Moving Fast and Breaking Things - Security Misconfigurations in Practice

Explore the human component of security misconfigurations in this 20-minute conference talk from USENIX Enigma 2019. Delve into the operators' perspective on security incidents, focusing on the root causes beyond simple employee negligence. Examine the Equifax data breach as a prime example of severe misconfiguration and its consequences. Investigate factors contributing to security vulnerabilities, including organizational issues, insufficient budgeting, distrust in tools, and lack of quality assurance. Learn about the application of safety sciences to cybersecurity and the importance of incident roleplaying. Gain practical recommendations for reducing the frequency and impact of security misconfigurations based on research findings presented by Kevin Borgolte from Princeton University.

Introduction
Equifax
Security Misconfigurations
Research Goals
Why
Methodology
Demographics
Prevalence
Reasons
Operators dont believe their company is budgeting
Operators dont trust tools
Insufficient Quality Assurance
Security Awareness
Safety Sciences
Incident Roleplaying