Taking the Human Element to The MAX

In the aviation world, when bad things happen there is a culture of avoiding the blame game and instead focusing instead on how we can learn from our mistakes to make everyone safer. With the issues surrounding the 737 MAX series of aircraft over the past couple years, the FAA and NTSB have again held the line on focusing on safety and learning from mistakes despite media sensationalization. But we in the cybersecurity community can also take advantage of this learning opportunity. With news and whistleblower accounts of the design and quality issues leading to the MAX series aircraft, there are many parallels to what happens in the cybersecurity space when we fail to properly account for and incorporate the human element into our programs. In this presentation, we will take that same approach of not bashing or blaming but focusing on learning. We’ll step through the issues that have come to light regarding the 737 MAX series and show how those correlate to cybersecurity. We’ll identify what lessons we can learn and how we can apply those when selecting technology and building processes for our organizations’ security programs. Finally, we’ll discuss the Swiss Cheese model as it applies to cybersecurity and examine best practices for closing those holes before they align and result in disaster.