How HMRC Digital secures services at scale


This event took place on Sep 07, 2022

Approximately 1 hour(s) with question time included.

About this event

HM Revenue & Customs is the tax collection authority for the United Kingdom government. The department is responsible for the collection of revenue (taxes and duties) from all UK taxpayers, be they citizens or businesses. We work together with the Government Digital Service (GDS) and other departments to ensure the services we provide are built to common strong standards.

This session peels back the covers on what it is like to secure HMRC’s digital tax platform, which is built on AWS and comprises 1000+ microservices built by 100 teams with ~1500 deployments a month. Security incidents such as Log4Shell and news reports of data leaks are always a risk to digital services, and at HMRC Digital we’re in a position to react quickly and confidently to incidents as they occur.

We’ll share some insights into how we’ve secured the microservices that run on the platform, including:

  • identifying vulnerabilities prior to live deployments
  • increasing buy-in from teams for service security
  • leaning on an opinionated tech stack to boost our security position
  • using a service catalogue and async chat comms to power security collaboration

We will also provide some recommendations on what you can do to get started with your own AppSec programme.

This talk takes place at:

8.30am BST

9.30am SAST

1pm IST

5.30pm AEST




How HMRC Digital secures services at scale

This event has ended however you can watch it, along with other past events, via the link below.


Ben Conrad
Head of Product for MDTP, HMRC

Ben is also Head of Profession for DevOps and has worked at HMRC for 5 years on the Multi-channel Digital Tax Platform (MDTP) a Platform as a Service that now hosts over a thousand microservices. The focus of the platform is to meet the needs of the multi-disciplinary agile teams who build and maintain customers facing services for HMRC.


Gerald Benischke
AppSec Lead, Equal Experts

Gerald Benischke has a software engineering career spanning 25 years in the public, financial and telecoms sectors. He is consulting with Equal Experts and currently is leading the AppSec programme at HMRC Digital, having previously been an architect and technical lead in the delivery of flagship HMRC programmes.

He has previously worked with MoneySuperMarket, Barclays and MBNA as software architect, tech lead and senior developer.

His primary interests are around middle-tier services, databases, security, automation and functional programming.