Zero Trust Journey
Zero Trust Journey isn’t about taking sides—it’s about real conversations, sharing research, and learning together. Our goal is to explore Zero Trust from every angle and help cybersecurity practitioners make sense of it in a practical, no-fluff way. And yes, we do love to chat about coffee and listen to the occasional dad joke along the way.
Here’s what we do:
- Conversations with Experts: We chat with subject matter experts who share their opinions, experiences, and Zero Trust journeys.
- Research and Product Insights: We explore Zero Trust products and solutions in the market that may fit into a Zero Trust architecture.
- A Zero Trust Architecture: We’re building and refining an ever-growing architecture focused solely on the needs of cybersecurity practitioners.
- CSA CCZT Study Group: We host a study group for the Cloud Security Alliance (CSA) Certificate of Competence in Zero Trust (CCZT).
If you’re a cybersecurity professional looking for honest discussions, practical insights, and tools that evolve with your Zero Trust strategy (plus the occasional coffee tip), Zero Trust Journey is for you. Join us!
Zero Trust Journey
Episode 3: Validating Security Controls and Gaining Executive Buy-In for Zero Trust
In this episode of Zero Trust Journey, hosts Victor Monga and Zach Pugh sit down with Jose Barajas, Vice President of Global Sales Engineering at AttackIQ to explore what it truly takes to implement and sustain Zero Trust security beyond the buzzwords.
Jose shares first-hand insights from years of helping organizations validate their security controls, revealing the biggest misconceptions, common pitfalls, and the real challenges that teams face when moving Zero Trust from theory to practice. From breaking down resistance to change to securing executive buy-in, this episode delivers practical strategies for making Zero Trust work—no matter where you are in the journey.
What You’ll Learn in This Episode:
✔ The Validation Gap – Why 90% of organizations assume their Zero Trust controls work, but nearly half fail security testing.
✔ Beyond Compliance – How Zero Trust is a security strategy, not just a checkbox for regulations.
✔ Breaking Cultural Barriers – Overcoming resistance from teams who feel “Zero Trust means you don’t trust them.”
✔ Securing Executive Buy-In – “I've gotta find a way to position Zero Trust as a revenue driver or at least to offset the protection of assets in the business.”
✔ The Role of Continuous Testing – Why Zero Trust isn’t a one-and-done initiative, but an evolving process requiring ongoing validation.
Victor and Zach dive into real-world Zero Trust adoption stories, exposing the biggest roadblocks organizations face—including why many Zero Trust projects fail before they start. Jose shares actionable ways to validate security controls, iterate on implementations, and gain leadership support to drive Zero Trust forward.
Key Takeaways:
🔹 Zero Trust isn’t complicated—it’s just hard. Cultural shifts and executive mandates are critical for success.
🔹 Validation matters—if you don’t test security controls regularly, they likely aren’t working as intended.
🔹 Zero Trust isn’t about mistrust—it’s about verifying digital actions, not distrusting employees.
🔹 Align Zero Trust with business goals—position it as a risk-reducing, revenue-protecting strategy to gain leadership support.
🔹 Start small, iterate, and automate—Zero Trust isn’t all or nothing, it’s a process of continuous improvement.
Whether you’re a security leader or just beginning your Zero Trust journey, this episode provides practical insights to strengthen your strategy, reduce risk, and gain buy-in across your organization.
Stay connected with the Zero Trust Journey! Follow us on LinkedIn and subscribe to our YouTube for insights, discussions, and updates. Visit our website for exclusive content and to stay informed on the latest Zero Trust strategies.
Disclaimer: The views expressed are those of the speakers.
