Information Safety

Improving technology through lessons from safety.

Secure360 Handouts

Secure360 Update: I’ve been asked by a couple of people to share a version of my slides that better shows how my talk presented the ideas in my references post.

To answer that request, I’ve posted a low-res version of the slides with some of my talk notes here.

These notes will probably make more sense if you’ve seen the talk, which was recorded for conference attendees (but not currently publicly available).


Chaos & Resilience Engineering @ Secure360

I’m speaking at Secure360 on May 5, 2020, presenting an updated version of Chaos & Resilience Engineering. As I’ve done before, I won’t be posting copies of the slides. Instead, I’m posting an updated list of references from the talk here.

Note: this post includes some additional references that are not in the final version of the talk (italicized)

My story is told in three acts: My journey to find chaos engineering (ACT I), Chaos engineering and how resilience engineering complements it (ACT II), What I’ve learned so far (ACT III), and How to get started with chaos & resilience engineering (END).

ACT I: My Journey to Chaos Engineering

ACT II: Chaos & Resilience Engineering

ACT III: What I’ve learned so far

END: How to get started with chaos & resilience engineering


Chaos & Resilience Engineering talk

I’m giving a talk next Tuesday (9/24) at at the September OWASP MSP Meeting on “Chaos & Resilience Engineering”. Because the talk is told as a story and a demo, I won’t be posting copies of the slides, but I am including an abstract and a list of references here. The talk tells the story of my journey to find chaos engineering, introduces chaos engineering, describes how it is complemented by resilience engineering, and discusses how to get started and join the movement.


Chaos engineering started at Netflix in 2011 with the invention of the Chaos Monkey, a tool that intentionally disrupted systems on the production network to discover systemic weaknesses so that they could be removed. Since then, the Chaos Monkey has grown to become the Simian Army, and chaos engineering has spread to a global community that develops free & commercial tools to facilitate experiments in QA and production.

My journey to chaos & resilience engineering started in 2009 with my desire to find a better way, leading me to the world of safety science and to its connection to the work at Netflix, Etsy, and elsewhere. In this talk, I’ll explain chaos engineering, the prerequisites for doing it in production, and how it relates to resilience. I will share some of the work I’ve done in chaos engineering (in a small way) and resilience engineering (in a larger way), and also ask attendees to share their own experiences in chaos & resilience engineering - you might not or realize how easy it is to get started, or know that you’re already doing it!

My Journey to Chaos Engineering

Chaos & Resilience Engineering

How to get started and join the movement