Kelly Shortridge is currently VP of Product Strategy at Capsule8. Kelly has spoken at notable technology and information security conferences internationally, including Black Hat USA, Velocity, AusCERT, Hacktivity, Troopers, and ZeroNights. In total, Kelly has spoken at over 30 conferences in 7 countries across 4 continents, and presented at numerous private corporate and government events, including at Fortune 500s and publicly-traded Silicon Valley tech companies.
Kelly previously served in product roles at SecurityScorecard and BAE Systems Applied Intelligence after co-founding IperLane, a security startup which was acquired. Kelly began their career as an investment banking analyst at Teneo Capital covering the data security and analytics sectors.
When not working or speaking, Kelly can be found weightlifting, worldbuilding, playing RPGs, enjoying NYC’s artistic offerings, or reading sci-fi.
Kelly is known for speaking on the following topics:
You may find a full list of Kelly’s prior public speaking engagements here: https://swagitda.com/speaking/
We’ve all heard “software is eating the world” – that most organizations are becoming software organizations in some form. In this new era, DevOps rises as the engine of the business, and organizations resisting its ascension empirically fall behind. Those in information security often view DevOps as demons by another name and assume that if they aren’t a hyperscale tech organization, they can safely ignore these trends.
In reality, information security has a choice: marry with their DevOps colleagues and embrace the philosophy of controlled chaos, or eventually be shoved aside, descending into impotence and irrelevancy. In this session, we’ll explain the basics of DevOps and the concepts of resilience and chaos engineering. Using large-scale survey data, we’ll illuminate which factors determine whether an organization is “elite” in this software-dominant world. We’ll then uncover how DevOps’ priorities and goals aren’t so dissimilar from modern infosec’s goals.
We’ll delve into implications for security programs, particularly the shift from security for its own sake to security as an enabler of business objectives. Then, we’ll expose why chaos and resilience engineering represents the future of security programs – and why it catalyzes the dawn of defensive innovation. We’ll show how chaos and resilience fit with the C.I.A. triad and why the D.I.E. triad of distributed, immutable, and ephemeral might be the model of the future. Focusing on practical implementation, we’ll examine metrics, GameDays, and existing resiliency tools that security teams can adopt and extend to meet their goals.
Finally, we’ll propose pragmatic approaches for security teams to make a marriage to DevOps last through a love of controlled chaos. We’ll conclude by discussing partnership opportunities with DevOps to support the organization on its path to leetness – and to transform security from a frustrating cost center to a lean, mean, innovation machine.
|Controlled Chaos: The Inevitable Marriage of DevOps & Security||Black Hat USA||August 2019|
|The Red Pill of Resilience (Keynote)||Countermeasure||November 2017|
|Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game||Black Hat USA||July 2017|