, 18 tweets, 10 min read Read on Twitter
#chaosday19 @aaronrinehart now talking about security precognition
#chaosday19 @aaronrinehart : We're going to be covering a LOT of stuff during this talk. Our systems have grown beyond our ability to grok them.
#chaosday19 @aaronrinehart case in point here’s Vizceral
#chaosday19 @aaronrinehart : when it comes to security we're still (unfortunately) managing failure as a human factor issue
#chaosday19 @aaronrinehart : With all the complexity in our systems can we simplify it? Depends on the type. There's accidental complexity and essential (feature driven) complexity.
#chaosday19 @aaronrinehart : "As the complexity of a system increases, the accuracy of any single agent's own model of that system decreases" - @ddwoods2 [ed: I've read articles preaching the 'death of the all knowing architect' because of this factor]
#chaosday19 @aaronrinehart : Failure still happens with security!
#chaosday19 @aaronrinehart : "As I've gotten deeper into Resilience Engineering I've gotten more and more scared of how much software is taking over and how little we know about our systems" [ed: I think it's important to consider the system including both software and humans]
#chaosday19 @aaronrinehart : Security incidents are subjective in nature. We really don't know very much. Have to answer questions like 'where? why? who? when? how?
#chaosday19 @aaronrinehart : When security incidents happen things go a bit crazy. Security hasn't quite caught up to SRE types of concepts for incident response, recovery, and reflection. [ed: I'd attribute the blamelessness more to Human Factors studies and IT maturity here]
#chaosday19 @aaronrinehart : People operate differently when they expect things to fail. [ed: to me one of the holy grails of Chaos is the ability to update our mental model of not just how our compute systems operate but also our people coordination, communication and action]
Adding this to my reading list #chaosday19 @aaronrinehart
#chaosday19 @aaronrinehart : Sabotage is rare (if you have internal security issues, you don't have a security problem you have an HR problem!)
#chaosday19 @aaronrinehart : Moving on to ChaosSlingr an OSS tool for security chaos.
#chaosday19 @aaronrinehart : Q&A Time - what's the difference between pen test and chaos security test? Traditional security tools are very noisy. This is a bit more structured and formulaic.
#chaosday19 @aaronrinehart : How do you create a blameless culture? Security is a bit different and is a bit behind the curve. There's no such thing as root cause (*applause*) or human error
#chaosday19 @aaronrinehart : Explain a bit more on flipping post-mortem to preparation. Usually a multitude of things for security incident in the wild. Sometimes difficult to understand how we got to where we were. Focused approach to chaos helps provide structure.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Tom Leaman @ #chaosday19
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!