Information Safety

Improving technology through lessons from safety.

Secure360 2024

Today I spoke at Secure360 2024! My talk, Security Differently, builds on my earlier post on the topic.

The session was very well attended, so if you were there, thank you! We filled the room - standing room only - 150 people checked in. I got some great and challenging questions at the end, I appreciated everyone’s engagement!

Here is the link I shared in the QR code at the end: https://bento.me/jbenninghoff.

Session Description

Cybersecurity, especially traditional security, has stagnated; adding security controls hasn’t appreciably improved outcomes and we continue to struggle with basic problems like vulnerabilities. Safety faced a similar problem 10-15 years ago; scientists and practitioners saw that safety outcomes were stagnant and concluded that the traditional method of avoiding accidents through centralized policies, procedures, and controls was no longer driving improvements.

I believe we’re seeing the same thing in security: historically, we’ve focused on constraining worker behavior to prevent cybersecurity breaches, and the limits of that approach are becoming increasingly clear. Adapting concepts from Safety Differently and Safety II offers a solution, by supporting success and focusing on positive capacities. In this talk, I will present practical advice on how to create a security program based on modern safety principles using evidence from both security and safety, and how it changes the role of the security professional.

Slides

My slides with notes, including references, are here.

Video

While the talk was not recorded, I did create a short video to promote the talk, you can watch that here.