Context: the answer to life the universe and everything
Wade Winright (Salesforce Security)
What’s the most important thing any security professional or software engineer needs to understand?
Security folks often treat discovered issues as binary: Vulnerable || Secure. Many find what may in a stand-alone state would be severe issues, but deeper understanding and context may find the risk has been reduced or threats/attacks mitigated.
Software engineers may miss classes of security issues/attack surface as they may be considering their final product and the as-designed use cases, rather than failure states, lack of “negative testing”, and edge cases.
We need to understand the context in which any given event, vulnerability, engineering project, or risk may exist, in order to reduce toil, and provide the security and resiliency we all want to see in the world.
This will cover related real world examples of:
- Missed vulnerabilities/Unidentified threats
- False positives/negatives
- Media hype
- Situational awareness
- Incident handling
- Attack surface targeting
Wade is a Director Security Assurance at Salesforce, managing a team super cool folks as we tear apart, and provide solutions for, containers, orchestrations, and other multitenancy and cloudy things. He was last seen in public presenting on Black Swans at Kawaiicon, and has been settling in to life in Aotearoa for the last year++.