New Video from @CloudSecurityPodcast: Christian Schwarz of BT Discusses Large-Scale Secret Management and Security Approaches

In this video, Christian Schwarz of British Telecom (BT) shares his experience with large-scale secret management and his approach to security. BT, a company with 180 years of history, faces unique security challenges due to its technological legacy and the complexity of its infrastructures. Christian explains how BT has evolved from a security model based on perimeters and fortresses to a more modern and decentralized approach.

One of the main challenges addressed is the management of secrets and passwords. Christian emphasizes that malicious actors often target privileged accounts or password management systems to compromise networks. To counter this, BT has adopted an approach aimed at reducing the number of passwords and centralizing the management of secrets securely. This initiative aims to decrease the cognitive load on teams and facilitate the adoption of security practices.

Christian highlights the importance of storytelling to raise awareness about security among teams. He mentions the use of red teams to simulate attacks and demonstrate vulnerabilities, which helps convince teams of the importance of security. Additionally, the use of visibility tools to identify secrets within the infrastructure is crucial for understanding the extent of the problem and implementing appropriate solutions.

The standardization of secret management at BT began with threat modeling to understand attack surfaces and threat vectors. Christian explains that this approach allowed for the definition of design models and templates that can be reused in different parts of the organization. This not only reduced the cognitive load on teams but also created intrinsic motivation to adopt good security practices.

In terms of results, Christian admits that the work is not yet complete, but teams are beginning to see the benefits of this approach. Reducing friction related to password management and adopting standardized solutions have greatly facilitated the work of the teams. Christian hopes that this initiative will lead to a broader adoption of security practices motivated by an intrinsic understanding of their importance.

Outside of his work, Christian is passionate about cycling and enjoys spending time in nature. He is also proud of his role in innovation within the companies where he has worked, although this is not always evident on social media. Finally, Christian shares his love for French and Ethiopian cuisine, emphasizing the importance of sharing good meals with friends.

To learn more about Christian's experiences and security practices at BT, you can watch the full video at the following address: https://www.youtube.com/watch?v=Sy_AMHGkVJg