An overview of Security #chaosengineering, as explained with potty training analogies.
(Can you tell what my world has consisted of lately?)
A thread.
1/
(Can you tell what my world has consisted of lately?)
A thread.
1/
#chaosengineering is about injecting turbulent conditions into a system to see how it responds.
Analogy: Pump your kid full of fluids and begin the potty training.
2
Analogy: Pump your kid full of fluids and begin the potty training.
2
The goal of Security #chaosengineering is to proactively test your security posture before an adversary does it for you.
Analogy: You potty train kids before they go to preschool, where it’s required.
3/
Analogy: You potty train kids before they go to preschool, where it’s required.
3/
With Security #chaosengineering, you *instrument* chaos; you don’t act chaotically.
Analogy: You don’t let your kid drink a large apple juice and then sit on your brand new couch.
4/
Analogy: You don’t let your kid drink a large apple juice and then sit on your brand new couch.
4/
With Security #chaosengineering, you learn through failure, and that failure drives meaningful change.
Analogy: Sometimes your kid has to pee their pants to know they don’t like that feeling, and only then will they WANT to use the potty.
5/
Analogy: Sometimes your kid has to pee their pants to know they don’t like that feeling, and only then will they WANT to use the potty.
5/
It’s through #chaosengineering experimentation where you can tease out false assumptions.
Analogy: TIL my kid thought I could squeeze his belly to get the pee out for him. Turns out, that’s not true.
6/
Analogy: TIL my kid thought I could squeeze his belly to get the pee out for him. Turns out, that’s not true.
6/
But Jamie, don’t you say you shouldn’t execute an experiment you know you’ll fail – because there’s nothing to be learned?
Analogy: Technically, my kid didn’t know that last one, so we tried it.
Ok, maybe I concede a bit.
7/
Analogy: Technically, my kid didn’t know that last one, so we tried it.
Ok, maybe I concede a bit.
7/
Great use cases for Security Chaos Engineering include security control validation and incident response.
Analogy: Are your mini potties *actually* accessible? Does your kid *actually* use them?
8/
Analogy: Are your mini potties *actually* accessible? Does your kid *actually* use them?
8/
Once you’ve implemented SCE, executing your experiments on a continuous basis will give you confidence in your security posture.
Analogy: The potty training doesn’t stop after 1 intensive week. You need to keep supporting them so they use the potty forever.
9/
Analogy: The potty training doesn’t stop after 1 intensive week. You need to keep supporting them so they use the potty forever.
9/
You're welcome!