Embracing Risk Responsibly: Moving beyond inflexible SLAs and exception hell by treating security vulnerabilities and risk like actual debt

Presented at BSidesSF 2022 Rescheduled, June 4, 2022, 1:30 p.m. (50 minutes)

At Segment, we were sick of having breached SLAs; we were tired of a junk drawer of exceptions that continued to grow without bound. Two years ago we decided to move beyond inflexible SLAs and permanent exceptions to enable our business to “Embrace Risk Responsibly” by treating vulnerabilities like debt.

Presenters:

• Eric Ellett - Segment
  I have been at Segment since 2018 and built out their application, cloud, and product security program, and now the Senior Director of R&D Security within Twilio. I've been heavily focused on building innovative security programs with a heavy emphasis on engineering principles and a deep partnership with our engineering counterparts.

Links:

• https://bsidessf2022.sched.com/event/rjpD/embracing-risk-responsibly-moving-beyond-inflexible-slas-and-exception-hell-by-treating-security-vulnerabilities-and-risk-like-actual-debt