"Zero Trust is essentially a security initiative saying that you are going to assume that attackers are present in any environment you're working in. The main goal of that is to remove implicit trust in the design and implementation of whatever you're doing."

“Zero trust” is something we hear a lot about but in many cases it seems to be a buzzword used to sell us something. However, it can be an excellent approach to security when done well. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Geoffrey Sanders (Senior Member of the Technical Staff/Situational Awareness Team, Software Engineering Institute/CERT Division, Carnegie Mellon University) about the tenets of zero trust and where to get started in implementing zero trust in your environment.

Listen to learn:

• How privacy and security are related
• Where to start when you need to understand how laws and regulations apply to you
• What direction policy and legislation are taking to address cybercrime

Connect with our guest: 

• https://www.linkedin.com/in/sandersgeoffrey

Learn more:

• SEI Website: https://www.sei.cmu.edu/ 
• Zero Trust Adoption: Managing Risk with Cybersecurity Engineering and Adaptive Risk Assessment (Blog): https://insights.sei.cmu.edu/blog/zero-trust-adoption-managing-risk-with-cybersecurity-engineering-and-adaptive-risk-assessment

Zero Trust Adoption: Benefits, Applications, and Resources (Podcast): https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=737526

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/