ATLSECCON 2025

When a security event occurs, most teams tend to jump into a circle of blame. Everyone takes their turn saying, "It can't be my fault. If only that user had not clicked on that link," or "If that developer had not hardcoded that credential, then none of this would have happened." Unfortunately, for many companies, the Security team is ultimately seen as at fault when a breach happens; after all, it is a security incident. 

Long-lived credential leaks, aka secrets sprawl, are possibly the single largest security risk every organization is currently facing. The reality is that no security team can solve this growing issue on its own. This is going to take a full team effort and rethinking some of the relationships and silos we have become accustomed to in the tech world. There has never been a better time to rethink how we build complex applications and how they interact with the world. 

In this talk, you will:
- Get an update on the latest secrets security research 
- Ask who really owns security and identity
- Map possible routes for a secrets-free future
- Rethink git and pull requests workflows and see why that is more involved than you think