Security Chaos Engineering down in Austin, TX
The Verica crew had a fun time with the fine folks down in Austin, TX at the city’s first DevSecOps Days event. Going to Austin during the holiday season never results in a White Christmas, but this year Austin delivered on some great security and devops talks that should make you cheery all year long.
It was a full day of talks with the agenda moving from DevSecOps basics to pragmatic approaches DevSecOps to future-looking topics in DevSecOps like Security Chaos Engineering (SCE). Verica’s Co-Founder and CTO, Aaron Rinehart, spoke at the event with a talk titled “Security Differently.” If the title sounds vaguely familiar, and it probably does for those in the Resilience Engineering and Chaos Engineering space, there is a reason for it. Security Differently is based on the work of Sydney Dekker’s work: Safety Differently.
SECURITY DIFFERENTLY SEES THE WORLD WHERE PEOPLE ARE PART OF THE SOLUTION
The talk explored how safety and security have a lot in common. For example, if you take one of Dekker’s quotes and replace the word “safety” with the word “security” you end up seeing where Rinehart thinks Security Chaos Engineering is going.
For example, take this quote from Dekker:
Safety differently’ is about relying on people’s expertise, insights and the dignity of work as actually done to improve safety and efficiency. It is about halting or pushing back on the ever-expanding bureaucratization and compliance of work.Sydney Dekker
Once you replace ‘safety’ with ‘security’ a new picture emerges.
“Security differently’ is about relying on people’s expertise, insights and the dignity of work as actually done to improve security and efficiency. It is about halting or pushing back on the ever-expanding bureaucratization and compliance of work.”
This is the crux of Security Differently. Security Differently sees the world where people are part of the solution, rather than the source of problems. Security sees people as competent and having common sense rather than trying to control them and making them follow compliance. Instead of telling them what to do, it asks them what they need.
This is just one piece of Rinehart’s talk, and if you are interested, I recommend you check out the slides. The talk was also recorded and when that becomes available, we will make that available here as well.