Adopting Zero Trust

Nicolas Chaillan is an Entrepreneur who became a US citizen about six years ago, and immediately joined the DHS where he became the chief architect and special advisor for cyber, leading him to become the first chief software officer for Space Force where he led the shift to DevSecOps for DoD and at the time implementation of Zero Trust. Prior to Space Force, Nic funded 12 tech companies, they built more than 187 products, which were then sold across 45 Fortunate 500 companies. Now, in his spare time, Nic produces an ongoing series, In the Nic of Time, where he discusses everything from Zero Trust to cyber and taps into a diverse set of experts.
Be sure to get the full recap on adoptingzerotrust.com
 
Takeaways From Nic and Neal
A decade ago, Iran got into federal systems, but Zero Trust would have prevented lateral movement
The days of boots-on-the-ground war is shifting towards cyber, and federal Zero Trust implementation may curb a potentially colossal attack
Beuarcacy is the largest hindrance of momentum when pursuing a cybersecurity-driven digital transformation
It’s easy to become obsolete in IT and cybersecurity, you need to educate yourself constantly
Neutral Zero Trust resources and maturity models are important, but are incredibly complex

This week we chat with Ryan Alford, Founder and CEO of Engineering Design Group (EDG), and we dig into how Zero Trust impacts the future of hardware, software, IoT, and access (both human and machine).
EDG provides distributed sensor monitoring through a cloud-based solution and associated hardware for organizations with critical data needs. As a hardware manufacturer, that also provides software with important data sets, they have a double edge sword to consider when securing their products.
Find the transcript and video format of AZT on adoptingzerotrust.com
 
Episode Takeaways
Access by contractors and third-party vendors should be highly limited, which is why solutions like VPNs do not align with Zero Trust
Through an Identity Provider (IdP) such as Okta, Microsoft, Apple, etc. you can limit access by user to specific cloud-based apps, but these solutions may not support 100% of your items out of the box (may need custom builds via API integrations).
From hardware to software, it should be assumed that nothing is fully secure and that runs under the scope that you already have been infiltrated.
There are no silver bullets in security, ever. Always verify, especially security claims, and lean on third-party validators (pen testing, security or privacy compliance, etc.)
Being transparent and honest is one of the best ways to build trust. Ryan suggests having a continuity plan that includes a vulnerability disclosure plan and a way for people to report issues.

This week we chat with Andrew Abel, our defacto Zero Trust expert who is currently the EUC Cyber Security Strategy and Architecture Lead for an energy company out of Brisbane Australia.
Andrew has been involved with Zero Trust for some time, holds Forrester’s Zero Trust certification, and has an extensive background with solutions architecture and identity management, both of which play significant roles in the adopting of Zero Trust.

Today, Zero Trust is a fuzzy term with more than a dozen different definitions. Threat Analyst Neal Dennis and Cybersecurity Journalist Elliot Volkman set off on a journey to get a better understanding of Zero Trust and what it truly offers. Is Zero Trust a concept, a strategy, framework, set of technology, or perhaps a mix of each? Each episode Neal and Elliot will chat with those adopting, implementing, and pushing Zero Trust forward without the vendor hype.

Today, Zero Trust is a fuzzy term with more than a dozendifferent definitions. We are on a mission to give a voice tocybersecurity practitioners and others who have been in these shoes,have begun adopting or implementing a Zero Truststrategy, and to share their experience and insight withpeers while not influenced by vendor hype.