How to ACTUALLY Implement Zero Trust | Enterprise Tech Playbook

Episode Summary

In this masterclass episode of Enterprise Tech Playbook, host Matt Ashby sits down with Matthew Hackling, Director of Cyber Shield and 25-year cybersecurity veteran, to demystify Zero Trust implementation. They dive deep into the practical realities of transforming enterprise networks from traditional castle-and-moat architectures to modern Zero Trust frameworks.

Matthew shares his real-world experience leading a Zero Trust transformation at an oil and gas company, revealing the critical prerequisites, common pitfalls, and pragmatic strategies that make the difference between success and failure. The conversation covers everything from the business case for Zero Trust to specific technical implementations, with a focus on knowledge workers and gradual, low-impact rollouts.

Key topics include the importance of CMDB data quality, identity governance, microsegmentation strategies, and the shift from VPN appliances to Zero Trust Network Access (ZTNA) solutions. Matthew emphasizes that perfection is the enemy of progress and provides actionable advice for CISOs and IT leaders looking to make Zero Trust a reality in their organizations.

Video Chapters

00:00 - Introduction: The Zero Trust Challenge

Making Zero Trust a reality - moving from theory to implementation

00:28 - Welcome & Guest Introduction

Meet Matthew Hackling, 25-year cybersecurity veteran and Director of Cyber Shield

01:26 - Forging a Leader's Philosophy

"Be honest, do your best, deliver value, you are only as good as your last job"

04:34 - The Business Case: Why an Oil & Gas Giant Invested

Life safety drivers and critical infrastructure protection as catalysts for transformation

11:45 - The Playbook: A Gradual, Low-Impact Rollout

First three tangible steps for implementing Zero Trust without disrupting operations

23:07 - Your First 3 Steps (The Action Plan)

Start with visibility of flows between users and applications

Replace VPN appliances with ZTNA solutions

Focus on crown jewel applications first

33:19 - Lessons from the Field: The #1 Mistake to Avoid

Why "boiling the ocean" kills Zero Trust initiatives and how to avoid it

36:33 - The Future: Advice for the Next Generation of Leaders

Essential skills and certifications for aspiring Zero Trust architects

51:55 - Cybersecurity for Good & Your Next Step

Cyber Shield's mission to protect nonprofits and community organizations

Key Takeaways

✅ Prerequisites for Success:

Quality CMDB (Configuration Management Database) data

Identity Governance Administration solution for crown jewel apps

Clear strategy with defined outcomes

✅ Implementation Strategy:

Start with knowledge worker use cases

Focus on crown jewel applications first

Use monitor mode before enforcement

Drive security ownership to application teams

✅ Technology Stack:

Zero Trust Network Access (ZTNA) to replace VPNs

Microsegmentation for lateral movement prevention

Identity-driven security policies

Security Service Edge (SSE) solutions

✅ Common Pitfalls:

Trying to protect every application equally

Lack of organizational buy-in

Poor CMDB data quality

Treating it as purely a technology problem

Resources Mentioned

Forrester Zero Trust Strategist Certification

Microsoft Cyber Security Reference Architecture

Entra ID Conditional Access Policies

Security Service Edge (SSE) vendors

Connect with Matthew Hackling

LinkedIn: https://www.linkedin.com/in/mhackling/

Website: cybershieldnonprofit.com

About Enterprise Tech Playbook

Empowering IT professionals with actionable wisdom and a collaborative community, making their next stride in enterprise tech one that truly leads with impact.

Subscribe for more deep dives into enterprise technology, cybersecurity, and IT leadership.

#ZeroTrust #Cybersecurity #EnterpriseTech #ZTNA #Microsegmentation #ITSecurity #CISO #NetworkSecurity #CloudSecurity #DigitalTransformation

Mastering Enterprise Data Analytics with Craig Bryden: Actionable Strategies for IT ProfessionalsIn this episode of the Enterprise Tech Playbook, we are joined by Craig Bryden, an expert in enterprise data analytics and data management, who shares his strategies for building an 80 million row per day data warehouse.

Craig discusses the importance of a well-defined data strategy, the pitfalls of over-engineering, the benefits of incremental deployment, and the intricacies of medallion architecture.

This conversation includes practical advice on balancing perfection with pragmatic approaches, emphasizing the role of communication, and selecting the right tools for the job. Join us to learn how to turn seemingly impossible data challenges into strategic successes.00:00 How to Successfully Implement Massive Data Projects02:27 The Strategy & Philosophy43:23 The Playbook52:33 Wrap-up & Biggest takeawaysConnect with UsWebsite: https://theenterprisetechplaybook.my.canva.site/LinkedIn: https://www.linkedin.com/company/the-enterprise-tech-playbook/Facebook: https://www.facebook.com/share/1HEcmFTfNf/Instagram: https://www.instagram.com/theenterprisetechplaybook#CIO #CTO #TechLeadershipDisclaimerPlease Note: This video provides general information and entertainment related to IT operations, architecture, cybersecurity, and strategies. It's not professional advice. Always do your own research and consult with your own IT professionals or experts before acting on any information presented here. Your circumstances are unique. We don't guarantee the accuracy or completeness of this content and aren't liable for any reliance on it.

#digitalshift #digitaltransformation #disruptivetechnology #futuretech #futuretechnology #machinelearning #techdisruption #techpolicy #techtrends #ITStratergy #Stratergy #ITLeadership #leadership #IT #DevOps #Agile #DataEngineering #BigData #DataStrategy #DataWarehouse #ITProjectManagement #EnterpriseArchitecture #DataGovernance #TechStrategy #DataAnalytics #LakehouseMedallionArchitecture #DataLakehouse #MedallionArchitecture #CloudDataPlatform

Bridging IT and Business: Transforming Technical Insights into Strategic Wins with Amit Singh.

Struggling to get executive buy-in for your IT projects?

In this episode of The Enterprise Tech Playbook, we break down the single most effective way to close the gap between complex technical work and clear business outcomes.Join host Matt as he sits down with Amit Singh, Founder of evince Consulting, to reveal the "one-page diagram" that can align your entire organisation.

In This Episode, You'll Learn:

- Amit's core philosophy: Why "Old tech with new ways of working beats new tech with old ways of working" is a game-changer for IT strategy.

- The "Application Map": A step-by-step strategic play to translate technical complexity into a language business leaders understand and value.

- How to move from ambition to action, especially in complex areas like AI adoption and cyber resilience.

- The critical communication skills that separate top-tier IT leaders and future CIOs from the rest.

About Our Guest

Amit Singh is the Founder & Strategic Advisor at evince Consulting, where he helps IT leaders align technology strategy with business outcomes.

With a career that includes leading IT strategy for major government departments and mentoring multiple professionals who have become CIOs and CTOs, Amit specialises in cutting through hype to deliver practical, scalable solutions.

Register for Amit's AI Strategy Webinar: https://go.evince.com.au/free-webinar-registration

Connect with Amit on LinkedIn: https://www.linkedin.com/in/au-amitsingh/

Chapters:

00:00 - The Simple Diagram for Total Organisational Alignment

02:39 - The Philosophy: Why "Old Tech, New Workflows" Wins

14:34 - The "Application Map": Amit's Strategic Play for Clarity

27:26 - Case Study: Getting Executive Buy-In

40:37 - Key Takeaways & Your Next Move

Support My Work: https://buymeacoffee.com/enterprisetechplaybook

Connect with Us Website: https://theenterprisetechplaybook.my.canva.site/

LinkedIn: https://www.linkedin.com/company/the-enterprise-tech-playbook/

Facebook: https://www.facebook.com/share/1HEcmFTfNf/

Instagram: https://www.instagram.com/theenterprisetechplaybook

#CIO #CTO #TechLeadershipDisclaimer

Please Note: This video provides general information and entertainment related to IT operations, architecture, cybersecurity, and strategies. It's not professional advice. Always do your own research and consult with your own IT professionals or experts before acting on any information presented here. Your circumstances are unique. We don't guarantee the accuracy or completeness of this content and aren't liable for any reliance on it.

Unlocking 99.7% Cost Reduction in Enterprise Tech: Insights from T Hoque | Enterprise Tech PlaybookIn this episode of the Enterprise Tech Playbook, we uncover the incredible story of T Hoque, a senior leader in the enterprise tech space.

Discover how T managed to bring down a crucial piece of infrastructure costing $50,000 a month to just $150 a month, achieving a staggering 99.7% cost reduction. This isn't just theory – T shares actionable insights, from core architectural decisions to the right mindset for tech leadership.

We explore the importance of a 'people first' approach, effective automation, and optimising workflows to ensure efficiency and cost-effectiveness. T also shares valuable lessons on leveraging AI, maintaining simplicity in architecture, and driving technology decisions based on business needs. Whether you're a seasoned IT professional or an aspiring tech leader, this episode is filled with practical wisdom and transformative strategies that can lead to impactful changes within your own organisation.

Tune in, learn, and be inspired by T's journey and insights!

00:00 How He Cut Our Cloud Costs by 99.7% (The Exact Blueprint Revealed)

00:05 Introduction

01:17 The Architect's Mindset

23:50 The Blueprint – Defining the Problem

40:14 The Blueprint in Action – Architecture & Tooling

55:17 Parting Words & Wrap-up

DisclaimerPlease Note: This video provides general information and entertainment related to IT operations, architecture, cybersecurity, and strategies. It's not professional advice.Always do your own research and consult with your own IT professionals or experts before acting on any information presented here. Your circumstances are unique. We don't guarantee the accuracy or completeness of this content and aren't liable for any reliance on it.

This week on The Enterprise Tech Playbook, we unpack the critical stories shaping the IT landscape. We start with a crucial look at the new economics of artificial intelligence, exploring how GenAI FinOps and token-based pricing are creating massive, unexpected budget challenges. We then shift to the strategic implications of Westpac's major investment in AIOps and what it signals for the future of IT operations careers.On the cybersecurity front, we dissect three urgent threats: a classic endpoint security nightmare involving a WinRAR zero-day vulnerability, a persistent software supply chain risk with the XZ backdoor still lurking on Docker Hub, and a frightening glimpse into the future of AI attack vectors that could turn your calendar into a weapon.Finally, we land in an Australian courtroom to analyse the Epic Games vs. Apple & Google battle and what the potential end of the "walled garden" app store model means for enterprise security and mobile device management.We're on a mission to empower every IT professional with actionable wisdom and a collaborative community, making their next stride in enterprise tech one that truly leads with impact.This Week's News Stories & ResourcesHere are the links to all the articles discussed in this episode:GenAI FinOps: How token pricing really worksA foundational guide from the FinOps Foundation on the new consumption-based cost models of Generative AI.https://www.finops.org/wg/genai-finops-how-token-pricing-really-works/Epic Games' App Store Fight with Apple & Google Hits Australian CourtsABC News covers the kick-off of the landmark anti-competition case in Australia's Federal Court.https://www.abc.net.au/news/2025-08-12/epic-games-fortnite-v-apple-google-federal-court-case/105641794Inside Westpac's Push into AIOps and Event-Driven AutomationiTnews reports on how the major Australian bank is moving from a reactive to a predictive IT operations model.https://www.itnews.com.au/news/westpac-turns-to-aiops-and-event-driven-automation-619369WinRAR Zero-Day Exploited in the Wild, Highlighting Endpoint Blind SpotsArs Technica details a high-severity vulnerability in the popular utility, exploited by attackers for weeks.https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/Ghost in the Machine: Docker Hub Still Hosting Images with XZ BackdoorBleepingComputer reveals that the notorious software supply chain vulnerability persists in public container repositories.https://www.bleepingcomputer.com/news/security/docker-hub-still-hosts-dozens-of-linux-images-with-the-xz-backdoor/amp/"Hey Google, Hijack My Calendar": AI Assistants Create New Attack VectorsWIRED explores a novel attack that uses poisoned data to trick AI assistants into performing unauthorised actions.https://www.wired.com/story/google-gemini-calendar-invite-hijack-smart-home/Join the Conversation!Which of these stories hits closest to home for your organisation? Join the conversation by leaving a comment on our YouTube video or connecting with us on LinkedIn.If you found value in this episode, please subscribe on your favourite podcast platform.

Massive Government Cloud Spend, AI Trust in X-Rays, and Political Chip ShowdownsIn this week's episode of the Enterprise Tech Playbook, we delve into the implications of over $80 million in government spending on cloud and consulting in just one week. Discover if AI can be trusted to read x-rays and manage veteran claims, and get the latest on the geopolitical battles affecting the world's biggest chip maker. We explore key security certifications, massive cloud deals, fascinating AI trials, and the complex interplay of politics and technology in our hardware supply chain. Join us as we cut through the noise for what truly matters in enterprise tech.00:00 Aussie Gov's $80M+ Tech Bet | AI Reads X-Rays | Trump vs Intel's CEO00:05 Opening & Introduction01:21 The Government's Modernisation Chequebook04:18 AI in the Real World - From Labs to Lives07:36 The Enablers - Security and Geopolitics10:57 Summary & Key TakeawaysCRN Australia. "Trump’s Call For Intel’s CEO To Resign: 6 Big Things To Know." Published 6 August 2025. https://www.crn.com.au/news-network/components-peripherals/2025/trump-s-call-for-intel-s-ceo-to-resign-6-big-things-to-knowCSIRO. "AI to read chest X-rays smarter." Published 6 August 2025. https://www.csiro.au/en/news/All/News/2025/August/AI-to-read-chest-X-rays-smarteriTnews. "Accenture picks up $51.7m deal for My Health Record transition." Published 4 August 2025. https://www.itnews.com.au/news/accenture-picks-up-517m-deal-for-my-health-record-transition-619247iTnews. "Health expands cloud footprint with $32m Azure deal." Published 5 August 2025. https://www.itnews.com.au/news/health-expands-cloud-footprint-with-32m-azure-deal-619316iTnews. "Veterans' Affairs tests using AI to tackle 82,645 unprocessed claims." Published 4 August 2025. https://www.itnews.com.au/news/veterans-affairs-tests-using-ai-to-tackle-82645-unprocessed-claims-619224iTWire. "Securing Australia’s critical systems: CyberArk completes IRAP assessment at “Protected” information classification level." Published 7 August 2025. https://itwire.com/business-it-news/security/se%e2%80%8bcuring-australia%e2%80%99s-critical-systems-cyberark-completes-irap-assessment-at-%e2%80%9cprotected%e2%80%9d-information-classification-level.htmlDisclaimerPlease Note: This video provides general information and entertainment related to IT operations, architecture, cybersecurity, and strategies. It's not professional advice.Always do your own research and consult with your own IT professionals or experts before acting on any information presented here. Your circumstances are unique. We don't guarantee the accuracy or completeness of this content and aren't liable for any reliance on it.

Australia's AI Future: Innovation vs. Regulation - A $116B DebateIn this episode of Enterprise Tech Playbook, we delve into the Australian Productivity Commission's controversial proposals on AI regulation. The commission suggests pausing mandatory AI safety guardrails and granting copyright exemptions for data mining, potentially unlocking a $116 billion productivity boost. However, these recommendations have ignited a fierce debate involving creative industries, tech leaders, and the government. We explore both sides of the argument and how it impacts IT professionals, data governance, and the broader public. Tune in as we dissect the balance between economic potential and ethical responsibilities in the evolving landscape of AI.00:00 AI vs Copyright: The Battle for Australia's $116B Tech Future00:06 Introduction00:44 The Catalyst: The Productivity Commission's Bombshell Report02:02 The Conflict: Innovation vs. Intellectual Property04:00 The Verdict (For Now): The Government's Middle Path06:36 The Playbook: Key Takeaways08:34 Outro & Call to ActionDisclaimerPlease Note: This video provides general information and entertainment related to IT operations, architecture, cybersecurity, and strategies. It's not professional advice.Always do your own research and consult with your own IT professionals or experts before acting on any information presented here. Your circumstances are unique. We don't guarantee the accuracy or completeness of this content and aren't liable for any reliance on it.

This video contains detailed and sensitive discussion about allegations of child sexual abuse. The content may be confronting, distressing, or triggering, particularly for survivors of trauma.Your wellbeing is the first priority. Viewer discretion is strongly advised.1800RESPECT: National domestic, family and sexual violence counselling service.Phone: 1800 737 732Lifeline Australia: Crisis support and suicide prevention.Phone: 13 11 14Blue Knot Foundation: National centre for excellence for complex trauma, supporting adult survivors of childhood trauma.Phone: 1300 657 380Bravehearts: Specialist support for survivors of child sexual assault and their non-offending family members.Phone: 1800 272 834Child Safety in Early Childhood Education: The Role of IT and Data SecurityIn this episode of the Enterprise Tech Playbook, we tackle the critical subject of child safety within early childhood education and care (ECEC). In light of alarming incidents involving a childcare worker in Victoria, we highlight the paramount role IT plays in protecting children's safety. This discussion covers essential data management practices, robust security measures like encryption, secure storage, multi-factor authentication (MFA), and role-based access control (RBAC). We delve into the implications of recent regulatory changes, the importance of interoperability in information sharing, and the pressing need for a strong organizational cybersecurity culture. Join us as we navigate the complexities of safeguarding our youngest and most vulnerable members of society.ReferencesBDO Australia. "Privacy, Cyber and Data Governance in the Education Sector." Accessed July 23, 2025. https://www.bdo.com.au/en-au/insights/education/privacy-cyber-and-data-governance-challenges-facing-the-australian-education-sector.Childcare Alliance. "Changes to Australia's Privacy Law - What ECEC Services Need to Know." Accessed July 23, 2025. https://childcarealliance.org.au/blog/115-changes-to-australia-s-privacy-law-what-ecec-services-need-to-know.Department of Education, Victoria. "Child Link: Policy." Policy and Advisory Library. Accessed July 23, 2025. https://www2.education.vic.gov.au/pal/child-link/policy.National Office for Child Safety. "Working with Children Check Reform." Accessed July 23, 2025. https://www.childsafety.gov.au/what-we-do/working-children-check-reform.Office of the Victorian Information Commissioner. "Child Information Sharing Scheme and Privacy." Accessed July 23, 2025. https://ovic.vic.gov.au/privacy/resources-for-organisations/child-information-sharing-scheme-and-privacy/.Protecht. "Vendor Risk Management: Best Practices & Strategies AU." Accessed July 23, 2025. https://www.protechtgroup.com/en-au/blog/vendor-risk-management-guide.The Sector. "Data Breach a Timely Reminder for ECEC." Last modified May 9, 2024. https://thesector.com.au/2024/05/09/outabox-data-breach-a-timely-reminder-to-prompt-ecec-services-to-consider-data-safety/.The Sector. "Spot Checks, CCTV and Scrutiny of Working With Children Checks: Sector Responds to Child Safety Crisis." Last modified July 7, 2025. https://thesector.com.au/2025/07/07/spot-checks-cctv-and-scrutiny-of-working-with-children-checks-sector-responds-to-child-safety-crisis/.Superior IT. "Cyber Security Act 2024: What It Means for Educational Institutions." Defendersuite Industry. Accessed July 23, 2025. https://www.superiorit.com.au/defendersuite-industry/education-cybersecurity-compliance.Keep learning, keep evolving, and lead with impact.Disclaimer. This video provides general information and entertainment related to IT operations, architecture, cybersecurity, and strategies. It's not professional advice.Always do your own research and consult with your own IT professionals or experts before acting on any information presented here. Your circumstances are unique. We don't guarantee the accuracy or completeness of this content and aren't liable for any reliance on it.

This video contains detailed and sensitive discussion about allegations of child sexual abuse. The content may be confronting, distressing, or triggering, particularly for survivors of trauma.Your wellbeing is the first priority. Viewer discretion is strongly advised.Join us in this episode of the Enterprise Tech Playbook as we delve into the complex world of CCTV footage in Early Childhood Education and Care (ECEC). We tackle the critical issues of data retention, parental consent, and ethical data handling, all while ensuring child safety. Learn about the technical and legal challenges IT leaders face in managing vast amounts of sensitive visual data, and how to build a robust, compliant visual data strategy. Gain insights into the balancing act between privacy and protection, and discover actionable advice for implementing effective data retention and security policies. Subscribe for more insights on the intersection of technology and society.00:00 Privacy vs. Protection IT's CCTV Dilemma in Early Childhood Education and Care Part 200:05 Introduction00:43 The Critical Role of CCTV in Early Childhood Education02:18 Unique Challenges of CCTV in ECEC Settings08:38 Technical Implementation and Storage Considerations11:21 Need for Unified Standards13:13 Navigating Parental Consent20:51 Conclusion and Key TakeawaysKeep learning, keep evolving, and lead with impact.Disclaimer. This video provides general information and entertainment related to IT operations, architecture, cybersecurity, and strategies. It's not professional advice.Always do your own research and consult with your own IT professionals or experts before acting on any information presented here. Your circumstances are unique. We don't guarantee the accuracy or completeness of this content and aren't liable for any reliance on it.

This week, we unpack the AI gold rush and its foundational cracks. We start with the massive, multi-billion dollar infrastructure investment by cloud providers like Microsoft, which is setting the stage for the next wave of innovation. But this rapid expansion comes with significant hidden costs and risks. We connect the dots between the emerging technical dangers of complex multi-agent AI systems, the real-world human impact of AI-driven job displacement at the Commonwealth Bank, and the persistent threat of supply-chain breaches, highlighted by a major incident at Allianz Life.

Ultimately, we explore how all these challenges tie back to one fundamental issue: Australia's critical digital skills gap. This isn't just a challenge; it's a $25 billion opportunity that will define the future for every IT professional in the country.

In This Episode, We Discuss:

• Microsoft's record-breaking investment in AI infrastructure and what it signals for enterprise IT.

• The critical emerging risks of multi-agent AI systems, based on a new Australian Government report.

• The socio-economic impact of AI, focusing on the job displacement controversy at the Commonwealth Bank.

• Why the Allianz Life data breach is a crucial lesson in third-party risk and supply chain security.

• The Australian Computer Society's "Digital Pulse" report, which quantifies the nation's digital skills gap as a $25 billion problem.

News Articles & Resources Mentioned:

• Microsoft Rides 'AI Infrastructure Wave' as Cloud Services Demand Jumps

  • Source: PYMNTS.com

  • Link: https://www.pymnts.com/earnings/2025/microsoft-rides-ai-infrastructure-wave-as-cloud-services-demand-jumps/

• Allianz Life Discloses Massive Data Breach Linked to Supply-Chain Attack

  • Source: Cybersecurity Dive

  • Link: https://www.cybersecuritydive.com/news/allianz-life-data-breach-supply-chain-attack/754192/

• CBA Comes Under Union Fire for Replacing Jobs with AI

  • Source: Broker Daily

  • Link: https://www.brokerdaily.au/technology/20664-cba-comes-under-union-fire-for-replacing-jobs-with-ai

• New report highlights emerging risks in multi-agent AI systems

  • Source: Department of Industry, Science and Resources (Australian Government)

  • Link: https://www.industry.gov.au/news/new-report-highlights-emerging-risks-multi-agent-ai-systems

• $25B Boost for Australia if Skills Gap Closes: ACS

  • Source: Information Age (Australian Computer Society)

  • Link: https://ia.acs.org.au/article/2025/25b-boost-for-australia-if-skills-gap-closes--acs.html

Key Takeaways

1. AI is an Infrastructure Game: The current AI boom is driven by massive, foundational investment in cloud data centres. Enterprise strategy must now focus on how to leverage these powerful new platforms.

2. Complexity Breeds New Risk: The move to multi-agent AI systems introduces risks of cascading failures and unpredictable behaviour, demanding an evolution in architectural design and governance.

3. The Human Element is Non-Negotiable: The real-world impact of AI on jobs is here. Successful AI strategy requires a robust, people-first change management plan, not just a technical one.

4. Fundamentals First: Sophisticated supply-chain attacks remain a critical threat. Mastering third-party risk management is more important than ever in an interconnected, AI-driven world.

5. The Solution is Skills: The ultimate enabler for navigating all of this is people. Closing the digital skills gap is the biggest challenge and opportunity for Australian organisations and IT professionals.