“Move fast with stable infra.”
This was Facebook CEO Mark Zuckerberg’s update on the old Silicon Valley bon mot “move fast and break stuff,” and perhaps the best single descriptor of how the company evaluates security and avoids the types of data breaches that are rapidly becoming endemic as more of life moves online.
Zuckerberg hit the cybersecurity topic hard during Facebook’s F8 developer conference last week, referencing it in his keynote address and throughout the event.
While the security information drew some interest, the topic was still far from top of mind at the conference – with so many other technological goodies on display, the consumate bummer that is cybersecurity was often pushed into the second tier.
However, Jennifer Henley, Facebook’s director of security operations, did offer some insight into how Facebook stays secure during her panel. The “Hacktober” event that Facebook hosts in the fall actually brings in security experts to try and trick their way into the Facebook system using tactics like phishing scams on employees. Other tactics employed during Hacktober include festooning the Facebook offices with random USB sticks and other media labeled “confidential” in order to see which employees stick them into their computers, Henley explained.
The point of Hacktober, Henley explained is to “stage scenarios to spark employee awareness.”
Facebook security engineer Ted Reed also offered security suggestions to the assembly, though his were somewhat more technical than strategic. Reed recommended that conference attendees tell coders to remove any secret tokens or keys that may be lurking around in your company’s source code.
Reed explained that things like these can be exploited by hackers to infiltrate a company’s back end, Reed said.
“It is hard,” Reed said. “But it is very, very worth it.”