Cloud Security Podcast by Google

EP132 Chaos Engineering for Security: How to Improve Software Resilience with Kelly Shortridge

13 snips
Jul 31, 2023
Kelly Shortridge, Senior Principal Engineer at Fastly, discusses the concept of Security Chaos Engineering and its intersection with cloud security. She talks about how chaos engineering can improve software resilience and security alerting. Kelly shares her favorite chaos engineering experiment and how it can break organizations out of their 1990s thinking. The podcast also explores the importance of understanding threat models, iterative approaches to software resilience, and learning from failures.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

Security Chaos Engineering = Software Resilience

  • Security chaos engineering prioritizes software resilience and adaptation.
  • It draws lessons from diverse complex systems domains to improve failure recovery.
ADVICE

Refining Alerts with Chaos Engineering

  • Use chaos experiments to refine security alerts and validate assumptions.
  • Treat alerts as evidence to accept or reject hypotheses, ensuring they inform decisions.
ANECDOTE

Firewall Experiment at UnitedHealth Group

  • At UnitedHealth Group, a chaos experiment revealed a firewall only alerted on misconfigured ports 60% of the time.
  • Their cloud configuration tool, Oka, alerted consistently, showcasing alternative alert sources.
Get the Snipd Podcast app to discover more snips from this episode
Get the app