DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Integrating PostgreSQL Databases with ANF: Join this workshop to learn how to create a PostgreSQL server using Instaclustr’s managed service

Mobile Database Essentials: Assess data needs, storage requirements, and more when leveraging databases for cloud and edge applications.

Monitoring and Observability for LLMs: Datadog and Google Cloud discuss how to achieve optimal AI model performance.

Automated Testing: The latest on architecture, TDD, and the benefits of AI and low-code tools.

Related

  • Challenge Your Cybersecurity Systems With AI Controls in Your Hand
  • When To Boost Your Authentication Strategy: Signs for Security Enhancement
  • Why Is SaaS Compliance Important?
  • Best Practices To Secure Data Transmission

Trending

  • A Better Web3 Experience: Account Abstraction From Flow (Part 1)
  • Monetizing APIs: Accelerate Growth and Relieve Strain on Your Engineers
  • Spring Authentication With MetaMask
  • Five Free AI Tools for Programmers to 10X Their Productivity
  1. DZone
  2. Data Engineering
  3. Data
  4. 10 Things I Learned About Security at Velocity

10 Things I Learned About Security at Velocity

Now, more than ever, data security is essential. SafeStack founder Laura Bell gave a great talk at New Zeland's Velocity Conference, offering these 10 tidbits.

Fredric Paul user avatar by
Fredric Paul
·
Jun. 08, 15 · Interview
Like (0)
Save
Tweet
Share
3.57K Views

Join the DZone community and get the full member experience.

Join For Free

[This article was written by Fredric Paul]

For many people, data security is like a morality play: good guys trying to protect honest citizens from the marauding bad guys. It turns out, though, that the best way to provide that protection may be for the good guys to think more like the bad guys.

That was the central message of New Zealand security consultant Laura Bell’s keynote presentation at the Velocity Conference last week. Bell, founder of SafeStack (with the awesome Twitter handle of @lady_nerd), gave an engaging, thoughtful presentation that challenged engineers to think differently about security. I recommend you watch the entire 18-minute presentation in the video below, but if you don’t have time, here are 10 key points I took away from the session:

Laura Bell

  1. To protect yourself, you need to “think like a villain.” Not everyone plays by the same rules you do. Security plays by different rules than engineers.
  2. Remember that attackers are not after your technology. They’re not after your applications. They’re after the precious data inside your applications. That’s what you need to protect.
  3. The days are gone when companies could rely on one person or even a group of people to be the security champion. Today, “every last one of [us] is responsible for the security of your systems and applications.”
  4. “We are all liars, cheats, and thieves,” Bell said. That’s OK, she added, mostly because we feel that no one is getting hurt. The key is to be able to distinguish actions from intentions—“we can understand actions without becoming psychopaths.”
  5. Acting “bad” is difficult for many engineers, Bell said. “We love puzzles and building things” while breaking into applications is destructive. Engineers often shy away from that.
  6. Ask yourself: How would you break into your own house? Then ask yourself, how would you break into your applications?
  7. Most data breaches do not follow the Hollywood ideal of a carefully planned, elegant cyberattack. Most attacks are simple, not sophisticated—crude, quick-and-dirty attacks using lies to dupe people who control the most likely attack pathways.
  8. It’s useful to create a safe place to do bad things, what Bell calls “destructive security play.” This should not be production!
  9. In that space, play like you never read the rulebook. You have to forget all the rules you know, Bell said, “Because they’re not right.” You have to get over your fear and realize, “It’s OK to break it.” Be creative. Dealing with chaos is an important element of security.
  10. You need to start today … the bad guys are already at work!

Watch Laura’s full Velocity presentation below:

Oh, and one final legal note: Bell said her lawyer requires her to warn everyone: “Please do not do actual crime. Do not encourage others to do actual crime.”

Seems like good advice…

Data security Velocity (JavaScript library)

Published at DZone with permission of Fredric Paul, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Challenge Your Cybersecurity Systems With AI Controls in Your Hand
  • When To Boost Your Authentication Strategy: Signs for Security Enhancement
  • Why Is SaaS Compliance Important?
  • Best Practices To Secure Data Transmission

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: