Season two, episode nine: Featuring Bloomberg’s Head of Information Security Architecture and the Information Security Program, Phil Vachon.   Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.   What does implementing a Zero Trust strategy actually look like in an organization? Nearly a year into our podcast’s journey covering how practitioners view, define, and apply zero trust, it’s time to look under the hood at how a notable organization put its strategy into motion. This week we chat with Bloomberg’s Head of Information Security Architecture and the Information Security Program, Phil Vachon, about how they transformed their security organization with Zero Trust.   Most interestingly though, while many organizations are just now exploring how they will start their zero trust journey, Bloomberg was ahead of the curve even before covid thrust the concept into the limelight. “I will always say it is continuing to be a journey. It's not a destination,” said Vachon. Key Takeaways Zero Trust Principles Zero trust is not a new concept but has been repackaged and branded as a solid ideology. Zero trust involves three principles: trust but verify, assume compromise, and strong posture. Zero Trust Journey Zero trust is a continuing journey, not a destination. Zero trust requires a good mindset about how to implement controls and how to reason about security architecture. Zero trust is not just about securing the corporate IT estate but also about securing the data center estate and the communications between components. Challenges in Implementing Zero Trust Balancing security with usability is a challenge that must be addressed to enable a high-collaboration, low-friction workflow. Bloomberg leverages many SaaS services for collaboration, but they also have their own core services that are still on-premises. They focus heavily on their offerings on-premises and have a big drink-your-own champagne culture around them.