Season 3, Episode 13: Cato Network’s Etay Maor provides fresh research on the abuse of unpatched log4j libraries. Catch this episode on YouTube, Apple, Spotify, or Amazon. You can read the show notes here. This week on Adopting Zero Trust (AZT), we highlight a significant cybersecurity risk focused on the notorious Log4j vulnerability and the growing concern around shadow IT. Featuring expert insights from Etay Maor, the Chief Cybersecurity Strategist at Cato Networks, the conversation...

Season 3, Episode 12: Could the overturning of Chevron Deference impact cybersecurity and privacy regulations? Catch this episode on YouTube, Apple, Spotify, or Amazon. You can read the show notes here. Welcome back to Adopting Zero Trust or AZT. In our latest episode, we assembled a distinguished panel to dig into a timely topic affecting the cybersecurity landscape but has the fog of war wrapped around it. Today’s conversation centered around the recent developments in cybersecurity...

Season 3, Episode 11: Vulnerability management is critical to any Zero Trust strategy, but you probably already know that. Fortra’s Tyler Reguly breaks down severity vs. risk. Catch this episode on YouTube, Apple, Spotify, or Amazon. You can read the show notes here. Every organization relies on some form of technology to run, and each tool you add increases the risk of vulnerabilities causing problems. If you don’t stay on top of patching, you increase the odds of a bad actor finding their...

Season 3, Episode 10: Elliot chat’s with Vivek Ramachandran of SquareX about his approach to tackling the impossible: Social engineering. Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here. For nearly three decades, social engineering, particularly phishing, has been one of the most impactful and financially draining cyber threats. Between security awareness training, email security gateways, generative AI, enterprise browsers, and a slew of...

Season 3, Episode 9: We chat with SonicWall’s Doug McKee about the top 5 threats targeting SMBs based on recent research. Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here. Cybersecurity challenges come in many different flavors regardless of how old your company is or how many employees it houses. Larger companies have to deal with layers upon layers of technology, processes, and the people who support it. Smaller organizations are...

Season 3, Episode 8: AZT and Dr. Zero Trust have a crossover episode where we chat with reps from MITRE and OWASP about challenges associated with emerging threats. Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here. Every few weeks, and occasionally every few days, we hear report of a new novel technique or zero day. Those headlines often create an unnecessary level of fear for organizations, but battle-worn cybersecurity professionals know...

Season 3, Episode 7: Though regulation impacting cybersecurity moves slow, when new laws are introduced it often puts significant strain on companies. Lacework’s Tim Chase and Drata’s Matt HIllary discuss navigating the latest broad-sweeping regulations. Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here. The time between a law being proposed and going into effect may feel like a snails pace, but for cybersecurity and GRC professionals, it may...

Season 3, Episode 6: Two seasoned cybersecurity professionals, Bryan Willett and Kris Lovejoy, shed light on the dilemma organizations face when hit by ransomware: Should they pay the ransom or not? Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here. Ransomware: To Pay or Not to Pay? It’s an easy question, and we all have the same ideal answer, but how often does life throw us simplicity? Rarely. This week on Adopting Zero Trust, we continue our...

Season 3, Episode 5: Cyber Insurance may not be the sexiest topic, but it’s an important piece of any mature cyber program. We chatted with a lawyer and a VC who share their perspective. Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here. There are many aspects of cybersecurity that are not classified as cool or sexy, but every component plays a role in securing people, data, and businesses. One particular aspect that is often seen as a...

Season 3, Episode 4: Forrester Principal Research Analyst on Zero Trust, David Holmes, shares his perspective on the current and future state of Zero Trust. Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here. Zero Trust is a concept, a strategy, a philosophy, and, for some poor souls, a solution you can buy (it’s not). Through our three seasons, we have heard about MVPs, learned from the godfather of Zero Trust, been aided by Dr Zero Trust, and...

Season 3, Episode 3: Canva’s Head of Enterprise Security, Kane Narraway, discusses how to deploy a Zero Trust strategy in under a year. Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here. This week on Adopting Zero Trust (AZT) we chat with Kane Narraway, the head of Head of Enterprise Security at Canva. Prior to his current role. Kane has been adopting Zero Trust for around a decade, starting with the UK government, and later to organizations...

Season 3, Episode 2: In our conversation with Energy Solution’s CIO David Weisong we chat about how new processes, technology, and budgets are formed.   Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here. It’s a mystery as old as time: the cybersecurity and technology budget and acquisition strategy. How are they formed? How are these projects prioritized? How are internal teams proposing changes and asking for new dollars (and likely not...

To start the new season, we are joined by Hacker Valley Media’s Ron Eddings and Chris Cochran, who discuss breaking into cybersecurity and the role storytelling plays.   A new year, a new season, and plenty of new threats to impact the world of cybersecurity. This week we break from our typical conversations about modern cybersecurity strategies and concepts to focus on one of the most important aspects of our space: people. People are the why behind what we do. We protect, support, and...

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here. PS, we're giving away a Flipper Zero on our site as a little season finale gift. Check out details on our site. You know what they say, you save the best for last. As we wrap season two of Adopting Zero Trust, we take a shift from our standard conversations about modern cybersecurity strategies and look back at some of the history that got us to where we are today. This week we chat with...

Season two, episode 18: Evgeniy Kharam, a founder, CISO, architect, and podcast producer discusses the rise of Enterprise (Secure) browsers. You can read the show notes here and subscribe to updates. In the latest episode of AZT, Evgeniy Kharam, a founder, CISO, architect, and podcast producer, joins the discussion to talk about the rise of Enterprise (Secure) browsers. The conversation explores the importance of browser security and its relevance to the Zero Trust framework. Key...

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.   The word AI, much like Zero Trust, has come with a lot of baggage in the past few years. It’s a term that’s been misused, slapped on the front of startups’ overpriced booths at RSA and Black Hat, and it feels like every cybersecurity product under the sun now supports it in some flavor or fashion. It's the same cycle we’ve been in the past, but this time everyone is jumping in. This week we...

Season two, episode 16: Zack Butcher discusses building upon NIST’s Zero Trust policies and standards, and ZT’s influence on a service mesh as it relates to microservices.   Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.   There are several guiding concepts that make it easier for organizations to build a Zero Trust strategy. The first that typically come to mind come from CISA and NIST. These core elements, ranging from the five pillars...

Season two, episode 15: We talk ZT History and API security with the godfather of Zero Trust, Dr Zero Trust, and Richard Bird. Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here. In the past few years, supply chain attacks and their impacts have or will soon overtake that of the damage done by ransomware. It’s of no surprise then that APIs are a critical attack vector that threat actors like to exploit, yet many organizations do not have a good...

The illusion of going passwordless with Derek Hanson, Vice President Solutions Architecture and Alliances at Yubico. You can read the show notes here.   True or False: The concept of passwordless is new. False.   This is shocking, we know.   Considering the amount of hype around the concept, it certainly can feel like a new concept since the masses are becoming more familiar with it; however, the message is a bit jumbled.   For ages, we’ve used things like biometrics (fingerprints or iris...

Season two, episode 13: Cybersecurity prevention on a global scale with Janey Heins, Global CISO for iHeartMedia.   At the heart of Zero Trust is the idea of prevention. If you don’t trust anything or any person, you are playing in the same pool as risk avoidance. While total risk avoidance isn’t feasible, Zero Trust gets us closer to reality. Now, map this up to an organization with a global footprint, with significant infrastructure sprawl, and you’ve got one very complex scenario on your...

Over the past two years, we’ve explored the ins and outs of Zero Trust, ranging from the concept as a strategy down to the more technical components, such as how it impacts the physical world as found in IoT devices. However, what is often missed in these conversations, is at what point an organization can actually build trust. Not just crawling up from the baseline of zero but achieving continuous trust. The short answer? Defense in depth, building security in layers, and ensuring every 1...

Last episode, we brought to you a wild story of a victim who was SIM-swapped four times, and this week we’re back to basics with some fresh research and a closer look at a critical piece of Zero Trust: Non-federated applications.   Cerby’s Chief Trust Officer, Matt Chiodi, was kind enough to add a bit of color to a research report they released at RSA that helps validate what they’ve been building the past 3 years. Before we get to that, it’s worthwhile to define what nonfederated...

Taking a break from our usual format, this week we chat with a victim-turned-CEO who was hit by SIM-swapping attacks. However, not all harsh starts have to end that way, and Haseeb Awan made the best of a bad situation. After being compromised not once… nor twice, but four times, Haseeb eventually took matters into his own hands and developed a new solution and company, Efani. Haseeb was kind enough to share his personal experience of being SIM swapped where he describes the fear and anxiety...

Season two, episode nine: Featuring Bloomberg’s Head of Information Security Architecture and the Information Security Program, Phil Vachon.   Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.   What does implementing a Zero Trust strategy actually look like in an organization? Nearly a year into our podcast’s journey covering how practitioners view, define, and apply zero trust, it’s time to look under the hood at how a notable organization...