AZT: Zack Butcher on Building Zero Trust Standards and Securing Microservices

This week we chat with Christine Owen, Director at Guidehouse, and we dig into Zero Trust as an approach to harden your identity and access management strategy, her dislike of passwords, and phishing-resistant multifactor authentification. Christine brings to the table the expertise of an IAM (identity and access management) pro and an attorney, who currently consults and educates federal departments and commercial enterprise organizations on IAM and Zero Trust. Get the full recap on http://adoptingzerotrust.com/

22 Sep 202259min

This week we chat with Bryan Willett, Lexmark’s CISO, who has built a legacy over the past 25 years working for the global company. Starting from his early days as a firmware developer, transitioning into managing teams and projects, and now as the CISO, Bryan has built a long-standing successful career. During our chat, we talk about how security professionals can advance their careers from protecting products and users and converting that into business language that CISOs navigate on a daily basis. Be sure to get the full recap on adoptingzerotrust.com

8 Sep 202249min

This week we chat with Dom Glavach, Chief Security Officer (CSO) of CyberSN (Cyber Security Network) and a security consultant, and we dig into Zero Trust as a journey, the delta between buzzwords and tool upgrades, and the hunt for red teams focused on prodding Zero Trust architectures. For those unfamiliar with CyberSN, they connect cybersecurity professionals to in-demand jobs and have some of the best visibility into hiring trends and how/if Zero Trust is being staffed up for. Be sure to get the full recap on adoptingzerotrust.com

25 Aug 202241min

Nicolas Chaillan is an Entrepreneur who became a US citizen about six years ago, and immediately joined the DHS where he became the chief architect and special advisor for cyber, leading him to become the first chief software officer for Space Force where he led the shift to DevSecOps for DoD and at the time implementation of Zero Trust. Prior to Space Force, Nic funded 12 tech companies, they built more than 187 products, which were then sold across 45 Fortunate 500 companies. Now, in his spare time, Nic produces an ongoing series, In the Nic of Time, where he discusses everything from Zero Trust to cyber and taps into a diverse set of experts. Be sure to get the full recap on adoptingzerotrust.com   Takeaways From Nic and Neal A decade ago, Iran got into federal systems, but Zero Trust would have prevented lateral movement The days of boots-on-the-ground war is shifting towards cyber, and federal Zero Trust implementation may curb a potentially colossal attack Beuarcacy is the largest hindrance of momentum when pursuing a cybersecurity-driven digital transformation It’s easy to become obsolete in IT and cybersecurity, you need to educate yourself constantly Neutral Zero Trust resources and maturity models are important, but are incredibly complex

11 Aug 202244min

This week we chat with Ryan Alford, Founder and CEO of Engineering Design Group (EDG), and we dig into how Zero Trust impacts the future of hardware, software, IoT, and access (both human and machine). EDG provides distributed sensor monitoring through a cloud-based solution and associated hardware for organizations with critical data needs. As a hardware manufacturer, that also provides software with important data sets, they have a double edge sword to consider when securing their products. Find the transcript and video format of AZT on adoptingzerotrust.com   Episode Takeaways Access by contractors and third-party vendors should be highly limited, which is why solutions like VPNs do not align with Zero Trust Through an Identity Provider (IdP) such as Okta, Microsoft, Apple, etc. you can limit access by user to specific cloud-based apps, but these solutions may not support 100% of your items out of the box (may need custom builds via API integrations). From hardware to software, it should be assumed that nothing is fully secure and that runs under the scope that you already have been infiltrated. There are no silver bullets in security, ever. Always verify, especially security claims, and lean on third-party validators (pen testing, security or privacy compliance, etc.) Being transparent and honest is one of the best ways to build trust. Ryan suggests having a continuity plan that includes a vulnerability disclosure plan and a way for people to report issues.

27 Jul 202247min

This week we chat with Andrew Abel, our defacto Zero Trust expert who is currently the EUC Cyber Security Strategy and Architecture Lead for an energy company out of Brisbane Australia. Andrew has been involved with Zero Trust for some time, holds Forrester’s Zero Trust certification, and has an extensive background with solutions architecture and identity management, both of which play significant roles in the adopting of Zero Trust.

14 Jul 202242min

Today, Zero Trust is a fuzzy term with more than a dozen different definitions. Threat Analyst Neal Dennis and Cybersecurity Journalist Elliot Volkman set off on a journey to get a better understanding of Zero Trust and what it truly offers. Is Zero Trust a concept, a strategy, framework, set of technology, or perhaps a mix of each? Each episode Neal and Elliot will chat with those adopting, implementing, and pushing Zero Trust forward without the vendor hype.

7 Jul 202228min

Today, Zero Trust is a fuzzy term with more than a dozen different definitions. We are on a mission to give a voice to cybersecurity practitioners and others who have been in these shoes, have begun adopting or implementing a Zero Trust strategy, and to share their experience and insight with peers while not influenced by vendor hype.

7 Jul 202231s