Adopting Zero Trust cover image

Adopting Zero Trust

Latest episodes

undefined
Apr 27, 2023 • 58min

Adopting Zero Trust: Empathetic Leadership with Kyndryl’s Kris Lovejoy

For many, cybersecurity is seen as a cost center that reduces risk to the business. This can be oversimplified to something akin to how HR reduces people-related risks but comes with layer on top of layer of complexities ranging from technology to physical buildings and, of course, people. Regardless of organizational size, cybersecurity leadership requires a top-down approach, leaving room for discussion at the board level and aligning it with business goals. This week on AZT, Neal and I chat with Kris Lovejoy, Kyndryl’s (IBM spinoff) Global Security and Resilience Leader, former CEO of Virginia-based BluVector, and a former IBM CISO prior to being made GM of their security division. Having danced the line between startups and mega-enterprise organizations, there are few others who could so adequately discuss the role of cybersecurity leadership within modern organizations and why having a competent person at the helm is critical to the business (not just to reduce risk). We also play a bit of RSA buzzword bingo.
undefined
Apr 13, 2023 • 39min

Adopting Zero Trust: Cybersecurity Innovation with Stanford Fellow AJ Grotto

AJ Grotto, cybersecurity expert and Stanford Fellow, discusses the lack of innovation in government cybersecurity and the challenges of scaling innovations. The speakers also explore cybersecurity regulations, the impact of budgets on cybersecurity innovation, and suggest solutions like dedicated budgets and revolving capital funds.
undefined
Mar 23, 2023 • 56min

AZT: The National Cybersecurity Strategy

This week on AZT, we chat about something timely and impactful to everyone in the cybersecurity and users impacted by related decisions: the new National Cybersecurity Strategy (full strategy here). Our guests this week are Tony Scott and Ilona Cohen, both industry powerhouses and experts well-equipped to navigate this complex document.   Ilona Cohen is the former General Counsel at Office of Management and Budget (OMB), was an Associate White House Counsel and Special Assistant to the President during the Obama administration, and is currently the Chief Legal Officer, Chief Policy Officer, and Corporate Secretary at HackerOne.   Tony Scott is the former U.S. Federal CIO during the Obama administration, has worked for brands such as Disney and GM, and is currently the President and CEO of Intrusion. Together, they both experienced the Office of Personnel Management (OPM) breach of 2015, and have been involved with the ever-shifting threat landscape that impacts and leads to new initiatives like the latest National Cybersecurity Strategy. In particular, it resulted in the Cybersecurity National Action Plan, which resulted in the first bug bounty program.
undefined
Mar 9, 2023 • 59min

Adopting Zero Trust: Open Source

This week Neal and I continue with our exploration of new formats, and this time we go one-on-one with the Founder and CEO of Netfoundry, Galeal Zino. Prior to Netfoundry, Zino spent much of his career traversing R&D, and later moving into a key role for Tata Communications.  Though Netfoundry’s bread and butter is a Zero Trust Network Access (ZTNA) solution that can be built into other technology via API and even supports IoT systems, and they also manage OpenZiti. OpenZiti is an open-source self-hosted solution of a similar nature with input and contributions from Zero Trust and developer communities. Rather than honing too deep into the technology aspect, Zino and Neal go down the rabbit hole of open source tools and communities and why they are so critical to much of today’s existing security infrastructure.
undefined
Feb 23, 2023 • 51min

Adopting Zero Trust with Author George Finney: Approachable

Zero Trust as a concept or strategy on the surface appears simple in nature. Heck, it’s only two words. However, when push comes to shove, and it’s time for organizational adoption, Zero Trust impacts every aspect of a business in the form of a digital transformation. Fortunately, for every complexity and question, there is an answer and solution, which is where our latest guest comes into play. This week on Adopting Zero Trust (AZT), we chat with infosec author, practitioner, and educator George Finney about ways to make ZT more approachable. Finney is the best-selling author of Project Zero Trust, which currently offers the most approachable way to understand John Kindervag's 5-Step methodology for implementing Zero Trust, the four Zero Trust design principles, and how to limit the impact of a breach.
undefined
Feb 10, 2023 • 49min

Adopting Zero Trust: Zero Knowledge Authority

This week we have a two-for-one special and feature our newest panel-style format. On the practitioner side, we have crowd favorite Andrew Abel, who currently works with a financial institution, but has worked across multiple other industries in the past. On the Zero Trust technology side, we have Michael Loewy, Co-Founder of Tide Foundation.  Tide Foundation lives between authentication and micro-segmentation, or if we look at CISA’s Foundation of Zero Trust principles: identity, network/environment, and data. The solution also impacts devices and application workloads, which means they fully align with the philosophy behind Zero Trust. On today’s episode, we ground Zero Trust back to reality with how much implicit trust can truly be removed, dig into the concept of Zero-Knowledge Authority and how it chips away at ZT gaps of today, and follow up with Abel on how ZT has changed over the past 6 months.
undefined
Jan 26, 2023 • 49min

Adopting Zero Trust With Ismael Valenzuela: Less Trust

This week we chat with Ismael Valenzuela, VP of Threat Intel at Blackberry, a 13-year SANS instructor, and has balanced his time between educator and practitioner for decades. Before peppering Ismael with our usual questions and falling down the rabbit hole, we dug a bit deeper into his background and what drives him to split his time between educating peers and working for some of the biggest names in tech. On the docket for this week is Zero Trust as a philosophy, why Less Trust is a more applicable term, and the need for a threat model to narrow down your protect surface. As a side note, Ismael also just published a new post highlighting findings from BlackBerry’s new global threat intel report. The team will also discuss these findings today (Jan 26) on LinkedIn live.
undefined
Dec 15, 2022 • 50min

Adopting Zero Trust: Season One is Wrapped

Welcome to the last episode of season one, where Neal and I go on a rambling adventure and look back on some of the interesting and eye-opening conversations we’ve had over the past few months. To wrap things up, and what was supposed to be a 20-minute conversation, we felt it was time to better introduce ourselves to our listeners, discuss some plans for season two, highlight perhaps some aspirations of bringing AZT into the real world at a conference or two in 2023, and that we will finally open the doors to Zero Trust technology vendors.   Since this is our season one wrap episode, and much of what we cover is a stream of consciousness, there are no key takeaways. Swing back around in January as we kick off the next season with another group of amazing guests. We have plenty of surprises in the works, too!   We hope your year winds down well, and we will cross our fingers for no X-mas cyber incidents.
undefined
Nov 22, 2022 • 56min

Adopting Zero Trust with Chase Cunningham: The Doctor is in

This week we chat with Chase Cunningham, Doctor Zero Trust himself, about the decade-overnight success of Zero Trust, how he got involved with the concept, and methods for navigating vendors wanting to shape the concept. For those initiated into the world of Zero Trust, you are no doubt familiar with his podcast, regular LinkedIn musings, and history as a Forrester analyst. Beyond the podcast, Chase is the CSO for Ericom Software, has a long history in threat intel, and built a significant track record while at the NSA as a chief cryptologic technician.
undefined
Nov 10, 2022 • 46min

Adopting Zero Trust with Chris Reinhold: Pen Testing Zero Trust

This week we chatted with Chris Reinhold, Director of Innovation at Core BTS, a managed security service provider (MSSP) and IT consulting firm. We dig into the long-awaited answer to our previous call, pen testing Zero Trust systems. Plus, we chat about the idea of Zero Trust as a certification and the always relevant factoid that compliance is not security.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode