Log4j Continues to act as Organizational Vulnerability

Zero Trust as a concept or strategy on the surface appears simple in nature. Heck, it’s only two words. However, when push comes to shove, and it’s time for organizational adoption, Zero Trust impacts every aspect of a business in the form of a digital transformation. Fortunately, for every complexity and question, there is an answer and solution, which is where our latest guest comes into play. This week on Adopting Zero Trust (AZT), we chat with infosec author, practitioner, and educator George Finney about ways to make ZT more approachable. Finney is the best-selling author of Project Zero Trust, which currently offers the most approachable way to understand John Kindervag's 5-Step methodology for implementing Zero Trust, the four Zero Trust design principles, and how to limit the impact of a breach.

23 Feb 202350min

This week we have a two-for-one special and feature our newest panel-style format. On the practitioner side, we have crowd favorite Andrew Abel, who currently works with a financial institution, but has worked across multiple other industries in the past. On the Zero Trust technology side, we have Michael Loewy, Co-Founder of Tide Foundation.  Tide Foundation lives between authentication and micro-segmentation, or if we look at CISA’s Foundation of Zero Trust principles: identity, network/environment, and data. The solution also impacts devices and application workloads, which means they fully align with the philosophy behind Zero Trust. On today’s episode, we ground Zero Trust back to reality with how much implicit trust can truly be removed, dig into the concept of Zero-Knowledge Authority and how it chips away at ZT gaps of today, and follow up with Abel on how ZT has changed over the past 6 months.

10 Feb 202348min

This week we chat with Ismael Valenzuela, VP of Threat Intel at Blackberry, a 13-year SANS instructor, and has balanced his time between educator and practitioner for decades. Before peppering Ismael with our usual questions and falling down the rabbit hole, we dug a bit deeper into his background and what drives him to split his time between educating peers and working for some of the biggest names in tech. On the docket for this week is Zero Trust as a philosophy, why Less Trust is a more applicable term, and the need for a threat model to narrow down your protect surface. As a side note, Ismael also just published a new post highlighting findings from BlackBerry’s new global threat intel report. The team will also discuss these findings today (Jan 26) on LinkedIn live.

26 Jan 202348min

Welcome to the last episode of season one, where Neal and I go on a rambling adventure and look back on some of the interesting and eye-opening conversations we’ve had over the past few months. To wrap things up, and what was supposed to be a 20-minute conversation, we felt it was time to better introduce ourselves to our listeners, discuss some plans for season two, highlight perhaps some aspirations of bringing AZT into the real world at a conference or two in 2023, and that we will finally open the doors to Zero Trust technology vendors.   Since this is our season one wrap episode, and much of what we cover is a stream of consciousness, there are no key takeaways. Swing back around in January as we kick off the next season with another group of amazing guests. We have plenty of surprises in the works, too!   We hope your year winds down well, and we will cross our fingers for no X-mas cyber incidents.

15 Des 202249min

This week we chat with Chase Cunningham, Doctor Zero Trust himself, about the decade-overnight success of Zero Trust, how he got involved with the concept, and methods for navigating vendors wanting to shape the concept. For those initiated into the world of Zero Trust, you are no doubt familiar with his podcast, regular LinkedIn musings, and history as a Forrester analyst. Beyond the podcast, Chase is the CSO for Ericom Software, has a long history in threat intel, and built a significant track record while at the NSA as a chief cryptologic technician.

22 Nov 202256min

This week we chatted with Chris Reinhold, Director of Innovation at Core BTS, a managed security service provider (MSSP) and IT consulting firm. We dig into the long-awaited answer to our previous call, pen testing Zero Trust systems. Plus, we chat about the idea of Zero Trust as a certification and the always relevant factoid that compliance is not security.

10 Nov 202246min

This week we chat with J. R. Cunningham, Chief Security Officer at Nuspire, and we dig into Zero Trust as a journey. Nuspire is a managed security service provider that provides support ranging from managed detection and response (MDR), endpoint detection, vulnerability management, and of course supporting their customers with adopting Zero Trust. This week we chat about unpacking the idea of Zero Trust when a brand wants to pursue it, the increasing threats targeting the automotive industry, and Nuspire’s ongoing threat reports.

20 Okt 202248min

This week we chat with Maureen Rosado, a Zero Trust Strategist for BT, who has an outstanding history of business development for enterprise companies like IBM and Microsoft. This week we break away from our norms of the technical ins and outs of Zero Trust, and take a look at the ideal way to consult and coach security teams through the process of adopting Zero Trust. For those who have been on the receiving end of cyber security solution pitches, and there are twice as many wrong ways as those that are considered beneficial. Fortunately, Maureen has seen it all, is a wonderful example of being a neutral party, and has a long history of speaking to the subject (including recently with Dr Zero Trust). Get the full recap on adoptingzerotrust.com

6 Okt 202249min