Black Swans: How to prepare for the unexpected

by Wade Winright | Thursday, 2:15pm - 2:45pm

There are events that are going to happen that you will never be fully prepared for. You can be patched to the hilt, have your networks, systems, and applications fully tested and vetted, and you will still run into issues, or be breached via what you do not know and can not predict. How can we be better prepared for the unexpected and prevent those events from having a detrimental effect on our organisations? How is threat modeling bigger than just attempting to prevent threats? How can we prepare for black swan events and ensure recovery? This talk will discuss and describe how a black swan event occurred in which an 0-day was dropped and our instrumentation and preparations were able to turn it into a nothing-burger, protecting the entire platform. I’ll discuss defences in a 6-figure container environment that have saved our bacon and avoided panic over multiple CVE’s. I’ll also talk about some interesting data points that illustrate continuous assurance concepts that illuminate how foundational actions can eliminate or mitigate threats even when a vulnerability or exploit rears its ugly head, or a breach occurs. Attendees should walk away with multiple ideas and concepts that may be applicable in their own processes and procedures to better be prepared for the unpredictable.

About Wade Winright

Wade is the Director of Platform Security at Heroku/Salesforce, managing a team super cool folks as we tear apart, and provide solution for, containers, orchestrations, and other multitenancy and cloudy things. He was last seen in public teaching threat modeling classes at Kiwicon 2038, and has now returned to the land of milk and manuka honey permanently.