Defense in Depth Is Least Privilege Dead?
10 snips
Nov 6, 2025 Julie Tsai, CISO-in-Residence at Ballistic Ventures, joins the conversation to dissect the relevance of least privilege in modern security. She argues that concepts like dynamic access and just-in-time provisioning are still rooted in least privilege principles. The discussion highlights the importance of prioritizing critical assets and implementing controls tailored to industry needs. Julie also emphasizes how automation can ease access control challenges, ensuring more reliable processes and compliance in today's fast-paced tech landscape.
AI Snips
Chapters
Transcript
Episode notes
Least Privilege Is Still Foundational
- Least privilege remains a foundational security principle, not a doomed idea. Modern practices like just-in-time access and zero standing privilege are evolutions of that principle, not replacements.
Hotel Key Analogy
- Edward Contreras uses a hotel key analogy to explain least privilege. Guests get access only to their room, not every room, illustrating limited authority.
Use Just-In-Time As An Implementation
- Treat just-in-time provisioning and zero-standing access as concrete implementations of least privilege. Design time-bound, role- and task-specific access with auditing and lifecycle controls.