Clearing the Air on Zero Trust – Steven Turner – ESW #267



Cybersecurity buzzwords tend to go through a process. They’re used as a differentiator. Then everyone adopts them and things get out of control. The term Zero Trust originally gained traction in InfoSec thanks to the model designed by John Kindervag during his time at Forrester. These days, you could be seeing the term Zero Trust because:
1. a vendor makes a product that fits into any one of dozens of categories that contribute to a Zero Trust architecture (IAM, MFA, ZTNA, micro segmentation, directory services, etc)
2. a vendor is using ‘zero trust’ as a metaphor (small z, small t)
3. a vendor is using ‘zero trust’ as a philosophy, or company principle (small z, small t)
4. the CMO said it needs to be somewhere on the website for SEO
5. someone told a founder to put it in the sales and/or pitch deck

Steve joins us to separate the cyber virtue signaling from the truth of what Zero Trust actually looks like, why it’s difficult, and what impact federal interest in Zero Trust will have on this trend.

Segment Resources:
NIST SP 800-207 – https://csrc.nist.gov/publications/detail/sp/800-207/final
– UK NCSC ZT Guidance – https://github.com/ukncsc/zero-trust-architecture
USA CISA/OMB ZT Guidance – https://zerotrust.cyber.gov/
DOD ZT Reference Architecture –https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf
– Microsoft ZT Guidance – https://docs.microsoft.com/en-us/security/zero-trust/ Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

Clearing the Air on Zero Trust

Guests

Steven Turner

Steven Turner – Senior Security Cloud Solution Architect at Microsoft

@beingageek

Steve is a security architect at Microsoft. He started his career through trial by fire that is MSP life. He pivoted to securing everything from waste facilities and transportation infrastructure to huge financial services organizations, and even mixed in some industry analysis in for good measure. He’s passionate about coming up with security solutions that make colleagues happy and bad actors cry.

Hosts

Adrian Sanabria

Adrian Sanabria – Director of Product Management at Tenchi Security

@sawaba

Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.

Larry Pesce

Larry Pesce – Principal Managing Consultant and Director of Research & Development at InGuardians

@haxorthematrix

Larry’s core specialties include hardware and wireless hacking, architectural review, and traditional pentesting. He also regularly gives talks at DEF CON, ShmooCon, DerbyCon, and various BSides. Larry holds the GAWN, GCISP, GCIH, GCFA, and ITIL certifications, and has been a certified instructor with SANS for 5 years, where he trains the industry in advanced wireless and Industrial Control Systems (ICS) hacking. Larry’s independent research for the show has led to interviews with the New York Times with MythBusters’ Adam Savage, hacking internet-connected marital aids on stage at DEFCON, and having his RFID implant cloned on stage at Shmoocon. When not hard at work, Larry enjoys long walks on the beach weighed down by his ham radio, (DE KB1TNF), and thinking of ways to survive the impending zombie apocalypse.

Tyler Shields

Tyler Shields – CMO at JupiterOne

@txs

Tyler advises, guides, and operates high tech startups primarily in the B2B security space. He is a former market analyst, engineer, product manager, marketing leader, and partnership manager. In other words, Tyler builds and grows businesses – in all aspects. He’s a board advisor, angel investor, and board member at multiple firms and an investment advisor for a venture debt business. He loves to play guitar and poker in his free time.

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!