Enterprise Security WeeklySubscribe
Zero trust, Security Program Controls/Technologies

Clearing the Air on Zero Trust – Steven Turner – ESW #267

Cybersecurity buzzwords tend to go through a process. They're used as a differentiator. Then everyone adopts them and things get out of control. The term Zero Trust originally gained traction in InfoSec thanks to the model designed by John Kindervag during his time at Forrester. These days, you could be seeing the term Zero Trust because: 1. a vendor makes a product that fits into any one of dozens of categories that contribute to a Zero Trust architecture (IAM, MFA, ZTNA, micro segmentation, directory services, etc) 2. a vendor is using 'zero trust' as a metaphor (small z, small t) 3. a vendor is using 'zero trust' as a philosophy, or company principle (small z, small t) 4. the CMO said it needs to be somewhere on the website for SEO 5. someone told a founder to put it in the sales and/or pitch deck

Steve joins us to separate the cyber virtue signaling from the truth of what Zero Trust actually looks like, why it's difficult, and what impact federal interest in Zero Trust will have on this trend.

Segment Resources: - NIST SP 800-207 - https://csrc.nist.gov/publications/detail/sp/800-207/final - UK NCSC ZT Guidance - https://github.com/ukncsc/zero-trust-architecture - USA CISA/OMB ZT Guidance - https://zerotrust.cyber.gov/ - DOD ZT Reference Architecture -https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZTRAv1.1(U)_Mar21.pdf - Microsoft ZT Guidance - https://docs.microsoft.com/en-us/security/zero-trust/

Full episode and show notes

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

Senior Security Cloud Solution Architect at Microsoft

Steve is a security architect at Microsoft. He started his career through trial by fire that is MSP life. He pivoted to securing everything from waste facilities and transportation infrastructure to huge financial services organizations, and even mixed in some industry analysis in for good measure. He’s passionate about coming up with security solutions that make colleagues happy and bad actors cry.

Hosts

Principal Researcher at The Defenders Initiative
Product Security Research and Analysis Director at Finite State
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

Related

Advisory Boards: When and How to Build Them – Benny Lakunishok – FS #3

Benny Lakunishok, CEO of Zero Networks, shares his experiences and insights as a founder in the cybersecurity space. He discusses the unpredictable challenges of founding a startup, the importance of hiring the right people, and the harsh realities of the entrepreneurial journey. Benny emphasizes the need for adaptability in leadership roles and th...

You can skip this ad in 5 seconds