Following the 2021 RSAC conference keynote by Cisco CEO Chuck Robbins on the importance of Zero Trust, the concept has received unprecedented attention.
After languishing for over 10 years following John Kindervag's invention of the concept, suddenly every security product and services vendor on the planet was offering a pathway to the Zero Trust Promised Land.
There has been more marketing around ZT than for any prior cybersecurity product, technology or service.
The outcome? Confusion, cynicism and outright rejection of ZT principles, based on misinformation and overly hyped vendor solutions that had nothing to do with Zero Trust.
It’s a product, a service, a reference architecture, a strategy, a concept, a direction and a lifestyle. But, in reality, it is none of those things.
Zero Trust is a set of guiding principles for re-architecting networks and computing environments that reduces the overall attack surface, removes excessive trust, improves identity authentication and monitors activity and behavior to discover anomalies before systems are breached.
Zero Trust leverages existing cybersecurity products, such as microsegmentation, identity access and application security, and it can be implemented in small chunks to incrementally improve an organizations’ security posture.
This session dissects some of the Zero Trust myths.
Creator of Zero Trust, SVP, Cybersecurity Strategy, ON2IT Group
Kindervag joined Palo Alto Networks as Field CTO in 2017 after eight and one half years at Forrester Research where he was a Vice President and Principal Analyst on the Security and Risk Team. John is considered one of the world's foremost cybersecurity experts. He is best known for creating the revolutionary Zero Trust Model of Cybersecurity.
He currently advises both public and private sector organizations with the design and building of Zero Trust Networks and other Cybersecurity topics. He holds, or has held, numerous industry certifications, including QSA, CISSP, CEH, and CCNA. John has a practitioner background, having served as a security consultant, penetration tester, and security architect. He has particular expertise in the areas of secure network design, wireless security, and voice-over-IP hacking. He has been interviewed and published in numerous publications, including The Wall Street Journal, Forbes, and The New York Times. He has also appeared on television networks such as CNBC, Fox News, PBS, and Bloomberg discussion information security topics. John has spoken at many security conferences and events, including RSA, SXSW, ToorCon, ShmoCon, InfoSec Europe, and InfoSec World. John has a Bachelor of Arts degree in communications from the University of Iowa and lives in Dallas, TX.
Director, Cybersecurity Advisory Services, Information Security Media Group
King, an experienced cybersecurity professional, has served in senior leadership roles in technology development for the past 19 years. He has founded nine startups, including Endymion Systems and seeCommerce. He has held leadership roles in marketing and product development, operating as CEO, CTO and CISO for several startups, including Netswitch Technology Management. He also served as CIO for Memorex and was the co-founder of the Cambridge Systems Group. He has been granted engineering patents encompassing remote access multi-factor authentication using adaptive machine learning, applied cyber-threat intelligence networks, a universal IoT security architecture, contextual semantic search technologies, web-enabled multimedia transfers, image capture and database smart query processing.
SVP, Global Cloud / Infrastructure & Cybersecurity, Warner Music Group
John Remo is senior vice president, global infrastructure and cybersecurity, at Warner Music Group and a strong proponent of Zero Trust principles. He has led his team through moving all applications to the cloud, consolidating legacy applications and implementing single sign-on and multifactor authentication. Prior to joining Warner Music Group, Remo was vice president of cloud infrastructure engineering and operations at Openlink Financial, where he defined and executed the global strategy for building and supporting both public and private clouds for global Tier 1 banking, energy and trading institutions, with a heavy emphasis on automation, security and compliance. His strategy and vision have consistently focused on cloud and cybersecurity excellence to reduce cyber and compliance risks and increase operating efficiencies to enable revenue growth.
First US CISO & Director, CERT Division, Carnegie Mellon University’s Software Engineering Institute
Greg Touhill is one of the nation's premier cybersecurity and information technology senior executives. A highly experienced leader of large, complex, diverse and global cybersecurity and information technology operations, Touhill was selected by President Obama as the US government's first Chief Information Security Officer (CISO). His other civilian government service includes duties as the Deputy Assistant Secretary for Cybersecurity and Communications in the US Department of Homeland Security and as Director of the National Cybersecurity and
Communications Integration Center, where he led national programs to protect the United States and its critical infrastructure. Touhill is a retired Air Force general officer, a highly-decorated combat leader, an accomplished author, a former American diplomat, and a senior executive with documented high levels of success on the battlefield and in the boardroom.