By Thales & LATAM Airlines, Sergio Muniz and Luis Sant’ Anna
How LATAM Airlines Strengthened Airport Security by Trusting the People Behind the Passengers.
A grandmother clutches her boarding pass—after three years apart, she's finally going to see her granddaughter in Miami. Behind her, a businessman checks his phone—his company’s merger hinges on tomorrow’s meeting. Ahead, a young couple whispers about their honeymoon. None of them know Luis Sant’Anna. Yet every journey depends on the invisible systems he helps secure.
“People think aviation security is about metal detectors and X-ray machines,” says Luis. “But the truth is, most of it happens in systems passengers never see.”
As LATAM Airlines’ Third-Party Risk & Cybersecurity Manager—and a key member of Brazil’s Civil Aviation National Agency (ANAC)—Luis doesn’t fly planes or check bags. He protects the digital infrastructure behind every flight.
Aviation Never Stands Still
In aviation, nothing stays still—not people, not planes, and definitely not the technology supporting both. For LATAM Airlines, keeping pace means rethinking how identity and access work: who gets access, where, when, and under what conditions. They’ve learned that strong access must be there even in complex environments where mobile and hardware tokens are not allowed.
It’s 4 a.m. at Santiago Airport. A check-in agent starts her shift, logging into a shared terminal used by three agents overnight. Instantly, the system recognizes her username first, and then authenticates her with a pattern based token, embedded in the application she will use. She can access check-in and baggage systems—but not flight operations or maintenance data, even if she is using a public terminal, used a few minutes earlier by her supervisor.
Two floors up, a technician updates maintenance logs on a similar terminal on a flight to Lima. His access is entirely different after he validated his user through the pattern-based token—he can modify technical records, but not see passenger or financial data.
They don’t think about access, mobile phones or hardware tokens, they just do their jobs – with confidence, with trust, using just a visual pattern while opening an application or system.
The Unique Challenge of Airlines
Sérgio Muniz, Director of Sales for Identity and Access Management at Thales in Latin America, had seen this before.
“Airlines are unique,” he says. “Their workforce is mobile, distributed, and always on. Traditional access systems assume people work at desks. Airlines don’t.”
LATAM Airline’s challenge was even more complex. Beyond their own employees, they rely on thousands of third-party vendors—caterers, cleaning crews, mechanics, fuel suppliers. Each needed specific access to specific systems, at specific times.
“We weren’t just managing our airline’s people,” Luis says. “We were managing an ecosystem.”
A Human-Centered Approach
Thales helped LATAM Airlines rethink access entirely. Instead of asking “What systems should we protect?” they asked, “What do people need to do their jobs?”
The shift was subtle but powerful: access now follows the person, not the position.
When the check-in agent logs in, the system understands her context. Is she on her regular shift or covering for someone? Is she at her usual terminal or filling in elsewhere? Is it a normal Tuesday or the rush of December 23rd? Her access adjusts in real time.
The rush test
The benefits went beyond cybersecurity. Customer service improved; agents had what they needed, when they needed it. Operations ran smoother.
LATAM Airline faced many of the busiest travel weeks in a row, after the implementation process. The system handled many more logins than the year before.
“That’s when we knew we got it right,” Luis says. “When your security works so well that no one notices it, even under pressure.”
Transparency as a Bonus
Every access event is now logged in detail—not just who accessed what, but why access was granted.
This level of traceability proved crucial during an investigation by Brazilian authorities after two women were wrongly arrested in Germany when their bags were tampered with. LATAM Airlines wasn’t involved, but the case highlighted how airlines must be able to trace every touchpoint—every bag, system, and user.
“Trust isn’t just about stopping bad actors,” Luis says. “It’s about proving that good people did the right thing.”
Security Beyond the Checkpoint
LATAM Airline’s transformation reflects a bigger shift in aviation security. The old model—build walls, check credentials, and assume threats came from outside. But most failures happen when authorized people make mistakes or cut corners.
The new model sees it differently: security isn’t about control, it’s about empowerment.
“We’re not trying to stop human behavior,” Sérgio says. “We’re channeling it in the right direction.”
Thales is applying this same approach across Latin America—from a telecom carrier in Mexico to a critical infrastructure service utility in Colombia. The challenge is always the same: how do you give people what they need, while protecting what matters most?
The 40,000-Foot View
LATAM Airlines runs thousands of flights a day to more than a hundred destinations. Behind each flight are hundreds of actions: weather checks, fuel planning, gate assignments, catering logistics, and more.
Each action requires the right access at the right moment. Multiply that by thousands of employees, thousands of contractors, and dozens of countries—and you begin to see the scale of the challenge Luis and the Cybersecurity team manage daily.
“At LATAM, we have a saying: we don’t just fly planes—we move people’s lives.”
The grandmother from our opening made her flight. So did the businessman and the newlyweds. They’ll probably never know about Luis and the invisible systems that helped them get there safe and secure.