The single most important thing to many cybersecurity groups is getting systems onto a patching schedule. However, one of the mantras of DevOps is "Cattle not pets" (and more recently, "Chicken not pets"). If a pet gets sick, you take it to the vet and get it "patched" up, but when a chicken is sick, the chicken farmer just disposes of it because there are already many more to take its place. Today, cloud-native applications are built to run on ephemeral infrastructure that is more like a flock of chickens than a pack of house pets but the mindset of cybersecurity professionals hasn't caught up. They still have a device-centric view of the world. They still talk in terms of IP addresses and hosts rather than in terms that are more suited to cloud-native. What's needed is an app-centric view of the world but how do you achieve that?

This talk is a discussion of a set of misconceptions, like the ongoing importance of patching, and how to adapt your cybersecurity to better align with cloud-native computing paradigms.