Shift Left Editor Deb Radcliff interviews Kelly Shortridge, author of Security Chaos Engineering: Sustaining Resilience in Software and Systems.
Kelly Shortridge is Senior Principal Engineer at Fastly, a cloud services platform that helps developers extend their core cloud infrastructure to the network edge. We met at the RSA Conference where she was signing her recently-published book about software resilience through security chaos engineering.
In this twenty-minute video interview, we talk about why she wrote this book, how she defines security chaos engineering, how it compares to security platform engineering, and how to use these concepts to nurture developer productivity while not killing their souls with overly prescriptive security checklists.
She wrote the book because she feels the cybersecurity sector doesn’t understand software development very well or the constraints developers are under. And because security has an almost imperialist approach focused on stopping anything bad from happening, which she feels is impossible for developers to maintain. On the development side, she believes security needs to be demystified by embracing and extending practices software engineers already use.
“Chaos engineering is based on the foundation of resilience, preparing for failure, moving quickly, and cultivating a feedback loop,” Shortridge says. “How can we transform the way we approach security across the software delivery lifecycle in a way that aligns with software goals?”
The book is packed with information, charts, tables, and advice that is presented in easy-to-digest bytes for developers, their managers, and product security officers. “To borrow from Dune, fear is the mind-killer,” she adds. “Start small. A lot of the practices you already use for software quality can be adopted and adapted to sustain resilience against attacks.”