What Style of Security Do You Want?

Explore various security styles and approaches in this 38-minute conference talk from GOTO Amsterdam 2022. Delve into topics such as phishing prevention, team collaboration, service defense, compliance handling, vulnerability management, and decision-making processes. Learn quick tips for starting a security program from scratch, understand the concept of a system, and explore key properties in security. Examine the definitions of security and resilience, and discover how to design for resilient security. Investigate adversaries and relevant personas, and explore component and process principles including immutability, ephemerality, minimal canonical state, and decentralized decision-making. Gain valuable insights into modern security challenges and effective strategies for addressing them in various organizational contexts.

Intro
How do you stop phishing?
How do you work with other teams?
How do we defend a service?
How do you handle compliance?
How do you fix vulnerabilities?
How do you handle mistakes?
How do you make decisions?
Quick tips for starting from zero
What is a system?
Properties you care about
What is security?
What is resilience?
Designing for resilient security
Adversaries
Personas to examine
Component principles
State & logic
Immutability & ephemerality
Minimal canonical state
Unlikability
Process principles
Declare, don't program
Design for failure
Decentralize decision-making
Slack
Outro