From the very beginning of the Internet, humans have struggled with how to trust in the digital world. Neuroscience studies are gradually uncovering clues as to how our brains process digital cues, and how we adapt to an increasingly extensive digital presence around us. As the scale of that presence increase exponentially so is the complexity of applications that process, represent, and protect the digital transactions, the identities, and the actions that we undertake every day. Today application security is a race against bad actors. We have fairly effective tools to separate humans from digital entities and test trustworthiness of certain actions, but we are wholly unprepared for a world when a digital entity passes the Turing test. This talk takes us through the concept of trust, how our brains process trust, and how we may arrive to decision making based on trust in the digital realm. We will examine how the infusion of machine learning and AI impact design principles for application security. Why we must design applications and systems with real-time controls that operate at scale and respond automatically to dynamic and intelligent adversaries.
Security is a complex topic filled with jargon and subtle nuances. The "weakest link" challenge in security means we must be concerned with every threat vector and apply best practices universally. This becomes challenging when we need to bring developers and operators into the fold, since our infrastructure and applications are critical to the our security posture. Instead of expecting everybody to become an expert in security, we need to make security more approachable for these audiences. In this talk, we discuss how to apply best practices and make them accessible to developers and operators through APIs, secure by default platforms, and policy as code.