The recent Shai-Hulud npm worm shows how fast an initial compromise can spread when secrets are poorly managed. After gaining access, the malware used tools like TruffleHog to harvest hardcoded tokens and credentials, then escalated laterally through packages, pipelines, and cloud accounts. It’s a vivid reminder that without strong policies, decentralized secrets management fuels the blast radius of attacks.
From hands-on work with customers, our security services team has identified four practices that put organizations most at risk:
- Shared access across teams – one secret or account reused across multiple workloads.
- Poor Kubernetes namespace definitions – mixing dev, test, and prod without clear boundaries.
- Pipelines under a single identity – Jenkins or Ansible jobs running with unrestricted privileges.
- One cloud account or platform for everything – concentrating risk into a single identity plane.
For each, our security services team shares real-world stories of how attackers exploit these practices, and the field-tested solutions that leading organizations are adopting to fix them. You’ll learn why the true risk isn’t just the secret, but the identity behind it—and how centralizing secrets management reduces blast radius, improves visibility, and scales securely without disrupting developers.
You will learn:
- How poor secrets practices enable lateral movement and breach escalation.
- Four real-world pitfalls we see in customer environments—and proven ways to fix them.
- How centralization strengthens governance, audit readiness, and resilience.
Speakers:
John Walsh, Senior Product Marketing Manager, CyberArk
Nathan Whipple, Senior Manager, Security Services, DevSecOps, CyberArk
Benjamin Dorn, Senior Security Consultant, DevSecOps, CyberArk
