Adopting Zero Trust

Season 3, Episode 5: Cyber Insurance may not be the sexiest topic, but it’s an important piece of any mature cyber program. We chatted with a lawyer and a VC who share their perspective.

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.

There are many aspects of cybersecurity that are not classified as cool or sexy, but every component plays a role in securing people, data, and busi...

Season 3, Episode 4: Forrester Principal Research Analyst on Zero Trust, David Holmes, shares his perspective on the current and future state of Zero Trust.

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.

Zero Trust is a concept, a strategy, a philosophy, and, for some poor souls, a solution you can buy (it’s not). Through our three seasons, we have heard about MVPs, learned from ...

Season 3, Episode 3: Canva’s Head of Enterprise Security, Kane Narraway, discusses how to deploy a Zero Trust strategy in under a year.

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.

This week on Adopting Zero Trust (AZT) we chat with Kane Narraway, the head of Head of Enterprise Security at Canva. Prior to his current role. Kane has been adopting Zero Trust for around a decade,...

Season 3, Episode 2: In our conversation with Energy Solution’s CIO David Weisong we chat about how new processes, technology, and budgets are formed.

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.

It’s a mystery as old as time: the cybersecurity and technology budget and acquisition strategy. How are they formed? How are these projects prioritized? How are internal teams propo...

To start the new season, we are joined by Hacker Valley Media’s Ron Eddings and Chris Cochran, who discuss breaking into cybersecurity and the role storytelling plays.

A new year, a new season, and plenty of new threats to impact the world of cybersecurity. This week we break from our typical conversations about modern cybersecurity strategies and concepts to focus on one of the most important aspects of our space: people.

People...

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here. PS, we're giving away a Flipper Zero on our site as a little season finale gift. Check out details on our site.

You know what they say, you save the best for last. As we wrap season two of Adopting Zero Trust, we take a shift from our standard conversations about modern cybersecurity strategies and look back at some of the history t...

Season two, episode 18: Evgeniy Kharam, a founder, CISO, architect, and podcast producer discusses the rise of Enterprise (Secure) browsers.

You can read the show notes here and subscribe to updates.

In the latest episode of AZT, Evgeniy Kharam, a founder, CISO, architect, and podcast producer, joins the discussion to talk about the rise of Enterprise (Secure) browsers. The conversation explores the importance of browser security a...

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.

The word AI, much like Zero Trust, has come with a lot of baggage in the past few years. It’s a term that’s been misused, slapped on the front of startups’ overpriced booths at RSA and Black Hat, and it feels like every cybersecurity product under the sun now supports it in some flavor or fashion. It's the same cycle we’ve been in ...

Season two, episode 16: Zack Butcher discusses building upon NIST’s Zero Trust policies and standards, and ZT’s influence on a service mesh as it relates to microservices.

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.

There are several guiding concepts that make it easier for organizations to build a Zero Trust strategy. The first that typically come to mind come from CISA a...

Season two, episode 15: We talk ZT History and API security with the godfather of Zero Trust, Dr Zero Trust, and Richard Bird.

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.

In the past few years, supply chain attacks and their impacts have or will soon overtake that of the damage done by ransomware. It’s of no surprise then that APIs are a critical attack vector that threat acto...

The illusion of going passwordless with Derek Hanson, Vice President Solutions Architecture and Alliances at Yubico. You can read the show notes here.

True or False: The concept of passwordless is new. False.

This is shocking, we know.

Considering the amount of hype around the concept, it certainly can feel like a new concept since the masses are becoming more familiar with it; however, the message is a bit jumbled.

For age...

Season two, episode 13: Cybersecurity prevention on a global scale with Janey Heins, Global CISO for iHeartMedia.

At the heart of Zero Trust is the idea of prevention. If you don’t trust anything or any person, you are playing in the same pool as risk avoidance. While total risk avoidance isn’t feasible, Zero Trust gets us closer to reality. Now, map this up to an organization with a global footprint, with significant infrastruct...

Over the past two years, we’ve explored the ins and outs of Zero Trust, ranging from the concept as a strategy down to the more technical components, such as how it impacts the physical world as found in IoT devices. However, what is often missed in these conversations, is at what point an organization can actually build trust.

Not just crawling up from the baseline of zero but achieving continuous trust. The short answer? Defense ...

Last episode, we brought to you a wild story of a victim who was SIM-swapped four times, and this week we’re back to basics with some fresh research and a closer look at a critical piece of Zero Trust: Non-federated applications.

Cerby’s Chief Trust Officer, Matt Chiodi, was kind enough to add a bit of color to a research report they released at RSA that helps validate what they’ve been building the past 3 years. Before we get to...

Taking a break from our usual format, this week we chat with a victim-turned-CEO who was hit by SIM-swapping attacks. However, not all harsh starts have to end that way, and Haseeb Awan made the best of a bad situation. After being compromised not once… nor twice, but four times, Haseeb eventually took matters into his own hands and developed a new solution and company, Efani.

Haseeb was kind enough to share his personal experience...

Season two, episode nine: Featuring Bloomberg’s Head of Information Security Architecture and the Information Security Program, Phil Vachon.

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.

What does implementing a Zero Trust strategy actually look like in an organization? Nearly a year into our podcast’s journey covering how practitioners view, define, and apply zero trust, it...

There’s no avoiding it, the headlines have not been kind to the ways we access systems today. Users are still using 1234, password, and even their dog's name. Not just using these weak passwords but also reusing them across multiple platforms, making it incredibly easy to breach someone once they’ve been caught up in a previous breach. On the vendor side, well we all know what’s happened there in the past 12 months, and now more th...

For many, cybersecurity is seen as a cost center that reduces risk to the business. This can be oversimplified to something akin to how HR reduces people-related risks but comes with layer on top of layer of complexities ranging from technology to physical buildings and, of course, people. Regardless of organizational size, cybersecurity leadership requires a top-down approach, leaving room for discussion at the board level and ali...

For more than a decade, Zero Trust as a concept has moved from a philosophy and now into a practical architecture and strategy that organizations can adopt. While Zero Trust encapsulates much of what has gone well in cybersecurity for the past 30 years or so, does it truly offer an innovative approach or just iterative change? Is the concept positioned well so others can adapt it to their needs and prevent greater cyber-related ris...