Zero Trust Journey
Zero Trust Journey isn’t about taking sides—it’s about real conversations, sharing research, and learning together. Our goal is to explore Zero Trust from every angle and help cybersecurity practitioners make sense of it in a practical, no-fluff way. And yes, we do love to chat about coffee and listen to the occasional dad joke along the way.
Here’s what we do:
- Conversations with Experts: We chat with subject matter experts who share their opinions, experiences, and Zero Trust journeys.
- Research and Product Insights: We explore Zero Trust products and solutions in the market that may fit into a Zero Trust architecture.
- A Zero Trust Architecture: We’re building and refining an ever-growing architecture focused solely on the needs of cybersecurity practitioners.
- CSA CCZT Study Group: We host a study group for the Cloud Security Alliance (CSA) Certificate of Competence in Zero Trust (CCZT).
If you’re a cybersecurity professional looking for honest discussions, practical insights, and tools that evolve with your Zero Trust strategy (plus the occasional coffee tip), Zero Trust Journey is for you. Join us!
Zero Trust Journey
Episode 11: What Does Zero Trust Mean to You?
Host
Zach Pugh (https://www.linkedin.com/in/zachary-pugh/)
Co-Host
Victor Monga (https://www.linkedin.com/in/victorvirtual/)
Guest
Drinor Selmanaj (https://www.linkedin.com/in/drinor-selmanaj-5bb28185/)
Highlights:
- Vulnerable vs. Exploitable: Distinguishing between a known vulnerability and a realistic exploitation path is essential for smart security decisions.
- Return on Effort: Focus on the security measures that provide the greatest risk reduction for the time and resources invested.
- Continuous Validation: Embrace adversary emulation, red-teaming, and regular testing to ensure your Zero Trust controls remain effective against evolving threats.
- Reducing Reachability: Minimize network, credential, and device reachability to cut down attackers’ lateral movement and protect critical assets.
- Practical Zero Trust Framework: Break down Zero Trust into manageable steps—start with asset inventories, least-privilege policies, and ongoing security education.
Key Takeaways:
- Zero Trust Is a Journey: It’s not a one-time project. Continuous assessment and adaptation are vital to keep pace with evolving threats.
- Define Your Own Zero Trust: There is no official Zero Trust certification, so each organization must clarify what Zero Trust means in the context of its unique business objectives.
- Continuous Security Validation: Regular testing (e.g., adversary emulation, red teaming) is key to security maturity and helps ensure Zero Trust controls work as intended.
- Adapt to Emerging Threats & AI: As attackers’ methods evolve—particularly with AI—organizations must keep refining and updating their Zero Trust strategies.
- Practical Application Matters: Beyond theory, Zero Trust relies on hands-on experience, clear asset inventories, and least-privilege principles to minimize the attack surface.
- Education & Culture: A security-first mindset, leadership support, and team-wide training are essential for successful Zero Trust adoption at scale.
Subscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges.
Disclaimer: The views expressed are those of the speakers.
