Introducing SCS Speaker Astha Singhal
It was back in 2011, when Netflix released Chaosmonkey. I had barely heard of Netflix before and I was stunned by the purpose of Chaosmonkey: It’s a tool that causes service breakdowns within your perimeter. The idea is to improve fault tolerance and, ultimately, resilience. Sure, I had championed scripted deployments, automatic builds and configuration tests with my customers. I had done many of the easy things. But here was a company that was so mature that it wrote software to create havoc within it’s perimeter. The mere existence of Chaosmonkey put Netflix high on a pedestal of DevOps heroes.
Astha Singhal, Engineering Manager with AppSec at Netflix
In 2017, I attended a talk by Netflix security engineer Ian Haken at Usenix Enigma. He talked about bootstrapping security. Essentially, the problem of providing secrets to thousands of microservices in the cloud in a secure and automatic way without allowing the deployment tools, the developers and system administrators to see them. Dear lord, he presented a solution to a problem I had never thought about before.
Again: These Netflix guys seemed light years ahead of the crowd and I started to wonder what else they might have up their sleeves. So I started to look for a potential Netflix speaker for Swiss Cyber Storm. Ideally, somebody who had made the transition her- / himself, somebody who had moved into the Netflix environment and who was able to talk about the experience.
Enter Astha Singhal. Astha was working at a large enterprise software company where code was being written in two week sprints, but only released to customers once every three months. Doing product security in this environment was a lot different than at her new job as an Engineering Manager with AppSec at Netflix. Her approach to security had to change a lot in trying to achieve the same security objectives in an entirely different environment.
Astha Singhal hiking in Norway
We want Astha to share this transition journey with us and introduce us to the special culture at Netflix. Security is only partially a technical problem. The social problem is creating a culture that is actively striving to build secure services (and management that allows the creation of Chaosmonkey!). If that is granted, then trust between security teams and business will be established and security and resilience will flourish.
Astha Singhal holds a master’s in information security from Carnegie Mellon University. She is a member of the OWASP crowd, a co-organiser of BSides San Francisco and was featured as Women of the Month at Salesforce in June 2016. She is used to climbing high mountains and, above all, she is a gifted speaker and we are very happy to have her in our program.
More about Astha Singhal:
- Twitter: Astha Singhal
- Video of AppSec Cali Presentation: We come bearing gifts
- Interview with Fairy God Boss: Starting your career with advice from a security whiz
The early bird ticket period is going to be over in a couple of days. So if you want a premium price into our conference, it is now time to buy your entry.
Christian Folini, Program Chair
