Skip to content

Scaling application security to 100+ teams at HMRC Digital

Network event
115 attendees from 14 groups hosting
Photo of Shelagh Jones
Hosted By
Shelagh J.
Scaling application security to 100+ teams at HMRC Digital

Details

We'll peel back the covers on how we secure the 1000+ microservices and 1500+ deployments per month at HMRC Digital, part of the UK’s tax agency.
Security incidents such as Log4Shell and news reports of data leaks are always a risk to digital services. At HMRC Digital we need to take proactive steps to ensure we’re protected from known vulnerabilities and that we’re in a position to react quickly and confidently to incidents as they occur.

We’ll share security insights and lessons learned over the years, including:

  • why we created an application security team to proactively search for problems
  • how we identify vulnerabilities prior to live deployments
  • how we increase buy-in from teams to shift security left
  • why leaning on an opinionated tech stack boosts our security position
  • how a service catalogue can power security collaboration

SPEAKERS:
Ben Conrad
Head of Product for HMRC’s Digital Tax Platform
HM Revenue & Customs

Head of Product for MDTP and Profession for DevOps has worked at HMRC for 6 years on the Multi-channel Digital Tax Platform (MDTP) a Platform as a Service that now hosts over a thousand microservices. Working across the different teams who develop the platform itself trying to ensure that HMRC are always able to meet the needs of their direct customers.

Gerald Benischke
Software Engineering Consultant at Equal Experts

Gerald Benischke has a software engineering career spanning 25 years in the public, financial and telecoms sectors. He is consulting with Equal Experts and currently is leading the AppSec programme at HMRC Digital, having previously been an architect and technical lead in the delivery of flagship HMRC programmes. He has previously worked with MoneySuperMarket, Barclays and MBNA as software architect, tech lead and senior developer. His primary interests are around middle-tier services, databases, security, automation and functional programming.

**

This talk will be recorded and a link to the recording added in the Comments after the event.

Events in Application SecuritySoftware Security
Responsive Web DesignTest Driven DevelopmentContinuous Integration
Photo of ExpertTalks Reading group
ExpertTalks Reading
See more events
ExpertTalks Reading
Photo of ExpertTalks Reading group
Online event
This event has passed
Photo of ExpertTalks Reading group
ExpertTalks Reading
public group