

EP132 Chaos Engineering for Security: How to Improve Software Resilience with Kelly Shortridge
13 snips Jul 31, 2023
Kelly Shortridge, Senior Principal Engineer at Fastly, discusses the concept of Security Chaos Engineering and its intersection with cloud security. She talks about how chaos engineering can improve software resilience and security alerting. Kelly shares her favorite chaos engineering experiment and how it can break organizations out of their 1990s thinking. The podcast also explores the importance of understanding threat models, iterative approaches to software resilience, and learning from failures.
AI Snips
Chapters
Transcript
Episode notes
Security Chaos Engineering = Software Resilience
- Security chaos engineering prioritizes software resilience and adaptation.
- It draws lessons from diverse complex systems domains to improve failure recovery.
Refining Alerts with Chaos Engineering
- Use chaos experiments to refine security alerts and validate assumptions.
- Treat alerts as evidence to accept or reject hypotheses, ensuring they inform decisions.
Firewall Experiment at UnitedHealth Group
- At UnitedHealth Group, a chaos experiment revealed a firewall only alerted on misconfigured ports 60% of the time.
- Their cloud configuration tool, Oka, alerted consistently, showcasing alternative alert sources.