• November 18 Americas: 2PM ET | EMEA: 3PM CET | APAC: 11AM SGT

The recent  Shai-Hulud npm worm shows how fast an initial compromise can spread when secrets are poorly managed. After gaining access, the malware used tools like TruffleHog to harvest hardcoded tokens and credentials, then escalated laterally through packages, pipelines, and cloud accounts. It’s a vivid reminder that without strong policies, decentralized secrets management fuels the blast radius of attacks.

From hands-on work with customers, our security services team has identified four practices that put organizations most at risk:

• Shared access across teams – one secret or account reused across multiple workloads.
• Poor Kubernetes namespace definitions – mixing dev, test, and prod without clear boundaries.
• Pipelines under a single identity – Jenkins or Ansible jobs running with unrestricted privileges.
• One cloud account or platform for everything – concentrating risk into a single identity plane.

For each, our security services team will share real-world stories of how attackers exploit these practices, and the  field-tested solutions that leading organizations are adopting to fix them. You’ll learn why the true risk isn’t just the secret, but the identity behind it—and how centralizing secrets management reduces blast radius, improves visibility, and scales securely without disrupting developers.

You will learn:

• How poor secrets practices enable lateral movement and breach escalation.
• Four real-world pitfalls we see in customer environments—and proven ways to fix them.
• How centralization strengthens governance, audit readiness, and resilience.

Presenters:

John Walsh

Senior Product Marketing Manager, CyberArk

Nathan Whipple

Senior Manager, Security Services, DevSecOps, CyberArk

Benjamin Dorn

Senior Security Consultant, DevSecOps, CyberArk