Presentation I delivered at ISSA UK "Application Security - London Chapter Meeting" https://www.eventbrite.co.uk/e/application-security-london-chapter-meeting-tickets-42284085839
3. I’m a CISO focused on
securing our client’s Magic moments
by creating secure environments
that enable and accelerate the business
and contribute to the
top and bottom line
4. Here are my challenges
How to make rational risk based decisions
How to create high performance teams
How to scale Security knowledge
How to drive and enable change
How to map data as graphs
5. We are also hiring :)
Head of AppSec
Head of Cloud Security
15. Chaos Engineering is
carefully injecting harm into
our systems
to test the system’s ability to
respond to it.
16. Chaos Engineering
is the discipline of experimenting on a
distributed system
in order to build confidence
in the system’s capability to withstand
turbulent conditions in production
19. 1. Start by defining ‘steady state’ as some measurable output of a system that
indicates normal behaviour.
2. Hypothesise that this steady state will continue in both the control group and
the experimental group.
3. Introduce variables that reflect real world events like servers that crash, hard
drives that malfunction, network connections that are severed, etc.
4. Try to disprove the hypothesis by looking for a difference in steady state
between the control group and the experimental group.
Chaos in practice - 4 experiments
http://principlesofchaos.org/
20. 1.Build a Hypothesis around Steady State Behavior
2.Vary Real-world Events
3.Run Experiments in Production
4.Automate Experiments to Run Continuously
5.Minimise Blast Radius
Advanced Principles
http://principlesofchaos.org/
21. the idea that “Chaos engineering is
not Testing”
Is caused by
the failure to make TDD (Test-Driven
development) Scale