Adopting Zero Trust

Zero Trust as a concept or strategy on the surface appears simple in nature. Heck, it’s only two words. However, when push comes to shove, and it’s time for organizational adoption, Zero Trust impacts every aspect of a business in the form of a digital transformation. Fortunately, for every complexity and question, there is an answer and solution, which is where our latest guest comes into play. This week on Adopting Zero Trust (AZT), we chat with infosec author, practitioner, and educator George Finney about ways to make ZT more approachable. Finney is the best-selling author of Project Zero Trust, which currently offers the most approachable way to understand John Kindervag's 5-Step methodology for implementing Zero Trust, the four Zero Trust design principles, and how to limit the impact of a breach.

This week we have a two-for-one special and feature our newest panel-style format. On the practitioner side, we have crowd favorite Andrew Abel, who currently works with a financial institution, but has worked across multiple other industries in the past. On the Zero Trust technology side, we have Michael Loewy, Co-Founder of Tide Foundation.  Tide Foundation lives between authentication and micro-segmentation, or if we look at CISA’s Foundation of Zero Trust principles: identity, network/environment, and data. The solution also impacts devices and application workloads, which means they fully align with the philosophy behind Zero Trust. On today’s episode, we ground Zero Trust back to reality with how much implicit trust can truly be removed, dig into the concept of Zero-Knowledge Authority and how it chips away at ZT gaps of today, and follow up with Abel on how ZT has changed over the past 6 months.

This week we chat with Ismael Valenzuela, VP of Threat Intel at Blackberry, a 13-year SANS instructor, and has balanced his time between educator and practitioner for decades. Before peppering Ismael with our usual questions and falling down the rabbit hole, we dug a bit deeper into his background and what drives him to split his time between educating peers and working for some of the biggest names in tech. On the docket for this week is Zero Trust as a philosophy, why Less Trust is a more applicable term, and the need for a threat model to narrow down your protect surface. As a side note, Ismael also just published a new post highlighting findings from BlackBerry’s new global threat intel report. The team will also discuss these findings today (Jan 26) on LinkedIn live.

Welcome to the last episode of season one, where Neal and I go on a rambling adventure and look back on some of the interesting and eye-opening conversations we’ve had over the past few months. To wrap things up, and what was supposed to be a 20-minute conversation, we felt it was time to better introduce ourselves to our listeners, discuss some plans for season two, highlight perhaps some aspirations of bringing AZT into the real world at a conference or two in 2023, and that we will finally open the doors to Zero Trust technology vendors.   Since this is our season one wrap episode, and much of what we cover is a stream of consciousness, there are no key takeaways. Swing back around in January as we kick off the next season with another group of amazing guests. We have plenty of surprises in the works, too!   We hope your year winds down well, and we will cross our fingers for no X-mas cyber incidents.

This week we chat with Chase Cunningham, Doctor Zero Trust himself, about the decade-overnight success of Zero Trust, how he got involved with the concept, and methods for navigating vendors wanting to shape the concept. For those initiated into the world of Zero Trust, you are no doubt familiar with his podcast, regular LinkedIn musings, and history as a Forrester analyst. Beyond the podcast, Chase is the CSO for Ericom Software, has a long history in threat intel, and built a significant track record while at the NSA as a chief cryptologic technician.

This week we chatted with Chris Reinhold, Director of Innovation at Core BTS, a managed security service provider (MSSP) and IT consulting firm. We dig into the long-awaited answer to our previous call, pen testing Zero Trust systems. Plus, we chat about the idea of Zero Trust as a certification and the always relevant factoid that compliance is not security.

This week we chat with J. R. Cunningham, Chief Security Officer at Nuspire, and we dig into Zero Trust as a journey. Nuspire is a managed security service provider that provides support ranging from managed detection and response (MDR), endpoint detection, vulnerability management, and of course supporting their customers with adopting Zero Trust. This week we chat about unpacking the idea of Zero Trust when a brand wants to pursue it, the increasing threats targeting the automotive industry, and Nuspire’s ongoing threat reports.

This week we chat with Maureen Rosado, a Zero Trust Strategist for BT, who has an outstanding history of business development for enterprise companies like IBM and Microsoft. This week we break away from our norms of the technical ins and outs of Zero Trust, and take a look at the ideal way to consult and coach security teams through the process of adopting Zero Trust. For those who have been on the receiving end of cyber security solution pitches, and there are twice as many wrong ways as those that are considered beneficial. Fortunately, Maureen has seen it all, is a wonderful example of being a neutral party, and has a long history of speaking to the subject (including recently with Dr Zero Trust). Get the full recap on adoptingzerotrust.com

This week we chat with Christine Owen, Director at Guidehouse, and we dig into Zero Trust as an approach to harden your identity and access management strategy, her dislike of passwords, and phishing-resistant multifactor authentification. Christine brings to the table the expertise of an IAM (identity and access management) pro and an attorney, who currently consults and educates federal departments and commercial enterprise organizations on IAM and Zero Trust. Get the full recap on http://adoptingzerotrust.com/

This week we chat with Bryan Willett, Lexmark’s CISO, who has built a legacy over the past 25 years working for the global company. Starting from his early days as a firmware developer, transitioning into managing teams and projects, and now as the CISO, Bryan has built a long-standing successful career. During our chat, we talk about how security professionals can advance their careers from protecting products and users and converting that into business language that CISOs navigate on a daily basis. Be sure to get the full recap on adoptingzerotrust.com