How HMRC Digital secures services at scale | Equal Experts

Clients
Services
Our people
- Back
- Our people
  A diverse community of software professionals, united by our values.
  Our people
- Our people - Overview
- Our people
- Join us
  - Join us
  - Typical roles
Insights
- Back
- Insights
  Read about industry trends, and explore our range of articles, webinars, playbooks, tools and blog posts.
- Insights
- Data: Use. Explore. Avoid.
  
  Insights into what to use, explore or avoid when it comes to all-things data.
- Expert Talks Online
  
  Online webinars covering all things software. Intriguing discussions for curious minds.
- Playbooks
  
  Good practice guides based on years of experience.
- Blog
  
  Industry and tech insight from our leading team of experts.
Contact us
- Back
- Contact us
  Our experienced teams deliver software all around the globe.
  Contact us
  Join us
- Contact us - overview
- Our offices

This event took place on Sep 07, 2022

Approximately 1 hour(s) with question time included.

About this event

HM Revenue & Customs is the tax collection authority for the United Kingdom government. The department is responsible for the collection of revenue (taxes and duties) from all UK taxpayers, be they citizens or businesses. We work together with the Government Digital Service (GDS) and other departments to ensure the services we provide are built to common strong standards.

This session peels back the covers on what it is like to secure HMRC’s digital tax platform, which is built on AWS and comprises 1000+ microservices built by 100 teams with ~1500 deployments a month. Security incidents such as Log4Shell and news reports of data leaks are always a risk to digital services, and at HMRC Digital we’re in a position to react quickly and confidently to incidents as they occur.

We’ll share some insights into how we’ve secured the microservices that run on the platform, including:

identifying vulnerabilities prior to live deployments
increasing buy-in from teams for service security
leaning on an opinionated tech stack to boost our security position
using a service catalogue and async chat comms to power security collaboration

We will also provide some recommendations on what you can do to get started with your own AppSec programme.

**
This talk takes place at:

8.30am BST

9.30am SAST

1pm IST

5.30pm AEST

**

WATCH THE EVENT

How HMRC Digital secures services at scale

This event has ended however you can watch it, along with other past events, via the link below.

Ben Conrad
Head of Product for MDTP, HMRC

Ben is also Head of Profession for DevOps and has worked at HMRC for 5 years on the Multi-channel Digital Tax Platform (MDTP) a Platform as a Service that now hosts over a thousand microservices. The focus of the platform is to meet the needs of the multi-disciplinary agile teams who build and maintain customers facing services for HMRC.

Gerald Benischke
AppSec Lead, Equal Experts

Gerald Benischke has a software engineering career spanning 25 years in the public, financial and telecoms sectors. He is consulting with Equal Experts and currently is leading the AppSec programme at HMRC Digital, having previously been an architect and technical lead in the delivery of flagship HMRC programmes.

He has previously worked with MoneySuperMarket, Barclays and MBNA as software architect, tech lead and senior developer.

His primary interests are around middle-tier services, databases, security, automation and functional programming.