Cybersecurity First Principles: Zero trust.

Cybersecurity First Principles: zero trust.

Show Notes

This is part two in a series that Rick Howard, the CyberWire’s Chief Analyst, is doing about building an infosec program from the ground up using a set of first principles. This episode, he talks about why zero trust is a cornerstone building block to our first principle cybersecurity infosec program. And here is the key takeaway - building it is not as hard to do as you think.

References:

“7% of All Amazon S3 Servers Are Exposed, Explaining Recent Surge of Data Leaks,” By Catalin Cimpanu, Bleeping Computer, 25 September 2017, last visited 30 May 2020,

“9 Years After: From Operation Aurora to Zero Trust,” by Andy Ellis, Dark Reading, 20 February 2019, last visited 30 May 2020,

"Build Security Into Your Network's DNA: The Zero Trust Network Architecture," by John Kindervag, Forrester, 5 November 2010, Last Visited 30 April 2020,

“Cybersecurity first principles,” by Rick Howard, The CyberWire, 11 May 2020, last visited 11 May 2020,

"Draft (2nd 1 ) NIST Special Publication 800-207 2 3 Zero Trust Architecture,” by Scott Rose, Oliver Borchert, from the Advanced Network Technologies Division, Information Technology Laboratory, and Stu Mitchell from the Stu2Labs, and Sean Connelly from the Cybersecurity & Infrastructure Security Agency, Department of Homeland Security, February 2020, Last Visited 30 April 2020,

“Google enters zero-trust market with BeyondCorp Remote Access offering,” By Lucian Constantin, CSO, 20 April 2020, last visited 30 May 2020,

“Google rolls out BeyondCorp for secure remote network access without a VPN,” by Chris O'Brien, 20 April 2020, last visited 30 May 2020,

"How data breaches forced Amazon to update S3 bucket security,” by Marc Laliberte, WatchGuard Technologies, HELPNET Security, 23 September 2019, Last Visited 30 April 2020,

"Implementing a Zero Trust Architecture,” by Alper Kerman, Oliver Borchert, Scott Rose from the National Cybersecurity Center of Excellence National Institute of Standards and Technology, and Eileen Division, Allen Tan, from the The MITRE Corporation, March 2020, Last Visited 30 April 2020,

"No More Chewy Centers: Introducing The Zero Trust Model Of Information Security,” by John Kindervag, Forrester, 14 September 2010, Last Visited 30 April 2020,

“Officials alert foreign services that Snowden has documents on their cooperation with US,” By Ellen Nakashima, Washington Post, 24 October 2013, last visited 30 may 2020,

"Statement of Dr. Vinton G. Cerf, Senior Vice President of Internet Architecture & Technology, MCI WorldCom, For the Joint Economic Committee,” United States Congress Joint Economic Committee, 23 February 2000, Last Visited 30 April 2020,

"The BeyondCorp Story,” BeyondCorp, Last Visited 30 March 2020,

"What is Zero Trust? A model for more effective security,” by Mary Pratt, CSO, 16 January 2018, Last Visited 25 March 2019,

“Your security stack is moving: SASE is coming.” by Rick Howard, CyberWire Pro, March 2020, Last Visited 30 May 2020

HOST(S):

Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.

Schedule: Mondays (in season)

Credits: Edited by John Petrik and executive produced by Peter Kilpe. Our theme song is by Blue Dot Sessions, remixed by the insanely talented Elliott Peltzman, who also does the show's mixing, sound, and original score

Creator: CyberWire, Inc.