Care and Feeding of HSMs: Key Management in Hard Mode
Nick Pelis
BSidesSF 2025 — Here Be Dragons · Day 2 · Main
Hardware Security Modules (HSMs) are the right answer for protecting high-value cryptographic keys — but operating them in practice is a catalog of operational disasters waiting to happen. Nick Pelis, a security engineer at Verkada, walks through the full lifecycle of HSM key management with battlefield candor: a $15,000 unit that went on vacation, a quorum that locked itself out, a battery replacement that resembles bomb disposal, and a smart card overwritten months before it was needed.
AI review
Pelis delivered the HSM operational horror show this topic deserves: a $15,000 unit taken on vacation by an engineer, a quorum lockout that wiped all keys because someone mistyped a PIN three times, battery replacement described accurately as bomb defusal, and a smart card overwritten before it was needed for tamper recovery. NIST 800-57 has the theory; Pelis has the scars.