The Segment: A Zero Trust Leadership Podcast

In this episode, host Raghu Nandakumara sits down with Tristan Morgan, Managing Director Cyber Security at BT Group, and Mark Hendry, Digital Services Partner at Evelyn Partners to discuss DORA regulations and compliance in the financial services sector. They discuss the interplay between regulatory standards like NIS2 and DORA, the importance of proportionality and operational resilience, and the broader adoption of principles such as Zero Trust. 

Learn more on how to achieve DORA compliance: Illumio.com/dora

--------

"If you did a search on DORA and looked for the word segmented, ss in micro-segmentation, instantaneous severing of elements of the network in order to contain and what have you, it's in there. It's absolutely in there. So, you just need to know what you're looking for and you'll find it. And Zero Trust will evolve. It might evolve into a different name or a different set of characteristics that we seek to achieve, but DORA should last. And we might find terms like Zero Trust start to pop up in regulatory technical standards or implementing technical standards that accompany it, but it's absolutely in there because it's such a good way to protect our organizations from harm, the types of harm that we've talked about." - Mark 

"If you were to build something completely separate and ask all businesses to comply with something that was different, not only would there be significant cost, I think actually you get much greater resistance. Whereas, these regulations like DORA actually build upon industry-recognized best practices that many businesses are already adopting to a degree, and it actually is sensible, but it also makes the barrier to compliance less." - Tristan

--------

Time Stamps 

(04:22) Current cyber threat landscape 

(11:02) Operational resilience and cyber resilience

(12427) Compliance and regulatory standards 

(15:22) A historical look at compliance 

(25:58) The tipping point for the EU to prioritize operational resilience

(36:48) What differentiates DORA from other legislation? 

(44:24) The role of Zero Trust within DORA 

 --------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Tristan on LinkedIn

Connect with Mark on LinkedIn

In this episode, host Raghu Nandakumara sits down with Thomas Mueller-Lynch, Global Director Digital Identities at Siemens to explore Siemens' ambitious zero trust program. They delve into the challenges of implementation and the strategic benefits of zero trust in bolstering product security and streamlining IT architecture. Thomas highlights the essential role of identity management and the importance of collaboration between IT, cybersecurity, and business units in advancing zero trust effectively.

--------

"You cannot run a Zero Trust program exclusively out of IT. You cannot run it exclusively out of cybersecurity. And also if the business, or at least our organization, which is quite big and lots of different business units, if everybody of these business units starts by their own something, it will also not work. It will only work as teamwork all together. So IT typically brings in the services and the service operational model. Cybersecurity brings in the rules and partly also kind of architecture, as well as IT by the way, and business obviously owns all of these assets. So if you don't have them on the same table, at the same table it won't work at all."

--------

Time Stamps 

*(03:56) Thomas' journey at Siemens

*(08:59) Challenges in Zero Trust implementation

*(16:08) Business benefits of Zero Trust

*(27:32) Balancing big vision with tactical steps

*(34:06) Identity's role in Zero Trust

*(43:10) Collaborating across IT, security, and business for zero trust success

*(44:59) How Zero Trust drives competitive advantage

 --------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Thomas on LinkedIn

Download your copy of The Forrester Wave for Microsegmentation Solutions: Illumio is a Leader in The Forrester Wave™: Microsegmentation Solutions, Q3 2024.  

In this episode, host Raghu Nandakumara sits down with Indy Dhami, Partner at KPMG UK, to explore the evolution from traditional InfoSec to cyber resilience. They discuss the strategic implementation of Zero Trust, the impact of regulatory pressures, and the challenges posed by AI. Indy emphasizes the critical role of foundational cybersecurity practices in maintaining business continuity and driving innovation.

--------

"The way I see it with some of these regulations, it's changing the focus of very siloed-based approaches to addressing regulatory requirements, to as I term, it's turning compliance into a team sport. You need to have your Chief Information Security Officer at the table for DORA. However, you also need to have the person that's responsible for all of your human resources or the person that's responsible for your business operations or for your important business services. And the more mature organizations that I'm working with are approaching it in that way. They have all of those key stakeholders at the table. They've understood that there are certain roles to play for each of these functions and they're working together."

--------

Time Stamps 

(01:27) Indy's career journey

(07:40) The shift to cyber resilience

(10:18) Importance of cybersecurity awareness

(13:19) Ransomware ethics and initial client concerns

(17:10) Evolution of regulations in cybersecurity

(27:58) Understanding Zero Trust

(35:54) Adoption and implementation of Zero Trust strategy

(48:19) Harmonizing risk, security, and fraud

(50:55) Future challenges in cybersecurity

(53:05) Impact of AI and quantum computing on cybersecurity

(55:03) Indy's vision of the future

 --------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Indy on LinkedIn

In this episode, host Raghu Nandakumara sits down with Kyla Guru, a Stanford University student and passionate cybersecurity advocate. Kyla's journey started at the age of 14, leading her to found Bits N' Bytes Cybersecurity Education. She shares the importance of proactive cyber education, insights from her work with government and private sector organizations, and the role of AI in cybersecurity defense. Kyla also emphasizes integrating security into product development and the significance of grassroots community engagement in fostering cybersecurity awareness.

--------

“Even with artificial intelligence, we should just think about how our defense in depth, our security posture hasn't necessarily changed that much. It has changed in terms of improvement, but it's a cat-and-mouse game and the threat actors are also improving so we have to adapt. It's not just a one-and-done. ‘I've done my security. I'm done with it. I'm not going to think about it.’ It's more so, ‘Okay, can we revise this now that the threat actors are evolving? What can we do to just stay ahead of the needle?’ And I think as designers, that's a big thing to think about when you're designing a product is like, ‘Okay, if I build this, if I design this this way, how would attackers try and go around it and what is their next move?”

--------

Time Stamps 

(00:43) Kyla's background and journey into cybersecurity

(08:28) Proactive approaches to cyber education

(11:09) Ways to measure cybersecurity education impacts

(19:25) Incorporating the zero trust concept into education

(25:53) Importance of secure by design

(32:52) Significance of user experience in security

(35:29) Day-to-day in threat intelligence

(38:21) Addressing common and recurring vulnerabilities

(42:39) AI's impact on cybersecurity

(47:08) Future of cybersecurity and the human element

(49:20) Advice to cybersecurity professionals

 --------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Kyla on LinkedIn

Check out Bits N' Bytes Cybersecurity Education

Learn more about GirlCon

In this episode, host Raghu Nandakumara sits down with Stephen J. White, the CEO of Viking Technology Advisors to discuss the critical role of Zero Trust Network Access (ZTNA), cloud adoption, and AI in modernizing network security. He emphasizes the importance of visibility, automation, and holistic approaches to enhance operational efficiency and security.

--------

“It's about making security the enabler for Google, like you just said, it is the enabler, but then it's also making it invisible to the user community, so that it's secured, controlled, managed, but they can do their jobs as effectively no matter where they are. And it's just, this is a really pivotal time." - Steve White

--------

Time Stamps 

(04:42) The security challenges of modernization

(17:29) Connecting business and security outcomes 

(29:02) Should cybersecurity and network teams merge? 

(31:01) What will generative AI bring to security?

(49:31) The borderless network and managing the perimeter

 --------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Stephen on LinkedIn

In this episode, host Raghu Nandakumara sits down with Sean Connelly, Former Director of CISA’s Zero Trust Initiative, to discuss the evolution of network architectures; why incidents over the past 5 years have catalyzed a greater federal focus on cyber resilience, and specifically Zero Trust; and how CISA is thinking about protecting data in new ways.

Timestamps: 

(04:39) How the nature of the perimeter has changed 

(12:00) The shift towards being critical-asset focused and how it accelerated cloud adoption

(15:36) The process behind drafting recent regulation and EO 14028

(36:56) Are agencies making the expected improvements? 

(41:48) The key challenges moving forward 

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Sean on LinkedIn

In this episode, host Raghu Nandakumara sits down with Carlos Buenano, CTO, OT at Armis, to discuss his path to OT security, the importance of Zero Trust in industrial environments, and how to make progress in security while not compromising productivity.

--------

“They are not in charge of security. Until now they haven't been accountable  to basically provide security. Okay. Of course, they are concerned about being disrupted, the operations being disrupted.” - Carlos Buenano

--------

Time Stamps:

(08:39) How to discuss security with OT practitioners

(13:49) Why we have so many legacy systems in OT and OT’s perspective on security 

(24:19) Adoption of Zero Trust in OT environments and challenges 

(39:23) Pros and cons of the American and European approaches, how to accelerate adoption

(44:15) Relevance of AI in the OT space

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Carlos on LinkedIn

“The more that we distribute, the more that we decentralize, the more that we fragment, the more that we go down pathways of things like no code low code, the more that we go down serverless. We're just creating a distributed environment that is a target rich environment for the bad actors and an incredibly difficult landscape for us to manage from a security standpoint.”  - Richard Bird

--------

Time Stamps

(14:39) Cognitive dissonance in cybersecurity 

(26:01) The role of Zero Trust in a decentralized world

(30:51) Misconceptions about Zero Trust

(40:48) What does Zero Trust have to do with API Security?

(56:36) The future of Zero Trust and API Security 

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Richard on LinkedIn

Welcome back to The Segment! In our Season 2 premiere, host Raghu Nandakumara sits down with John Kindervag, Chief Evangelist at Illumio and the “Godfather of Zero Trust”, to unpack John’s Zero Trust origin story, where folks go wrong on their Zero Trust journeys, federal Zero Trust momentum, and so much more.

--------

“I said all interfaces should have the same trust and it should be zero. And that's really where Zero Trust comes from, is just a pushback against how we were building firewalls which affected policy and there was no reason for it." - John Kindervag

--------

Time Stamps

(09:00) The foundation of “trust but verify”

(15:39) The motivation behind John’s seminal papers at Forrester

(24:16) The uptick of Zero Trust 

(31:41) Is Zero Trust difficult to adopt? 

(46:48) What does a culture of Zero Trust mean?

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with John on LinkedIn

Read the NSTAC Report to the President on Zero Trust and Trusted Identity Management (February 2022)

In this episode, host Raghu Nandakumara sits down with Ann Johnson, Corporate Vice President, Microsoft Security Business Development, to explore AI, everyday Zero Trust conversations, cyber resilience best practices, and so much more.  

--------

“Democratization has to exist as well, and there has to be global standards and there has to be global regulation, but there also has to be global cooperation, right?.. We’re seeing an increase in collaboration and cooperation, but we’re not where we need to be. And the only way we actually defeat the bad enemy is with collective defense, and we need to get a lot better about collective defense.”

--------

Time Stamps

(04:32) An egalitarian approach to cybersecurity

(11:01)  “The greatest thing the industry can do is improve visibility”

(13:50) Three steps to Zero Trust

(25:00) What’s driving Zero Trust adoption?

(28:00) Talking cyber resilience to the Board

(34:36) Becoming a better CISO

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Ann on LinkedIn