Best moments from “Hacking Zero Trust” – CISO Series Video Chat

Here are five minutes of our best moments from CISO Series Video Chat: “Hacking Zero Trust: An hour of critical thinking of how to simplify the journey to zero trust architecture.”

Watch the full video

Our guests for this discussion were:

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor VMware

Best Bad Idea

Congrats to Tarun Desikan, co-founder, Banyan Security for winning this week’s Best Bad Idea.

Other honorable mentions go to:

“Walk around shouting ‘We’re OK, we practice Zero Trust’ as all the ransomware screens pop up all around you.” – Larry Rosen, manager, security advisory, Avanade

“Implement at least three of every security technologies and point them all at each other.” – Mathew Biby, CISO, Satcom Direct

“Randomly assign an employee as each day’s ‘bad actor’ and lock them out of all access to see if things go better than usual. If they do, fire that employee.” – Bryn Ossa, customer success manager, Elevate Security

“From a risk assessment standpoint transfer zero trust to a third party.” – Aaron Franks, senior leader in cybersecurity, Defense Information Systems Agency

“You present your access request to Sgt. Schultz from Hogan’s Heroes. He yells, ‘I see nothing! I know nothing!’ And then you have to bribe Col. Klink to get your data.” – Dutch Schwartz, principal security specialist, AWS

“Use personality quizzes and have people determine themselves whether or not they should be trusted.” – Valarie Apperson, digital web copywriter, NowSecure

10 percent better

“Develop a strategy. Pick low hanging fruit and implement over time being sure to scope and tailor.” – Drew Brown, information system security developer, Federal Aviation Administration

“Develop a strategy to achieve zero trust before you buy or implement a single piece of technology.” – Jonathan Waldrop, senior director, cyber security, Insight Global

Quotes from the chat room

“Zero trust = access badge + monitoring. What you are doing to be sure someone else is not using your badge. The access badge gives you access to only where you should get to (not the data center, etc.) and monitoring that you are not doing something you should not be doing AND making sure someone else is not using your badge to do stuff.” – Subbarayudu Darisipudi, global offering manager, managed security services, DXC Technology

“Frankly, zero trust is so difficult to digest by the c-levels, most of the time it ends up in hundreds of security exceptions asked by the business.” – Dragos Stanescu, founder, CEO, Security Hubs

“I have always disliked the phrase ‘trust but verify.’ It’s like having your neighbors over for dinner and then frisking them on the way in and saying, ‘Don’t worry, I trust you but just want to verify you don’t have a weapon.'” – Sean Kelly, manager – enterprise information risk assurance, Highmark Blue Cross Blue Shield of Western New York