CISO Series Podcast Dear Abby: Why Should I Trust a Vendor Selling Me Zero Trust?
Oct 21, 2025
In this discussion, Dan Walsh, CISO at Datavant, and Rob Allen, Chief Product Officer at ThreatLocker, dive into crucial security topics. They explore the intricacies of zero trust and the challenges of vendor claims. Dan critiques the issue of misconfigurations and demands better vendor support, while Rob showcases ThreatLocker's Defense Against Configurations tool, highlighting its ability to detect risky settings. The duo also debates the effectiveness of compliance theater versus the reality of actionable security measures, providing listeners with thought-provoking insights.
AI Snips
Chapters
Transcript
Episode notes
Build Diverse Defensive Layers
- Layer multiple, different security controls so one bypass doesn't lead to total compromise.
- Harden EDR, add identity controls, immutable backups, and application allowlisting to improve resilience.
Combine Controls With Detection
- Use controls (like allowlisting) alongside detection to both block and alert on threats.
- Combine protection and detection to avoid having multiple tools that only duplicate the same detections.
Honesty Trumps Perfect Pitches
- Vendors who can't explain their product limitations are a red flag because they likely don't understand them.
- Admitting limitations builds trust and positions vendors as complementary partners, not silver-bullet sellers.