Kelly joins Dale to discuss her new book Security Chaos Engineering: Sustaining Resilience in Software and Systems. Kelly points out the second part of the title is the most descriptive, and she is not a big fan of the Chaos term that has taken hold.

They discuss:

• A quick description of Security Chaos Engineering
• Is there similarity or overlap with the CCE or CIE approach?
• The value of decision trees
• Her view of checklists of security controls like CISA's CPG
• Lesson 1 - "Start in Nonproduction environments"
• The experiment / scientific method approach and how it can start small
• The Danger Zone: tight coupling and complex interactions
• How should ICS use Chaos Engineering