Aaron Rinehart

Chief Technology Officer at Verica.io

Talk

Security Pre-Cognition: Using Chaos Engineering in Security Incident Response w/ ChaoSlingr
Friday 14:35 - 15:20
Topics:
Security
Distributed Systems
Chaos Engineering
Incident Response
DevSecOps
Resilience
Level:
Intermediate

Your rating:
0/5

Security incident response is a reactive and chaotic exercise. What if it were possible to flip the scenario on its head? Security focused chaos engineering takes the approach of advancing the security incident response apparatus by reversing the postmortem and preparation phases. Contrary to Purple Team or Red Team game days, Security Chaos Engineering does not use threat actor tactics, techniques and procedures. It develops teams through unique configuration, cyber threat and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones. 

Security Chaos Engineering allows incident response and product teams to derive new information about the state of security within their distributed systems that was previously unknown.  Within this new paradigm of instrumentation where we proactively conduct “Pre-Incident” vs. “Post-Incident” reviews we are now able to more accurately measure how effective our security incident response teams, tools, skills, and procedures are during the manic of the Incident Response function.  

In this session Aaron Rinehart, the mind behind the first Open Source Security Chaos Engineering tool ChaoSlingr, will introduce how Security Chaos Engineering can be applied to create highly secure, performant, and resilient distributed systems. 


Watch the talk    Check the slides

About

Aaron Rinehart, CTO @Verica.io | Former Chief Security Architect, @UnitedHealthGroup
Aaron has been expanding the possibilities of Chaos Engineering in its application to other safety- critical portions of the IT domain notably cybersecurity. He began pioneering the application of Security in Chaos Engineering during his tenure as the Chief Security Architect at the largest private healthcare company in the world, UnitedHealth Group (UHG). While at UHG Aaron released ChaoSlingr, one of the first open source software releases focused on using Chaos Engineering in cybersecurity to build more resilient systems. Aaron recently founded the first Chaos Engineering Meetup in Washington DC and is a frequent author, consultant and speaker in the space.