Building Resilience in Software Through Security Chaos Engineering

Logo
Presented by

Deb Radcliff, Shift Left Editor & Kelly Shortridge, Sr Principal Engineer Fastly

About this talk

Shift Left Editor Deb Radcliff interviews Kelly Shortridge, author of Security Chaos Engineering: Sustaining Resilience in Software and Systems. Kelly Shortridge is Senior Principal Engineer at Fastly, a cloud services platform that helps developers extend their core cloud infrastructure to the network edge. We met at the RSA Conference where she was signing her recently-published book about software resilience through security chaos engineering. In this twenty-minute video interview, we talk about why she wrote this book, how she defines security chaos engineering, how it compares to security platform engineering, and how to use these concepts to nurture developer productivity while not killing their souls with overly prescriptive security checklists. She wrote the book because she feels the cybersecurity sector doesn’t understand software development very well or the constraints developers are under. And because security has an almost imperialist approach focused on stopping anything bad from happening, which she feels is impossible for developers to maintain. On the development side, she believes security needs to be demystified by embracing and extending practices software engineers already use. “Chaos engineering is based on the foundation of resilience, preparing for failure, moving quickly, and cultivating a feedback loop,” Shortridge says. “How can we transform the way we approach security across the software delivery lifecycle in a way that aligns with software goals?” The book is packed with information, charts, tables, and advice that is presented in easy to digest bytes for developers, their managers and product security officers. “To borrow from Dune, fear is the mind killer,” she adds. “Start small. A lot of the practices you already use for software quality can be adopted and adapted to sustain resilience against attacks.”
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (35)
Subscribers (2106)
CodeSecure is a global provider of application security testing solutions including static analysis (SAST) and software composition (SCA) products. Our products, CodeSonar and CodeSentry, help organizations develop and release higher quality and more secure software – free of harmful defects and exploitable weaknesses that cause system failures, enable data breaches, and increase corporate liability.