Preview Mode Links will not work in preview mode

Unsolicited Response Podcast

Nov 1, 2023

Kelly joins Dale to discuss her new book Security Chaos Engineering: Sustaining Resilience in Software and Systems. Kelly points out the second part of the title is the most descriptive, and she is not a big fan of the Chaos term that has taken hold.

They discuss:

  • A quick description of Security Chaos Engineering
  • Is there similarity or overlap with the CCE or CIE approach?
  • The value of decision trees
  • Her view of checklists of security controls like CISA's CPG
  • Lesson 1 - "Start in Nonproduction environments"
  • The experiment / scientific method approach and how it can start small
  • The Danger Zone: tight coupling and complex interactions
  • How should ICS use Chaos Engineering