Off the Wire: A Play by Play on Cybersecurity and Technology Issues

E18 – Building a Secure Network with the Zero Trust Blueprint

Listen Later

Introduction:

  • Host Introduction: Tanner Greer and Anthony Kent, two IT executives with 35 years of combined experience in the IT field, specializing in cybersecurity.
  • Episode Overview: Discussion on Zero Trust security.

    • Segment 1: Conference Recap

    • Anthony's recent attendance at the IT conference for South Carolina co-ops.
  • Key takeaway: Importance of IT communication with non-IT stakeholders, avoiding jargon and using relatable examples.

    • Segment 2: Understanding Zero Trust

    • Zero Trust explained: "Never trust, always verify."
  • History of Zero Trust: Coined by John Kindervag in the 90s and popularized in the 2000s.
  • Shift in mindset: From securing trusted internal networks to assuming all networks are potentially hostile.

    • Segment 3: Key Concepts of Zero Trust

    • Basic principles: Never trust, always verify; least privilege; and assume breach.
  • NIST guidance on Zero Trust (800-207).

    • Segment 4: Implementing Zero Trust

    • Defining the protect surface: Identify what needs protection.
  • Mapping transaction flows: Understand how data moves.
  • Architecting Zero Trust: Building a secure infrastructure.
  • Creating Zero Trust policies: Setting rules and guidelines.
  • Monitoring and maintaining: Continuous improvement and vigilance.

    • Segment 5: Real-world Application

    • Anthony's recent project: Redesigning an OT environment using Zero Trust principles.
  • Challenges and solutions: VLAN segmentation, micro-segmentation, and user/device checks.

    • Segment 6: Lessons Learned

    • Importance of strategic goals: Integrating Zero Trust into organizational strategy.
  • Using existing tools effectively: Leveraging current technology to implement Zero Trust.
  • Practical tips: Start with test environments, prioritize critical applications, and consider business operations.

    • Segment 7: Pitfalls and Considerations

    • Usability impact: Balancing security measures with operational needs.
  • Internal threats: Monitoring for suspicious internal activities.
  • Continuous monitoring: Importance of regular checks and updates.

    • Segment 8: Resources and References

    • Recommended reading: "Project Zero Trust" book.
  • Key documents: NIST 800-207 and CISA's Zero Trust Maturity Model.

    • Conclusion:

    • Recap of the episode.
  • Encouragement to start the Zero Trust journey: Don't be overwhelmed; take it step by step.
  • Final thoughts: Zero Trust as a critical part of modern cybersecurity strategies.

    • Closing:

    • Reminder to check previous episodes.
  • Contact information: Website, email, and social media handles.
  • Episode release schedule: Every other Monday.

    • Sign-off:

    • Hosts' sign-off and thanks for listening.
    ...more
    View all episodesView all episodes
    Download on the App Store
    Off the Wire: A Play by Play on Cybersecurity and Technology IssuesBy Anthony Kent & Tanner Greer
    • 5
    • 5
    • 5
    • 5
    • 5

    5

    16 ratings