Cloud Security Podcast by Google

EP132 Chaos Engineering for Security: How to Improve Software Resilience with Kelly Shortridge

Jul 31, 2023

Kelly Shortridge, Senior Principal Engineer at Fastly, discusses the concept of Security Chaos Engineering and its intersection with cloud security. She talks about how chaos engineering can improve software resilience and security alerting. Kelly shares her favorite chaos engineering experiment and how it can break organizations out of their 1990s thinking. The podcast also explores the importance of understanding threat models, iterative approaches to software resilience, and learning from failures.

36:27

Creator website

Episode guests

Kelly Shortridge

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Security chaos engineering promotes software resilience and adaptive security strategies.

Implementing software resilience involves iterative development, validation of assumptions, and continuous learning.

Deep dives

Software Resilience and the Principles of Chaos Engineering

Software resilience and the principles of chaos engineering form the foundation for a more modern and effective approach to security. Security chaos engineering is all about building software systems that can gracefully recover from failure and adapt to changing conditions. It draws on lessons learned from various domains and emphasizes the importance of adaptation and resilience. By adopting software resilience practices, organizations can transform their security mindset from a reactive 'department of no' approach to a more proactive and modern strategy.

The Importance of Nuance in Evaluating Threat Models and Security

01:07

Introduction

4min

Adapting to Changing Conditions and Overcoming Failure

8min

Understanding Security Threat Models and Behavioral Biases

2min

Iterative Approach to Software Resilience and Chaos Engineering

13min

Progress over Perfection and Learning from Failure

9min

Guest:

Kelly Shortridge, Senior Principal Engineer in the Office of the CTO at Fastly

Topics:

So what is Security Chaos Engineering?
“Chapter 5. Operating and Observing” is Anton’s favorite. One thing that mystifies me, however, is that you outline how to fail with alerts (send too many), but it is not entirely clear how to practically succeed with them? How does chaos engineering help security alerting / detection?
How chaos engineering (or is it really about software resilience?) intersects with Cloud security - is this peanut butter and chocolate or more like peanut butter and pickles?
How can organizations get started with chaos engineering for software resilience and security?
What is your favorite chaos engineering experiment that you have ever done?
We often talk about using the SRE lessons for security, and yet many organizations do security the 1990s way. Are there ways to use chaos engineering as a forcing function to break people out of their 1990s thinking and time warp them to 2023?

Resources:

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Cloud Security Podcast by Google

EP132 Chaos Engineering for Security: How to Improve Software Resilience with Kelly Shortridge

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Software Resilience and the Principles of Chaos Engineering

Embracing the Iterative Approach

Practical Tips for Software Resilience

Recommended Reading

The Importance of Nuance in Evaluating Threat Models and Security

Remember Everything You Learn from Podcasts