logo
episode-header-image
Yesterday
19m 51s

How BT Tackled 180 Years of Legacy to Bu...

Cloud Security Podcast Team
About this episode

How do you modernize security in a 180-year-old company that operates critical national infrastructure? What does it look like when you discover tens or even hundreds of thousands of credentials hidden across your estate?

In this episode, we sit down with Christian Schwarz, Security Director for Network Services at BT Group , recorded at HashiDays London. Christian shares the immense challenge and strategic approach to standardizing secret management across one of the world's oldest telecommunication companies.

He details BT's journey away from the "moat and a castle" security model towards a future with no passwords for developers , reducing friction and enhancing security by design.


Guest Socials -⁠⁠ ⁠Christian's Linkedin

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity Podcast


Questions asked:

(00:00) - Why Standardizing Secrets is a Challenge

(02:24) - Introducing Christian Schwarz & His Role at BT

(05:50) - Beyond the "Castle & Moat": A New Approach to Security

(07:59) - The Challenge of Securing a 180-Year-Old Company

(10:04) - The Power of Storytelling and Discovering Hidden Credentials

(11:59) - The Starting Point: Threat Modeling Your Critical Infrastructure

(13:48) - The Upside of Standardization: Reducing Cognitive Load for Teams

(16:08) - Fun Questions: Cycling, Innovation, and Favorite Cuisines


Thank you to our episode sponsor HashiCorp

Up next
Jul 15
Why Security Can Be Stricter: A Zero Trust Approach to AppSec with AI
Is AI making application security easier or harder? We spoke to Amit Chita, Field CTO at Mend.io, the rise of AI agents in the Software Development Lifecycle (SDLC) presents a unique opportunity for security teams to be stricter than ever before. As developers increasingly use AI ... Show More
45m 42s
Jul 9
Guide to Hybrid Cloud & Bare Metal Secret Management
Is your organization struggling with secret management across bare metal, hybrid, and multi-cloud environments? Standard cloud-native tools often fall short when you need a single, standardized solution that bridges all your infrastructure.Dan Popescu, Senior Site Reliability Eng ... Show More
32m 23s
Jul 1
"Escape-Proof" Cloud: How Block built an Automated Approach to Egress Control
Many organizations focus on keeping attackers out, but what happens when one gets in? We spoke to Ramesh Ramani, Staff Security Engineer at Block about the real challenge, which is preventing them from leaving with your data. In this episode, Ramesh details the innovative system ... Show More
40m 27s
Recommended Episodes
Oct 2024
Balancing Security with Usability in Cybersecurity
In this episode of Threat Vector, host David Moulton talks with guest speaker Brian Wrozek, Forrester Principal Analyst in Security & Risk, about the complexities of aligning security strategies across global teams. Brian draws on his extensive experience in cybersecurity, operat ... Show More
41m 41s
Nov 2024
Bridging AI and Cybersecurity Gaps with Mileva Security Labs’ Harriet Farlow
Join us in this episode of Threat Vector as guest host Michael Heller shares his conversation with Harriet Farlow, CEO of Mileva Security Labs and a pioneer in AI security research. With a background spanning AI and national cybersecurity, Harriet shares her journey into adversar ... Show More
27m 17s
May 24
From English Literature to Cybersecurity: A Journey Through Blockchain and Security
LINKS: https://distrust.co/software.html - Software page with OSS software Linux distro: https://codeberg.org/stagex/stagex Milksad vulnerability: https://milksad.info/ In this episode of Cybersecurity Today on the Weekend, host Jim Love engages in a captivating discussion with A ... Show More
54m 36s
Sep 2024
Cyber Security Trends and Tips
Join us on the latest episode of Aviation Tech Talks with host, Jim Boccarossa, as we soar into the world of aviation technology! In this episode, we dive deep into the crucial topic of cybersecurity with expert guest, Sagar Pandya, co-founder of Middle Ground Technologies. Disco ... Show More
31m 27s
Sep 2024
CISO vs. Security Engineer
In this episode of Life of a CISO, Dr. Eric Cole dives into the significant differences between security engineers and chief information security officers, a distinction many fail to recognize. He explains that merging these two roles into the same career track is one of the core ... Show More
31m 46s
May 17
The Monthly Cybersecurity Review: Data Breaches, Ransomware, and Critical Infrastructure
In this episode of 'Cybersecurity Today', host Jim Love is joined by panelists Laura Payne from White Tuque and David Shipley from Beauceron Security to review significant cybersecurity events over the past month. The discussion covers various impactful stories such as the disapp ... Show More
56m 44s
Aug 2024
Cyber Security vs Frameworks
In the latest episode of Life of a CISO, Dr. Eric Cole dives deep into the critical difference between compliance and true cybersecurity. He emphasizes that while frameworks and compliance standards are essential, they often focus on checking boxes rather than addressing the holi ... Show More
30m 17s
Aug 2024
Securing SMBs Serving Defense Industrial Base and U.S. Critical Infrastructure
In this episode, Chris Petersen, Co-Founder and CEO of RADICL, and I discuss the challenges of securing the small and medium-sized businesses (SMBs) that serve the United States defense industrial base (DIB) and critical infrastructure. These SMBs play a significant role in suppo ... Show More
40m 59s
Jun 2024
Accor CTO's Hotel Tech Masterclass: Cyber Security, Sustainability and More
In this episode of Hotel Tech Insider, we dive deep into the future of hotels and the technology driving them forward. Our guest, Floor Bleeker, the CTO of Accor, one of the largest hotel companies globally, shares insights into how technology is revolutionizing every aspect of A ... Show More
32m 52s
Listen to millions of songs and podcasts on Anghami