chaos engineering security chaos engineering DevSecOps DevOps Transformation Digital Transformation software engineering Distributed Software Systems Software Craftsmanship software testing cyber security
Washington, D.C., United States
Aaron Rinehart currently serves as CTO for Verica.io and was the former Chief Security Architect at United Health Group. Aaron has worked and consulted in the field of Information Security and Technology for organizations such as the Department of Homeland Security (DHS), National Aeronautics and Space Administration (NASA), and the Department of Defense (DoD). Rinehart has been a featured speaker at several media outlets and conferences, most notably the National Press Club in Washington, DC, RSA, HITRUST and ABC News. Rinehart has been interviewed and quoted in various publications including the Huffington Post, Medill News Service, OpenSource.com, Network World, and MarketWatch.
In this session we will cover the ‘table stakes’ or the minimum foundational components in what it means to deliver high quality secure software in today’s software driven world. From gaining visibility into the software supply chain to building empathy with engineering teams through DevSecOps practices we will dive through what it takes to play the bare minimum hand and how that contributes to improving value-velocity and faster adoption of more advanced techniques such as Chaos Engineering.
Large scale distributed systems have unpredictable and complex outcomes that are costly when incidents occur. This session will cover the foundations of Chaos Engineering and how the craft has evolved to advance DevSecOps and Incident Response. Chaos Engineering allows for Incident Response teams to experiment on recurring incident patterns to determine underlying factors within the environment that are causing frequent repeat incidents. Furthermore using Chaos Engineering techniques, allows incident response and product teams to derive new information about the state of security within the system that was previously unknown. Within this new paradigm of instrumentation where we proactively conduct “Pre-Incident” vs. “Post-Incident” reviews we are now able to more accurately measure how effective our incident response teams, tools, skills, and procedures are during the manic of the IR function.