Agile + DevOps West 2020 Concurrent Session : Using Security Chaos Engineering to Build Protected, Resilient Systems

Conference archive


Thursday, June 11, 2020 - 4:45pm to 5:45pm

Using Security Chaos Engineering to Build Protected, Resilient Systems

The speed and scale of complex system operations within cloud-driven architectures make them extremely difficult for humans to mentally model their behavior. This often results in unpredictable and catastrophic outcomes that become costly when unexpected security incidents occur. There is a need to realign the actual state of operational security measures in order to maintain an acceptable level of confidence that our security actually works when we need it to. As an alternative to simply reacting to failures, the security industry has been overlooking valuable chances to further understand and nurture accidents as opportunities to proactively strengthen system resilience. Chaos engineering allows us to proactively expose the failures, build resilient systems, and develop an applied security model to minimize the impact of failures. Security teams can proactively experiment and derive new information about underlying factors that were previously unknown by developing live-fire exercises that can be measured, managed, and automated. Contrary to red/purple team exercises, chaos engineering does not use threat actors or adversarial tactics, techniques, and procedures. We intentionally introduce turbulent conditions, faults, and failures into our systems to determine the conditions in which our security will fail before it actually does. Aaron Rinehart will introduce a new concept, security chaos engineering, and explain how it can be applied to create highly secure, performant, and resilient distributed systems. Learn to proactively detect availability and security incidents before they happen.

Aaron Rinehart has spent his career solving challenging engineering problems for organizations such as the United States Department of Homeland Security (DHS), National Aeronautics and Space Administration (NASA), and the Department of Defense (DoD). Rinehart has been a featured speaker at several media outlets and conferences, most notably the National Press Club, RSA, Velocity, and ABC News. Rinehart has been interviewed and quoted in various publications including the Huffington Post, DarkReading, SecurityWeekly, ISMG, and MarketWatch. Aaron has been expanding the possibilities of chaos engineering in its application to other safety-critical portions of the IT domain notably cybersecurity. He began pioneering the application of security in chaos engineering during his tenure as the Chief Security Architect at the largest private healthcare company in the world, UnitedHealth Group (UHG). While at UHG Rinehart released ChaoSlingr, one of the first open-source software releases focused on using chaos engineering in cybersecurity to build more resilient systems. Rinehart recently founded a chaos engineering startup called Verica with Casey Rosenthal from Netflix and is the O’Reilly author on the topic as well as a frequent speaker in the space.