What to do when things go wrong - designing in visibility & observability & security

• Everything will eventually break - make a plan
• If you can make it, you can hack it – make a plan
• The weakest link is often the humans – make a plan
• A plan is just another workflow!
• Some stories of mega-oops. Crowdstrike, Reply-all, fragile file names, shared drives, live-on-air post-its on monitors…
• Think like a baddie - security start with line 1 of your planned workflow, zero-trust red team / blue team speed dating - will your workflow survive your colleagues?

Learning outcomes

• Understanding the difference between a prototype and a production workflow
• Basic understanding of workflow security topics
• Understanding that defenders have to succeed every time, attackers only have to succeed once
• Basic understanding of how fragile workflows can be