Principles For Secure & Reliable Systems • Eleanor Saitta • GOTO 2023

This presentation was recorded at GOTO Aarhus 2023. #GOTOcon #GOTOaar https://gotoaarhus.com Eleanor Saitta - International Security Researcher & Co-founder of Open Source Tool Trike @eleanorsaitta4486 RESOURCES https://dymaxion.org https://linkedin.com/in/dymaxion https://twitter.com/Dymaxion https://infosec.exchange/@dymaxion ABSTRACT Whether you're building a new system with an established team, trying to tame a legacy ecosystem, or starting from scratch, how you think about security and reliability has a big impact on how hard they are for you to achieve. In this session I'll give you some tools for reframing the way you think about these problems, and explore how they're linked, too. Specifically, we'll look at security and reliability from the perspective of design principles, both in terms of the technical design of your system architecture and security and operations tooling, and in terms of the design of the organization that's doing the work, especially how it communicates and makes decisions. By the end of this talk, you should understand some of the structures you need in place to achieve good and sustainable outcomes for your team. [...] TIMECODES 00:00 Intro 00:52 What is a system? 02:30 Properties you care about 04:17 What is security? 06:36 What is resilience? 08:07 State & logic 10:02 Immutability & ephemerality 12:54 Minimal, canonical state 15:29 Unlinkability 17:43 Code is not an asset 20:35 Declare, don't program 25:22 Design for failure 33:20 Product security 37:33 Quick tips for starting from zero 39:19 Outro Download slides and read the full abstract here: https://gotoaarhus.com/2023/sessions/2698 RECOMMENDED BOOKS Liz Rice • Container Security • https://amzn.to/3oU4iJe Liz Rice • Kubernetes Security • https://www.oreilly.com/library/view/kubernetes-security/9781492039075 Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz Erdal Ozkaya • Cybersecurity: The Beginner's Guide • https://amzn.to/2T6OIj3 https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.facebook.com/GOTOConferences #Security #AppSec #Cybersecurity #CNCF #EleanorSaitta #Phishing #PhishingAttack #U2F #U2FToken #WAF #Compliance #Yubikey #SSO #Resilience #ResilientSecurity #Ephemerality #Immutability #OAuth #Programming #Privacy #eBPF Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1