Adopting Zero Trust

This week we chat with Maureen Rosado, a Zero Trust Strategist for BT, who has an outstanding history of business development for enterprise companies like IBM and Microsoft. This week we break away from our norms of the technical ins and outs of Zero Trust, and take a look at the ideal way to consult and coach security teams through the process of adopting Zero Trust.
For those who have been on the receiving end of cyber security solution pitches, and there are twice as many wrong ways as those that are considered beneficial. Fortunately, Maureen has seen it all, is a wonderful example of being a neutral party, and has a long history of speaking to the subject (including recently with Dr Zero Trust).
Get the full recap on adoptingzerotrust.com

This week we chat with Christine Owen, Director at Guidehouse, and we dig into Zero Trust as an approach to harden your identity and access management strategy, her dislike of passwords, and phishing-resistant multifactor authentification. Christine brings to the table the expertise of an IAM (identity and access management) pro and an attorney, who currently consults and educates federal departments and commercial enterprise organizations on IAM and Zero Trust.
Get the full recap on http://adoptingzerotrust.com/

This week we chat with Bryan Willett, Lexmark’s CISO, who has built a legacy over the past 25 years working for the global company. Starting from his early days as a firmware developer, transitioning into managing teams and projects, and now as the CISO, Bryan has built a long-standing successful career. During our chat, we talk about how security professionals can advance their careers from protecting products and users and converting that into business language that CISOs navigate on a daily basis.
Be sure to get the full recap on adoptingzerotrust.com

This week we chat with Dom Glavach, Chief Security Officer (CSO) of CyberSN (Cyber Security Network) and a security consultant, and we dig into Zero Trust as a journey, the delta between buzzwords and tool upgrades, and the hunt for red teams focused on prodding Zero Trust architectures. For those unfamiliar with CyberSN, they connect cybersecurity professionals to in-demand jobs and have some of the best visibility into hiring trends and how/if Zero Trust is being staffed up for.
Be sure to get the full recap on adoptingzerotrust.com

Nicolas Chaillan is an Entrepreneur who became a US citizen about six years ago, and immediately joined the DHS where he became the chief architect and special advisor for cyber, leading him to become the first chief software officer for Space Force where he led the shift to DevSecOps for DoD and at the time implementation of Zero Trust. Prior to Space Force, Nic funded 12 tech companies, they built more than 187 products, which were then sold across 45 Fortunate 500 companies. Now, in his spare time, Nic produces an ongoing series, In the Nic of Time, where he discusses everything from Zero Trust to cyber and taps into a diverse set of experts.
Be sure to get the full recap on adoptingzerotrust.com
 
Takeaways From Nic and Neal
A decade ago, Iran got into federal systems, but Zero Trust would have prevented lateral movement
The days of boots-on-the-ground war is shifting towards cyber, and federal Zero Trust implementation may curb a potentially colossal attack
Beuarcacy is the largest hindrance of momentum when pursuing a cybersecurity-driven digital transformation
It’s easy to become obsolete in IT and cybersecurity, you need to educate yourself constantly
Neutral Zero Trust resources and maturity models are important, but are incredibly complex

This week we chat with Ryan Alford, Founder and CEO of Engineering Design Group (EDG), and we dig into how Zero Trust impacts the future of hardware, software, IoT, and access (both human and machine).
EDG provides distributed sensor monitoring through a cloud-based solution and associated hardware for organizations with critical data needs. As a hardware manufacturer, that also provides software with important data sets, they have a double edge sword to consider when securing their products.
Find the transcript and video format of AZT on adoptingzerotrust.com
 
Episode Takeaways
Access by contractors and third-party vendors should be highly limited, which is why solutions like VPNs do not align with Zero Trust
Through an Identity Provider (IdP) such as Okta, Microsoft, Apple, etc. you can limit access by user to specific cloud-based apps, but these solutions may not support 100% of your items out of the box (may need custom builds via API integrations).
From hardware to software, it should be assumed that nothing is fully secure and that runs under the scope that you already have been infiltrated.
There are no silver bullets in security, ever. Always verify, especially security claims, and lean on third-party validators (pen testing, security or privacy compliance, etc.)
Being transparent and honest is one of the best ways to build trust. Ryan suggests having a continuity plan that includes a vulnerability disclosure plan and a way for people to report issues.

This week we chat with Andrew Abel, our defacto Zero Trust expert who is currently the EUC Cyber Security Strategy and Architecture Lead for an energy company out of Brisbane Australia.
Andrew has been involved with Zero Trust for some time, holds Forrester’s Zero Trust certification, and has an extensive background with solutions architecture and identity management, both of which play significant roles in the adopting of Zero Trust.

Today, Zero Trust is a fuzzy term with more than a dozen different definitions. Threat Analyst Neal Dennis and Cybersecurity Journalist Elliot Volkman set off on a journey to get a better understanding of Zero Trust and what it truly offers. Is Zero Trust a concept, a strategy, framework, set of technology, or perhaps a mix of each? Each episode Neal and Elliot will chat with those adopting, implementing, and pushing Zero Trust forward without the vendor hype.

Today, Zero Trust is a fuzzy term with more than a dozendifferent definitions. We are on a mission to give a voice tocybersecurity practitioners and others who have been in these shoes,have begun adopting or implementing a Zero Truststrategy, and to share their experience and insight withpeers while not influenced by vendor hype.