S4E21: Resilient Cyber w/ Kelly Shortridge

In this episode, Chris Hughes and Dr. Nithi Robinson are joined by Kelly Shortridge, Senior Principal at Fastly and author of Security Chaos Engineering. They discuss the principles of security chaos engineering, focusing on building resilience in software systems, adapting to failure, and applying lessons from other industries to cybersecurity. The conversation explores how modern security programs can evolve and better align with the rapid pace of software development while mitigating the impact of security threats.

Key Highlights:

• Security Chaos Engineering:
  A socio-technical transformation focused on adapting to failure and building software resilience.

• Learning from Other Domains:
  Cybersecurity should adopt resilience practices from industries like healthcare and transportation.

• Modern Security Programs:
  Shift focus from perimeter-based security to understanding system interactions and enabling secure productivity.

• Platform Engineering & Collaboration:
  Security teams should build frameworks and tools to simplify secure development for engineers.

• Scientific Resilience Testing:
  Use small, hypothesis-driven experiments to test systems’ resilience, scaling gradually.

• Adapting in Security:
  Security professionals must evolve and learn new technologies to remain relevant.

• Psychological and Economic Factors:
  Security should rely on data-driven, empirical approaches rather than fear-based arguments.

• Disrupting Attackers with Deception:
  Frustrate attackers by introducing inefficiencies and luring them into fake systems to reduce their ROI.

Security chaos engineering offers a structured, scientific approach to building resilient software systems by focusing on continuous experimentation and adaptation. To stay relevant, security teams need to embrace modern development practices, collaborate closely with engineering teams, and create proactive, data-driven security strategies that prioritize system resilience over rigid, outdated methods.