Zero Trust Journey
Zero Trust Journey isn’t about taking sides—it’s about real conversations, sharing research, and learning together. Our goal is to explore Zero Trust from every angle and help cybersecurity practitioners make sense of it in a practical, no-fluff way. And yes, we do love to chat about coffee and listen to the occasional dad joke along the way.
Here’s what we do:
- Conversations with Experts: We chat with subject matter experts who share their opinions, experiences, and Zero Trust journeys.
- Research and Product Insights: We explore Zero Trust products and solutions in the market that may fit into a Zero Trust architecture.
- A Zero Trust Architecture: We’re building and refining an ever-growing architecture focused solely on the needs of cybersecurity practitioners.
- CSA CCZT Study Group: We host a study group for the Cloud Security Alliance (CSA) Certificate of Competence in Zero Trust (CCZT).
If you’re a cybersecurity professional looking for honest discussions, practical insights, and tools that evolve with your Zero Trust strategy (plus the occasional coffee tip), Zero Trust Journey is for you. Join us!
Zero Trust Journey
Episode 33: The Zero Trust Transformation: Shifting from Technical Fix to Cultural Change
In this episode, we dive deep into the organizational and cultural roadblocks of Zero Trust with Mark Simos, Lead Cybersecurity Architect at Microsoft. Mark, a veteran who has spent over 25 years helping enterprises operationalize security, reveals why failure in Zero Trust often stems not from technical missteps, but from a fundamental misunderstanding of roles, responsibilities, and business incentives. He shares the journey of evolving from a technical expert to a "storyteller" and how that shift is essential for CISOs today.
Guest: Mark Simos (https://www.linkedin.com/in/marksimos)
Host: Dr. Victor Monga (https://www.linkedin.com/in/victorvirtual)
Co-Host: Dr. Victor Monga (https://www.linkedin.com/in/beingageek)
Mentioned Resources:
- Mark Simos on LinkedIn: https://www.linkedin.com/posts/marksimos_security-doesnt-get-better-until-we-correct-activity-7376623700508418048-yEDF?utm_source=share&utm_medium=member_desktop&rcm=ACoAABKQrw8BhNT_WGckKwwZ1zNfi6UkyFkMpZU
- The Open Group Security Roles and Responsibilities Standard: https://www.opengroup.org/open-group-july-virtual-event-explore-open-digital-standards-across-industries
- Microsoft Cybersecurity Reference Architecture (MCRA): https://learn.microsoft.com/en-us/security/adoption/mcra
Highlights:
--| The Two Broken Assumptions: How Zero Trust changes the assumption that the firewall is enough, and—crucially—that security is only the security team's job.
--| The CISO's Trap: Why technical CISOs often fail and get rotated out when they talk "speeds and feeds" instead of connecting security to business risk and outcomes.
--| Accountability vs. Blame: The critical difference leaders must understand to stop the cycle of finger-pointing and achieve real change.
--| The Microsoft SFI Example: How linking executive pay and incentive structures to security metrics drives cultural change across the organization.
--| The Role of the Storyteller: Mark's realization that communicating complex technology requires narrative skills to land concepts with business leaders.
--| The Future of Jobs: How AI will augment and change tasks, but the fundamental jobs to be done in security (and the need for human expertise) will remain.
--| One Key Piece of Advice: The single most important thing a CISO or architect can do to modernize their org structure around Zero Trust.
This episode is a must-listen for anyone struggling to move their Zero Trust initiative beyond the technical implementation phase. Mark provides a clear roadmap for embedding security accountability throughout the entire business.
Subscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges.
Disclaimer: The views expressed are those of the speakers.
