CSO Perspectives (Pro) 5.18.20
Ep 7 | 5.18.20

Zero trust: a first principle of cybersecurity.

Show Notes

Zero Trust is a cybersecurity first principle strategy.

The first brick on our infosec wall is zero trust. But can we actually achieve zero trust? Less a destination, zero trust is a philosophy, a strategy, and a way of thinking about the security of networked systems. In this session, Rick identifies the core tenets of zero trust, how zero trust will improve your security baseline, and how to leverage your existing technology to incorporate zero trust strategies.

Cybersecurity professional development and continued education.

You will learn about: zero trust in practice, using your existing tools and technologies to implement zero trust.

CyberWire is the world’s most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram

Additional first principles resources for your cybersecurity program.

For more zero trust and cybersecurity first principles resources, check the topic essay.

Selected Reading

  1. 7% of All Amazon S3 Servers Are Exposed, Explaining Recent Surge of Data Leaks,” By Catalin Cimpanu, Bleeping Computer, 25 September 2017, last visited 30 May 2020, 
  2. 9 Years After: From Operation Aurora to Zero Trust,” by Andy Ellis, Dark Reading, 20 February 2019, last visited 30 May 2020, 
  3. "Build Security Into Your Network's DNA: The Zero Trust Network Architecture," by John Kindervag, Forrester, 5 November 2010, Last Visited 30 April 2020, 
  4. Cybersecurity first principles,” by Rick Howard, The CyberWire, 11 May 2020, last visited 11 May 2020,
  5. "Draft (2nd 1 ) NIST Special Publication 800-207 2 3 Zero Trust Architecture,” by Scott Rose, Oliver Borchert, from the Advanced Network Technologies Division, Information Technology Laboratory, and Stu Mitchell from the Stu2Labs, and Sean Connelly from the Cybersecurity & Infrastructure Security Agency, Department of Homeland Security, February 2020, Last Visited 30 April 2020, 
  6. Google enters zero-trust market with BeyondCorp Remote Access offering,” By Lucian Constantin, CSO, 20 April 2020, last visited 30 May 2020, 
  7. Google rolls out BeyondCorp for secure remote network access without a VPN,” by Chris O'Brien, 20 April 2020, last visited 30 May 2020,
  8. "How data breaches forced Amazon to update S3 bucket security,” by Marc Laliberte, WatchGuard Technologies, HELPNET Security, 23 September 2019, Last Visited 30 April 2020, 
  9. "Implementing a Zero Trust Architecture,” by Alper Kerman, Oliver Borchert, Scott Rose from the National Cybersecurity Center of Excellence National Institute of Standards and Technology, and Eileen Division, Allen Tan, from the The MITRE Corporation, March 2020, Last Visited 30 April 2020, 
  10. "No More Chewy Centers: Introducing The Zero Trust Model Of Information Security,” by John Kindervag, Forrester, 14 September 2010, Last Visited 30 April 2020, 
  11. Officials alert foreign services that Snowden has documents on their cooperation with US,” By Ellen Nakashima, Washington Post, 24 October 2013, last visited 30 may 2020, 
  12. "Statement of Dr. Vinton G. Cerf, Senior Vice President of Internet Architecture & Technology, MCI WorldCom, For the Joint Economic Committee,” United States Congress Joint Economic Committee, 23 February 2000, Last Visited 30 April 2020,
  13. "The BeyondCorp Story,” BeyondCorp, Last Visited 30 March 2020, 
  14. "What is Zero Trust? A model for more effective security,” by Mary Pratt, CSO, 16 January 2018, Last Visited 25 March 2019,
  15. Your security stack is moving: SASE is coming.” by Rick Howard, CyberWire Pro, March 2020, Last Visited 30 May 2020