356-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Pivotal APJ Security Chaos Engineering /slideshow/pivotal-apj-security-chaos-engineering/157722028 pivotalsecuritychaosapj2019-190725043303
Modern systems pose a number of thorny challenges and securing the transformation from legacy monolithic systems to distributed systems demands a change in mindset and engineering toolkit. The security engineering toolkit is unfortunately out-of-style and outdated with today's approach to building, security and operating distributed systems. Distributed systems at scale have unpredictable and complex outcomes that are costly when security incidents occur. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. If the latter is even remotely true how is it possible to adequately secure services that are not even fully comprehended by the engineering teams that built them. How do we realign the actual state of operational security measures to maintain an acceptable level of confidence that our security actually works.]]>
Modern systems pose a number of thorny challenges and securing the transformation from legacy monolithic systems to distributed systems demands a change in mindset and engineering toolkit. The security engineering toolkit is unfortunately out-of-style and outdated with today's approach to building, security and operating distributed systems. Distributed systems at scale have unpredictable and complex outcomes that are costly when security incidents occur. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. If the latter is even remotely true how is it possible to adequately secure services that are not even fully comprehended by the engineering teams that built them. How do we realign the actual state of operational security measures to maintain an acceptable level of confidence that our security actually works.]]> Thu, 25 Jul 2019 04:33:03 GMT /slideshow/pivotal-apj-security-chaos-engineering/157722028 rinehartas@slideshare.net(rinehartas) Pivotal APJ Security Chaos Engineering rinehartas Modern systems pose a number of thorny challenges and securing the transformation from legacy monolithic systems to distributed systems demands a change in mindset and engineering toolkit. The security engineering toolkit is unfortunately out-of-style and outdated with today's approach to building, security and operating distributed systems. Distributed systems at scale have unpredictable and complex outcomes that are costly when security incidents occur. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. If the latter is even remotely true how is it possible to adequately secure services that are not even fully comprehended by the engineering teams that built them. How do we realign the actual state of operational security measures to maintain an acceptable level of confidence that our security actually works. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/pivotalsecuritychaosapj2019-190725043303-thumbnail.jpg?width=120&height=120&fit=bounds" /> Modern systems pose a number of thorny challenges and securing the transformation from legacy monolithic systems to distributed systems demands a change in mindset and engineering toolkit. The security engineering toolkit is unfortunately out-of-style and outdated with today's approach to building, security and operating distributed systems. Distributed systems at scale have unpredictable and complex outcomes that are costly when security incidents occur. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. If the latter is even remotely true how is it possible to adequately secure services that are not even fully comprehended by the engineering teams that built them. How do we realign the actual state of operational security measures to maintain an acceptable level of confidence that our security actually works.

Pivotal APJ Security Chaos Engineering from Aaron Rinehart

]]> 151 0 https://cdn.slidesharecdn.com/ss_thumbnails/pivotalsecuritychaosapj2019-190725043303-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Nexus User Conference DevOps "Table Stakes": The minimum required to play the game /slideshow/nexus-user-conference-devops-table-stakes-the-minimum-required-to-play-the-game/152175926 nexususerconference2019-tablestakessh-190627101113
In this session we will cover the ‘table stakes’ or the minimum foundational components in what it means to deliver high quality secure software in today’s software driven world. From gaining visibility into the software supply chain to building empathy with engineering teams through DevSecOps practices we will dive through what it takes to play the bare minimum hand and how that contributes to improving value-velocity and faster adoption of more advanced techniques such as Chaos Engineering.]]>
In this session we will cover the ‘table stakes’ or the minimum foundational components in what it means to deliver high quality secure software in today’s software driven world. From gaining visibility into the software supply chain to building empathy with engineering teams through DevSecOps practices we will dive through what it takes to play the bare minimum hand and how that contributes to improving value-velocity and faster adoption of more advanced techniques such as Chaos Engineering.]]> Thu, 27 Jun 2019 10:11:13 GMT /slideshow/nexus-user-conference-devops-table-stakes-the-minimum-required-to-play-the-game/152175926 rinehartas@slideshare.net(rinehartas) Nexus User Conference DevOps "Table Stakes": The minimum required to play the game rinehartas In this session we will cover the ‘table stakes’ or the minimum foundational components in what it means to deliver high quality secure software in today’s software driven world. From gaining visibility into the software supply chain to building empathy with engineering teams through DevSecOps practices we will dive through what it takes to play the bare minimum hand and how that contributes to improving value-velocity and faster adoption of more advanced techniques such as Chaos Engineering. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/nexususerconference2019-tablestakessh-190627101113-thumbnail.jpg?width=120&height=120&fit=bounds" /> In this session we will cover the ‘table stakes’ or the minimum foundational components in what it means to deliver high quality secure software in today’s software driven world. From gaining visibility into the software supply chain to building empathy with engineering teams through DevSecOps practices we will dive through what it takes to play the bare minimum hand and how that contributes to improving value-velocity and faster adoption of more advanced techniques such as Chaos Engineering.

Nexus User Conference DevOps "Table Stakes": The minimum required to play the game from Aaron Rinehart

]]> 44 1 https://cdn.slidesharecdn.com/ss_thumbnails/nexususerconference2019-tablestakessh-190627101113-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Velocity 2019 - Security Precognition 2019 �ݺ�ߣs - San Jose 2019 /slideshow/velocity-2019-security-precognition-2019-slides-san-jose-2019/152175177 velocity2019-securityprecognition2019sh-190627100437
Large scale distributed systems have unpredictable and complex outcomes that are costly when security incidents occur. Security incident response today is mostly a reactive and chaotic exercise. Chaos engineering allows security incident response teams to proactively experiment on recurring incident patterns to derive new information about underlying factors that were previously unknown. What if you could flip that scenario on its head? Chaos engineering advances the security incident response framework by reversing the postmortem and preparation phase. This is done by developing live fire exercises that can be measured and managed. Contrary to red team game days, chaos engineering doesn’t use threat actor tactics, techniques, and procedures. Instead it develops teams through unique configuration, cyberthreat, and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones. Join Aaron Rinehart to explore the hidden costs of security incidents, learn a new technique for uncovering system weaknesses in systems security, and more. You’ll also get a glimpse of ChaoSlingr, an open source security chaos engineering tool built and deployed within a Fortune 5 company. Aaron explains how the tool helped his team discover that many of their security controls didn’t function as intended and how, as a result, they were able to proactively improve them before they caused any real problems.]]>
Large scale distributed systems have unpredictable and complex outcomes that are costly when security incidents occur. Security incident response today is mostly a reactive and chaotic exercise. Chaos engineering allows security incident response teams to proactively experiment on recurring incident patterns to derive new information about underlying factors that were previously unknown. What if you could flip that scenario on its head? Chaos engineering advances the security incident response framework by reversing the postmortem and preparation phase. This is done by developing live fire exercises that can be measured and managed. Contrary to red team game days, chaos engineering doesn’t use threat actor tactics, techniques, and procedures. Instead it develops teams through unique configuration, cyberthreat, and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones. Join Aaron Rinehart to explore the hidden costs of security incidents, learn a new technique for uncovering system weaknesses in systems security, and more. You’ll also get a glimpse of ChaoSlingr, an open source security chaos engineering tool built and deployed within a Fortune 5 company. Aaron explains how the tool helped his team discover that many of their security controls didn’t function as intended and how, as a result, they were able to proactively improve them before they caused any real problems.]]> Thu, 27 Jun 2019 10:04:37 GMT /slideshow/velocity-2019-security-precognition-2019-slides-san-jose-2019/152175177 rinehartas@slideshare.net(rinehartas) Velocity 2019 - Security Precognition 2019 �ݺ�ߣs - San Jose 2019 rinehartas Large scale distributed systems have unpredictable and complex outcomes that are costly when security incidents occur. Security incident response today is mostly a reactive and chaotic exercise. Chaos engineering allows security incident response teams to proactively experiment on recurring incident patterns to derive new information about underlying factors that were previously unknown. What if you could flip that scenario on its head? Chaos engineering advances the security incident response framework by reversing the postmortem and preparation phase. This is done by developing live fire exercises that can be measured and managed. Contrary to red team game days, chaos engineering doesn’t use threat actor tactics, techniques, and procedures. Instead it develops teams through unique configuration, cyberthreat, and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones. Join Aaron Rinehart to explore the hidden costs of security incidents, learn a new technique for uncovering system weaknesses in systems security, and more. You’ll also get a glimpse of ChaoSlingr, an open source security chaos engineering tool built and deployed within a Fortune 5 company. Aaron explains how the tool helped his team discover that many of their security controls didn’t function as intended and how, as a result, they were able to proactively improve them before they caused any real problems. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/velocity2019-securityprecognition2019sh-190627100437-thumbnail.jpg?width=120&height=120&fit=bounds" /> Large scale distributed systems have unpredictable and complex outcomes that are costly when security incidents occur. Security incident response today is mostly a reactive and chaotic exercise. Chaos engineering allows security incident response teams to proactively experiment on recurring incident patterns to derive new information about underlying factors that were previously unknown. What if you could flip that scenario on its head? Chaos engineering advances the security incident response framework by reversing the postmortem and preparation phase. This is done by developing live fire exercises that can be measured and managed. Contrary to red team game days, chaos engineering doesn’t use threat actor tactics, techniques, and procedures. Instead it develops teams through unique configuration, cyberthreat, and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones. Join Aaron Rinehart to explore the hidden costs of security incidents, learn a new technique for uncovering system weaknesses in systems security, and more. You’ll also get a glimpse of ChaoSlingr, an open source security chaos engineering tool built and deployed within a Fortune 5 company. Aaron explains how the tool helped his team discover that many of their security controls didn’t function as intended and how, as a result, they were able to proactively improve them before they caused any real problems.

Velocity 2019 - Security Precognition 2019 �ݺ�ߣs - San Jose 2019 from Aaron Rinehart

]]> 266 1 https://cdn.slidesharecdn.com/ss_thumbnails/velocity2019-securityprecognition2019sh-190627100437-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Craft 2019 - Security Chaos Engineering - Security Precognition /rinehartas/craft-2019-security-chaos-engineering-security-precognition craft2019-securityprecognition-securitychaosengineering20195-190525012216
Security incident response is a reactive and chaotic exercise. What if it were possible to flip the scenario on its head? Security focused chaos engineering takes the approach of advancing the security incident response apparatus by reversing the postmortem and preparation phases. Contrary to Purple Team or Red Team game days, Security Chaos Engineering does not use threat actor tactics, techniques and procedures. It develops teams through unique configuration, cyber threat and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones. Security Chaos Engineering allows incident response and product teams to derive new information about the state of security within their distributed systems that was previously unknown. Within this new paradigm of instrumentation where we proactively conduct “Pre-Incident” vs. “Post-Incident” reviews we are now able to more accurately measure how effective our security incident response teams, tools, skills, and procedures are during the manic of the Incident Response function. In this session Aaron Rinehart, the mind behind the first Open Source Security Chaos Engineering tool ChaoSlingr, will introduce how Security Chaos Engineering can be applied to create highly secure, performant, and resilient distributed systems. ]]>
Security incident response is a reactive and chaotic exercise. What if it were possible to flip the scenario on its head? Security focused chaos engineering takes the approach of advancing the security incident response apparatus by reversing the postmortem and preparation phases. Contrary to Purple Team or Red Team game days, Security Chaos Engineering does not use threat actor tactics, techniques and procedures. It develops teams through unique configuration, cyber threat and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones. Security Chaos Engineering allows incident response and product teams to derive new information about the state of security within their distributed systems that was previously unknown. Within this new paradigm of instrumentation where we proactively conduct “Pre-Incident” vs. “Post-Incident” reviews we are now able to more accurately measure how effective our security incident response teams, tools, skills, and procedures are during the manic of the Incident Response function. In this session Aaron Rinehart, the mind behind the first Open Source Security Chaos Engineering tool ChaoSlingr, will introduce how Security Chaos Engineering can be applied to create highly secure, performant, and resilient distributed systems. ]]> Sat, 25 May 2019 01:22:16 GMT /rinehartas/craft-2019-security-chaos-engineering-security-precognition rinehartas@slideshare.net(rinehartas) Craft 2019 - Security Chaos Engineering - Security Precognition rinehartas Security incident response is a reactive and chaotic exercise. What if it were possible to flip the scenario on its head? Security focused chaos engineering takes the approach of advancing the security incident response apparatus by reversing the postmortem and preparation phases. Contrary to Purple Team or Red Team game days, Security Chaos Engineering does not use threat actor tactics, techniques and procedures. It develops teams through unique configuration, cyber threat and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones. Security Chaos Engineering allows incident response and product teams to derive new information about the state of security within their distributed systems that was previously unknown. Within this new paradigm of instrumentation where we proactively conduct “Pre-Incident” vs. “Post-Incident” reviews we are now able to more accurately measure how effective our security incident response teams, tools, skills, and procedures are during the manic of the Incident Response function. In this session Aaron Rinehart, the mind behind the first Open Source Security Chaos Engineering tool ChaoSlingr, will introduce how Security Chaos Engineering can be applied to create highly secure, performant, and resilient distributed systems. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/craft2019-securityprecognition-securitychaosengineering20195-190525012216-thumbnail.jpg?width=120&height=120&fit=bounds" /> Security incident response is a reactive and chaotic exercise. What if it were possible to flip the scenario on its head? Security focused chaos engineering takes the approach of advancing the security incident response apparatus by reversing the postmortem and preparation phases. Contrary to Purple Team or Red Team game days, Security Chaos Engineering does not use threat actor tactics, techniques and procedures. It develops teams through unique configuration, cyber threat and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones. Security Chaos Engineering allows incident response and product teams to derive new information about the state of security within their distributed systems that was previously unknown. Within this new paradigm of instrumentation where we proactively conduct “Pre-Incident” vs. “Post-Incident” reviews we are now able to more accurately measure how effective our security incident response teams, tools, skills, and procedures are during the manic of the Incident Response function. In this session Aaron Rinehart, the mind behind the first Open Source Security Chaos Engineering tool ChaoSlingr, will introduce how Security Chaos Engineering can be applied to create highly secure, performant, and resilient distributed systems.

Craft 2019 - Security Chaos Engineering - Security Precognition from Aaron Rinehart

]]> 176 2 https://cdn.slidesharecdn.com/ss_thumbnails/craft2019-securityprecognition-securitychaosengineering20195-190525012216-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 GDS-Austin - DevSecOps & Security Chaos Engineering /rinehartas/gdsaustin-devsecops-security-chaos-engineering gdssummit-securitychaosengineering2018decslsh-181213215510
DevSecOps & Security Chaos Engineering - "Knowing the Unknown" - "Resilience is the story of the outage that didn’t happen". - John Allspaw Our systems are becoming more and more distributed, ephemeral, and immutable in how they function in today’s ever-evolving landscape of contemporary engineering practices. Not only are we becoming more complex but the rate of velocity in which our systems are now interacting, and evolving is making the work more challenging for us humans. In this shifted paradigm, it is becoming problematic to comprehend the operational state, health and safety of our systems. In this session Aaron will uncover what Chaos Engineering is, why we need it, and how it can be used as a tool for building more performant, safe and secure systems. We will uncover the importance of using Chaos Engineering in developing a learning culture through system experimentation. Lastly, we will walk through how to get started using Chaos Engineering as well as dive into how it can be applied to cyber security and other important engineering domains.]]>
DevSecOps & Security Chaos Engineering - "Knowing the Unknown" - "Resilience is the story of the outage that didn’t happen". - John Allspaw Our systems are becoming more and more distributed, ephemeral, and immutable in how they function in today’s ever-evolving landscape of contemporary engineering practices. Not only are we becoming more complex but the rate of velocity in which our systems are now interacting, and evolving is making the work more challenging for us humans. In this shifted paradigm, it is becoming problematic to comprehend the operational state, health and safety of our systems. In this session Aaron will uncover what Chaos Engineering is, why we need it, and how it can be used as a tool for building more performant, safe and secure systems. We will uncover the importance of using Chaos Engineering in developing a learning culture through system experimentation. Lastly, we will walk through how to get started using Chaos Engineering as well as dive into how it can be applied to cyber security and other important engineering domains.]]> Thu, 13 Dec 2018 21:55:10 GMT /rinehartas/gdsaustin-devsecops-security-chaos-engineering rinehartas@slideshare.net(rinehartas) GDS-Austin - DevSecOps & Security Chaos Engineering rinehartas DevSecOps & Security Chaos Engineering - "Knowing the Unknown" - "Resilience is the story of the outage that didn’t happen". - John Allspaw Our systems are becoming more and more distributed, ephemeral, and immutable in how they function in today’s ever-evolving landscape of contemporary engineering practices. Not only are we becoming more complex but the rate of velocity in which our systems are now interacting, and evolving is making the work more challenging for us humans. In this shifted paradigm, it is becoming problematic to comprehend the operational state, health and safety of our systems. In this session Aaron will uncover what Chaos Engineering is, why we need it, and how it can be used as a tool for building more performant, safe and secure systems. We will uncover the importance of using Chaos Engineering in developing a learning culture through system experimentation. Lastly, we will walk through how to get started using Chaos Engineering as well as dive into how it can be applied to cyber security and other important engineering domains. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/gdssummit-securitychaosengineering2018decslsh-181213215510-thumbnail.jpg?width=120&height=120&fit=bounds" /> DevSecOps & Security Chaos Engineering - "Knowing the Unknown" - "Resilience is the story of the outage that didn’t happen". - John Allspaw Our systems are becoming more and more distributed, ephemeral, and immutable in how they function in today’s ever-evolving landscape of contemporary engineering practices. Not only are we becoming more complex but the rate of velocity in which our systems are now interacting, and evolving is making the work more challenging for us humans. In this shifted paradigm, it is becoming problematic to comprehend the operational state, health and safety of our systems. In this session Aaron will uncover what Chaos Engineering is, why we need it, and how it can be used as a tool for building more performant, safe and secure systems. We will uncover the importance of using Chaos Engineering in developing a learning culture through system experimentation. Lastly, we will walk through how to get started using Chaos Engineering as well as dive into how it can be applied to cyber security and other important engineering domains.

GDS-Austin - DevSecOps & Security Chaos Engineering from Aaron Rinehart

]]> 691 3 https://cdn.slidesharecdn.com/ss_thumbnails/gdssummit-securitychaosengineering2018decslsh-181213215510-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Does 2018 presentation rinehart - how to train your dragons /slideshow/does-2018-presentation-rinehart-how-to-train-your-dragons/120601666 does2018presentation-rinehart-howtotrainyourdragons-181024192106
How to Train Your Dragons to Code “Transformation Success by Teaching your Security Team to Code” ]]>
How to Train Your Dragons to Code “Transformation Success by Teaching your Security Team to Code” ]]> Wed, 24 Oct 2018 19:21:06 GMT /slideshow/does-2018-presentation-rinehart-how-to-train-your-dragons/120601666 rinehartas@slideshare.net(rinehartas) Does 2018 presentation rinehart - how to train your dragons rinehartas How to Train Your Dragons to Code “Transformation Success by Teaching your Security Team to Code” <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/does2018presentation-rinehart-howtotrainyourdragons-181024192106-thumbnail.jpg?width=120&height=120&fit=bounds" /> How to Train Your Dragons to Code “Transformation Success by Teaching your Security Team to Code”

Does 2018 presentation rinehart - how to train your dragons from Aaron Rinehart

]]> 127 1 https://cdn.slidesharecdn.com/ss_thumbnails/does2018presentation-rinehart-howtotrainyourdragons-181024192106-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 AllDayDevOps : DevSecOps & Chaos Engineering: Knowing the Unknown /slideshow/alldaydevops-devsecops-chaos-engineering-knowing-the-unknown/119755664 addodevsecopsknowingtheunknownpresentation-181017144537
AllDayDevOps : DevSecOps & Chaos Engineering: Knowing the Unknown]]>
AllDayDevOps : DevSecOps & Chaos Engineering: Knowing the Unknown]]> Wed, 17 Oct 2018 14:45:37 GMT /slideshow/alldaydevops-devsecops-chaos-engineering-knowing-the-unknown/119755664 rinehartas@slideshare.net(rinehartas) AllDayDevOps : DevSecOps & Chaos Engineering: Knowing the Unknown rinehartas AllDayDevOps : DevSecOps & Chaos Engineering: Knowing the Unknown <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/addodevsecopsknowingtheunknownpresentation-181017144537-thumbnail.jpg?width=120&height=120&fit=bounds" /> AllDayDevOps : DevSecOps & Chaos Engineering: Knowing the Unknown

AllDayDevOps : DevSecOps & Chaos Engineering: Knowing the Unknown from Aaron Rinehart

]]> 212 3 https://cdn.slidesharecdn.com/ss_thumbnails/addodevsecopsknowingtheunknownpresentation-181017144537-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-rinehartas-48x48.jpg?cb=1669916541 Former Venture Backed Startup Co-Founder/CTO, Fortune 4 Senior Security Exec @UHG @NASA @DHS. Pioneer & O'Reilly Author on Security Chaos Engineering opensource.com/users/aaronrinehart https://cdn.slidesharecdn.com/ss_thumbnails/dso-r04navigatingtheunknowableresiliencethroughsecuritychaosengineering-210526173045-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/rsa-2021-navigating-the-unknowable-resilience-through-security-chaos-engineering-248576348/248576348 RSA 2021 Navigating th... https://cdn.slidesharecdn.com/ss_thumbnails/healthcondx2021-scetrimmed-210413155147-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/healthcondx-virtual-summit-2021-how-security-chaos-engineering-is-changing-cyber-security-in-healthcare/246155466 HealthConDX Virtual Su... https://cdn.slidesharecdn.com/ss_thumbnails/rsac365virtualsummitsecuritychaosengineering-210112162757-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/rsac-365-2021-virtual-summit-spotlite-presentation-on-security-chaos-engineering/241245216 RSAC 365 2021 Virtual ...