Security is now important to all of us, not just people who work at Facebook, but it is a complicated domain with a lot of concepts to understand. In any technical ecosystem there is a blizzard of security technology as well as the generic concepts like keys, roles, certificates, trust, signing and so on. Yet none of this is useful unless we know what problem we’re really trying to solve.
In this talk we dive into the fundamentals of system security to introduce the topics we need to understand in order to decide how to secure our systems. We’ll cover topics like risk assessment, threat modelling, policy definition and core security design principles before considering which specific technologies we should then apply to mitigate the security risks that we have identified.