The Security Chaos Engineering Book

Information security is broken. Users and customers continually entrust companies with vital information, and companies continually fail to maintain that trust. Year after year, the same attacks are successful. But the impact has become greater. Those who build, operate, and defend systems need to acknowledge that failure will happen. People will click on the wrong thing. The security implications of code changes won’t be clear. Things will break.

In this report, Aaron Rinehart and Kelly Shortridge explain how engineers can navigate security in this new frontier. You’ll learn the guiding principles of security chaos engineering for harnessing experimentation and failure as tools for empowerment—and you’ll understand how to transform security from a gatekeeper to a valued advisor. Case studies from Capital One and Cardinal Health are included.

  • Apply chaos engineering and resilience engineering to securely deliver software and services
  • Transform security into an innovative and collaborative engine for enhancing operational speed and stability
  • Anticipate and identify security failure before it turns into an incident, outage, or breach
  • Harness failure to continuously improve your security strategy
  • Learn your systems’ ability to handle security-relevant failures such as system exploitation and server failures
  • Apply a series of controlled experiments in engineering testing processes

The report is available for free in the O'Reilly Library and as a free download (requires filling out a form).

This book is the beginning of what will be a massive shift in how the industry thinks about security as an engineering practice.

Casey Rosenthal (@caseyrosenthal), CEO & co-founder of Verica; formerly the Engineering Manager of the Chaos Engineering Team at Netflix