Software Unscripted

The CrowdStrike Incident with Kelly Shortridge

Aug 11, 2024

Kelly Shortridge, a security expert and author of a book on security chaos engineering, delves into the CrowdStrike incident that created global tech turmoil. They dissect the implications of flawed software updates, emphasizing the need for robust cybersecurity practices. The conversation explores the divide between software and traditional engineering, advocating for better integration in security measures. Shortridge also highlights the significance of kernel-level access for security tools and the need for collaboration between software engineers and security teams to tackle emerging threats.

58:30

Creator website

Episode guests

Kelly Shortridge

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The CrowdStrike incident revealed critical weaknesses in software implementation, emphasizing the need for improved security practices across the industry.

The backlash against CrowdStrike highlights a defensive mindset within the cybersecurity community, urging professionals to engage in self-reflection and accountability.

Experts advocate for modern software engineering practices in cybersecurity, pushing for automated processes and staged rollouts to enhance system reliability and security.

Deep dives

Understanding the CrowdStrike Incident

A significant cybersecurity incident occurred when a content update from CrowdStrike caused numerous machines to enter a boot loop, displaying a blue screen of death. This situation disrupted operations at major facilities, including Delta Airlines, which grounded flights due to the effects of the incident. The software update's failure revealed severe weaknesses in the implementation, suggesting that such critical failures shouldn't result from a single faulty update. The discussion revolves around the systemic flaws in software handling and the essential need for improved security practices within the cyber industry.

Intro

2min

CrowdStrike and the Security Incident Analysis

17min

Bridging the Gap: Software and Cybersecurity

6min

Evaluating Kernel-Level Access for Telemetry in Security Tools

4min

Navigating Cybersecurity Challenges

25min

Fundamental Strategies for Cybersecurity Improvement

4min

Richard talks with Kelly Shortridge about the CrowdStrike Incident that caused many computers worldwide to get stuck in a boot loop on July 19, 2024.

A video version of this episode is available on YouTube at https://www.youtube.com/watch?v=rzjaZssBEiI or ad-free to our wonderful Patreon supporters! https://www.patreon.com/posts/109888395

The incident: https://en.wikipedia.org/wiki/2024_CrowdStrike_incident

Kelly Shortridge: https://www.kellyshortridge.com

Kelly's book: https://securitychaoseng.com

Hillel Wayne's interviews with traditional engineers who have also been software engineers: https://www.hillelwayne.com/talks/crossover-project

Gell-Mann amnesia effect: https://en.wikipedia.org/wiki/Michael_Crichton#Gell-Mann_amnesia_effect

Hosted on Acast. See acast.com/privacy for more information.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Software Unscripted

The CrowdStrike Incident with Kelly Shortridge

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Understanding the CrowdStrike Incident

Critique of CrowdStrike's Reputation and Response

Design Failures and Accountability in Cybersecurity

Examining Architectural Practices in Security Software

Future Directions for Cybersecurity Standards

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Software Unscripted

The CrowdStrike Incident with Kelly Shortridge

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Understanding the CrowdStrike Incident

Critique of CrowdStrike's Reputation and Response

Design Failures and Accountability in Cybersecurity

Examining Architectural Practices in Security Software

Future Directions for Cybersecurity Standards

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights