Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Tom Leaman Profile picture
@tleam
Jun 12, 2019 14 tweets 8 min read Read on X
Scrolly
Afternoon talks starting with @aaronrinehart on “Security Precognition - applying chaos to security” #VelocityConf Image
First, what’s Resilience and how it applies to Chaos? Resilience is all about the incident that never happened.

#VelocityConf
We are covering a *lot* during this session... Pictures are worth a thousand words here.

#VelocityConf Image
And it’s time for the mandatory Death Star diagram outlining complexity in our systems slide. It’s used a lot but serves as a constant reminder that: we 👏cannot 👏fully 👏grok 👏how 👏our👏 systems 👏operate.

#VelocityConf Image
We are still designing stateful security in a stateless world... which is concerning - @aaronrinehart #VelocityConf
There are two different types of complexity:
1) Essential, or intentional, complexity (think business functionality)
2) Accidental complexity - inherent complexity that occurs based on design but not necessitated by business function

#VelocityConf Image
Personally, I’m not sold on the “Accidental” complexity terminology. I think most complexity is intentional or considered up front. I’d probably lean more on “no longer desirable” complexity.

#VelocityConf
Security tends to have a very blame centric culture and is highly reactive to incidents. We need to get more proactive! Chaos Engineering can help here. - @aaronrinehart #VelocityConf Image
Putting problems and pain, like security incidents, at the feet of developers is a great method of incentivizing preemptive approaches. This is based on the fact that people operate differently when they expect things to fail.

@aaronrinehart’s meme game is strong

#VelocityConf ImageImage
Chaos Engineering can be used to initiate objective feedback loops about security effectiveness.

Use Chaos to validate your *assumptions* of how security systems operate with *reality*

#VelocityConf Image
What’s the difference between security chaos and traditional red, blue, purple testing?

Chaos is geared more towards cascading elements than “whether a breach is possible”

Note: Chaos security testing isn’t a replacement for the other types of tests!

#VelocityConf Image
We tend to focus a lot of our energy on Malicious attacks (because let’s face it... it’s cool) but the majority of incidents are generated by Human Error (not a thing) and system glitches.

#VelocityConf Image
Diving in to how to run security chaos via Chaos Slingr.

“What would happen if someone accidentally or maliciously introduced a misconfigured port? Would we automatically detect and reject?”

#VelocityConf Image
Here’s a huge list of potential experiments. These aren’t “attacks” per sr but things that can occur during application and system development journeys.

#VelocityConf Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Tom Leaman

Tom Leaman Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @tleam

Tom Leaman Profile picture
Oct 2, 2020
Really excited for this talk by Morgan Weever - Inclusivity Power-Up: Lessons Learned Mentoring Formerly Incarcerated Software Engineers.

It's a group you don't hear about much in DEI.

#vGHC20
For this community mentorship isn't just about the technical knowledge (which is important) but there are some specialized needs for career growth. Additionally, imposter syndrome (a big issue in tech) can weigh heavy for formerly incarcerated individuals.

#vGHC20
Some useful tips for Technical Education regardless of a mentee's background.

"Don't disparage the mentee's educational path" is a big one IMO - more and more folks are entering tech from non-traditional backgrounds which is *awesome*

#vGHC20
Read 10 tweets
Tom Leaman Profile picture
Oct 1, 2020
Next on the schedule today is a workshop: Breathing Life into ERGs: the Impact of a Pandemic and a Racial Justice Movement.

Hoping I can stay concentrated on this session - I've been losing the WFH distraction battle today.

#vGHC #GHC20
Had issues joining via web so I'm going mobile. In to the panel just in time for intros whew! Moira Bohannon, Mercedes Hall and Patreece Spence are all speakers with Beth Dickerson hosting. All from Elsevier.

Definitely appreciate the intros including pronouns
#vGHC #GHC20
Workshops at #vGHC #GHC20 are the more 'interactive' version of virtual events this year. We're getting started with some audience polls to better understand demographics.

Lots of folks coming from SWE and a broad distro of folks across their career stage.
Read 14 tweets
Tom Leaman Profile picture
Sep 30, 2020
Next session at #vGHC20 for me is pretty pertinent: Male Allies: The One "DEI" Thing a Male Ally Can Do Today - a panel including Glenn Block, David Graham, Jason Thompson, and Jeremiah Chan.

Note: DEI == Diversity, Equity, and Inclusion

#vGHC20 #ghc2020
Sobering stat: study by the patent office 12.8% of patent inventors are women. The percentage growth in this area is actually slowing down.. only 2% growth in 15+ years.

This isn't just about recognition for patent creation there's a financial impact as well.

#vGHC20 #ghc2020
Another stat: 9 of 10 venture capital dollars goes to while males according to our moderator Ha Nguyen. Through Spero Ventures she's working to help make those numbers more diverse.

#vGHC20 #ghc2020
Read 14 tweets
Tom Leaman Profile picture
Sep 30, 2020
I'm *really* excited about the next session on my list: Applying Accessibility and Gender Sensitive Design Strategy to API Design with Anwesha Bhattacharjee.

I tend to think of Accessibility == UX so it will be great to see a take on service build out.

#GHC20 #vGHC2020
Dr. Anwesha reiterates my original take: this isn't just about UX. She's a Product Manager at Hopper and formerly a data scientist.

#GHC20 #vGHC2020
This session is geared towards folks in B2B, a product manager/designer role familiar with Design Thinking or are building out a public facing API catalog.

My take: probably pretty important for internal API creation too!

#GHC20 #vGHC2020
Read 11 tweets
Tom Leaman Profile picture
Sep 30, 2020
First talk of the day: "Bonjour! Wie geht es dir? Dhanyawaad" - How Multilingual is your NLP Model? with Shreya Khurana from GoDaddy

#GHC20 #vGHC
Shreya is a Sr. Data Scientist and has done a number of talks on NLP at Python conferences
We're going to be covering:
1. Why Multilingual for NLP
2. How do we go Multilingual
3. What's the future of Multilingual?

#GHC20 #vGHC
Read 18 tweets
Tom Leaman Profile picture
Oct 23, 2019
Time for a live recording of @ArrestedDevOps with @bridgetkromhout @0x74696d @soandsos and @peterjshan #devopsdaysphilly Image
Ethics in software development can be tricky - data may be used in unintended ways. As software devs it’s not always easy to think of these possibilities when we are so focused on delivering “the service.” #devopsdaysphilly
There’s a double edged sword at play - we may not know the usefulness of data points until we have them. But from a privacy perspective we should only be grabbing data that’s relevant to providing the service #devopsdaysphilly
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(