Security Styles • Eleanor Saitta • GOTO 2022

This presentation was recorded at GOTO Amsterdam 2022. #GOTOcon #GOTOams Eleanor Saitta - International Security Researcher & Co-founder of Open Source Tool Trike ORIGINAL TALK TITLE What Style of Security Do You Want? ABSTRACT There is a spectrum of styles for “doing security“ that companies adopt. Eleanor Saitta works with a lot of teams who are just starting out on their security journeys, and folks working in a different style can be a real source of conflict, even when there’s sufficient time and investment for security work and a non-antagonistic relationship between teams. In this talk, Eleanor will look at: • The contexts where each style crops up • The styles that she steers her clients toward • And what that implies technically The past few years have seen a significant increase in attack impact and rate worldwide, and the some styles of doing security are notably less effective in a modern attack environment, making it a loaded choice for a team trying to get started [...] TIMECODES 00:00 Intro 00:56 How do you stop phishing? 04:04 How do you work with other teams? 06:18 How do we defend a service? 07:54 How do you handle compliance? 11:27 How do you fix vulnerabilities? 13:42 How do you handle mistakes? 16:11 How do you make decisions? 17:29 Quick tips for starting from zero 20:33 What is a system? 22:35 Properties you care about 24:16 What is security? 26:34 What is resilience? 27:00 Designing for resilient security 27:24 Adversaries 28:28 Personas to examine 30:10 Component principles 30:32 State & logic 30:55 Immutability & ephemerality 32:02 Minimal canonical state 33:12 Unlikability 33:40 Process principles 33:47 Declare, don’t program 34:53 Design for failure 35:25 Decentralize decision-making 36:11 Slack 37:35 Outro Download slides and read the full abstract here: RECOMMENDED BOOKS Liz Rice • Container Security • Liz Rice • Kubernetes Security • Aaron Parecki • OAuth 2.0 Simplified • Aaron Parecki • OAuth 2.0 Servers • Aaron Parecki • The Little Book of OAuth 2.0 RFCs • Erdal Ozkaya • Cybersecurity: The Beginner’s Guide • Richer & Sanso • OAuth 2 in Action • Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 • #Security #AppSec #Cybersecurity #CNCF #EleanorSaitta #Phishing #PhishingAttack #U2F #U2FToken #WAF #Compliance #Yubikey #SSO #Resilience #ResilientSecurity #Ephemerality #Immutability #OAuth #Programming #Privacy #eBPF Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at Sign up for updates and specials at SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
Back to Top