Part of the reason security matters is that it's often impossible to regain control of information that is exposed through a security breach. At the same time, we know that no security is perfect and that to some degree, breaches and/or data loss are inevitable.

Drawing on concepts from disaster recovery and harm reduction, this talk will explore the practical implications of considering the aftermath of a security incident during the software development process. From technical approaches like encryption and authentication to more design and policy-oriented strategies like data minimization, the goal of this talk is to empower developers to have meaningful conversations with stakeholders about what it means to take a fully-scoped approach to security for real-world applications.