Winning at Security “Whack-a-Mole” with Security Chaos Engineering - Security & Chaos Engineering: A Novel Approach to Crafting Secure and Resilient Distributed Systems

**11.00am - 11.20am** **AARON RINEHART; Winning at Security “Whack-a-Mole” with Security Chaos Engineering** Hope isn’t a strategy. Likewise, perfection isn’t a plan. The systems we are responsible for are failing as a normal function of how they operate, whether we like it or not, whether we see it or not. Security chaos engineering is about increasing confidence that our security mechanisms are effective at performing under the conditions for which we designed them. Through continuous security experimentation, we become better prepared as an organization and reduce the likelihood of being caught off guard by unforeseen disruptions. These practices better prepare us (as professionals), our teams, and the organizations we represent to be effective and resilient when faced with security unknowns. In this session Aaron Rinehart, co-author of the O'Reilly Report on Security Chaos Engineering, will share how you can get started in applying the Security based Chaos Engineering to create highly secure, performant, and resilient distributed systems. **11.20am - 11.40am** **KELLY SHORTRIDGE; From Catastrophe to Chaos in Production** We all know that production systems must be protected so we can realize value from the software we develop. What is less understood is the right way to keep production systems safe, because trying to prevent any and all badness is more of a prayer than a strategy.<br /> In this talk, we'll explore how security failure can manifest in prod systems and how Security Chaos Engineering presents a saner path. We'll cover why it's important to harness failure as a tool and a teacher, along with examples of security chaos experiments you can conduct on production systems. **11.40am - 12.00pm Q&A**