Menu
TechEd 2014: Security should be a constant for developers

TechEd 2014: Security should be a constant for developers

Laura Bell, director and lead consultant at Safestack.io, encouraged developers to think like bad people to make organisations more secure.

Bad things can be done for good, and all good developers should learn to be bad people too.

“Security fails when it is special, when it is not integrated into your life. Make continuous noise and it should be constant. Figure out how to break things. Don’t preclude threats; anybody can commit crime, across all ages and abilities. Know where your organisation’s bodies are buried and bring it into everything you do today,” said Laura Bell, director and lead consultant at Safetstack.io.

According to Bell, “Good and bad are problematic words and we need to start separating actions from intentions. Embracing bad behaviour can be challenging but you can avoid common pitfalls and get some good out of it.”

She was speaking about how security should become a constant part of the thinking process for developers and engineers, and how they should try to break into their organisation’s solution sets as part of such thinking at Microsoft's TechEd 2014.

“Before I can tell you how you can do it, I should tell you how not to do it. Don’t go at it without having clear aims, and remember, not all attacks need to be sophisticated and elegant. Don’t romanticise; understand that real crime has real repercussions.

“Don’t make it into a puzzle. You only want to get from A to B in the shortest possible time. And there is always more than one way to do that. Be careful when reporting faults; no one likes to be blamed. Also, just trying to break into your organisation does not make you any less a moral person,” she said.

She then proceeded to take the developers in the audience through some guiding points that they could keep in mind when they try to be bad people.

“Be objective and keep your eyes on the prize. It is rarely about the technology, so don’t get distracted by the layers that an organisation has. Learn to see the things that you did not see before. Notice the unprotected network ports in the boardroom that anyone can clip something to and nobody would notice. See the things that you have been walking past everyday.

“And think like a villain. Remember, you are not paranoid, they are really out there to get you,” said Bell.

She stated that developers should create a safe place to create chaos in, where the bad stuff can be done. Practice has to be done on something that is just like the production environment, or done on the production environment in a scheduled manner.

“Don’t surprise your organisation. Create a space for destruction to happen. Monitor things and stop guilting people when they break things. Reward the breakers and those who point out vulnerabilities. But reward the fixers a little bit more. And when you do this, do it like you mean it, like hundreds of hours have not been spent developing those systems or there is no love behind it. Hackers won’t see all that, and neither should you when you set out to do this,” said Bell.

She encouraged developers to make time for play and break bad for life, not just at one instant.

Bell was presenting on the last and final day of the four-day Microsoft TechEd conference that took place in Auckland this week. More than 2000 IT tinkerers, developers, vendors and partners gathered at the annual event to discuss the latest in the company’s technologies and solutions.

Read more: Siloed approach to security leaves it exposed: Dell Software


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securityMicrosoftTechEdTechEd 2014laura bellsafestack.io

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments