Skip to main content
DrZeroTrust

DrZeroTrust

By Chase Cunningham
On the DrZeroTrust podcast we discuss all things Zero Trust and cybersecurity related. We break down the cyber security weekly news and provide insights about what we should think about in this space. We keep it real and honest with special guests, personal stories, and some great advice for anyone.
Where to listen
Google Podcasts Logo

Google Podcasts

Pocket Casts Logo

Pocket Casts

RadioPublic Logo

RadioPublic

Spotify Logo

Spotify

Currently playing episode

#killthepassword with Simon Moffatt

DrZeroTrust

1x
Cyber news and Zero Trust insights for 9/28/2022
How many VPN's are out there that might have a configuration issue?  Are there any major companies that might be piping threats into their networks (the answer is probably).  Has Uber fixed the low hanging fruit from it's recent issue?  More ICS and SCADA vulnerable systems aren't out there, right?  Research from ZScaler on the use and adoption of the VPN is interesting, has the tide shifted with this old technology?  Are users really the weakest link, or has the security industry misled that group?  Those questions and more on this one!
30:56
September 29, 2022
Thoughts and Perspectives on the Twitter Whistleblower
Why are security leaders going "scorched earth" when they leave employers?  How can an organization better be prepared to deliver on their promises?  Does ethics apply in technology (it sure should)?  What's the right and wrong way to go about blowing the whistle when the need is there?  Does money paid out call into question the motives for speaking out?  Is it better to go out with a bang or just fade away?  Some hard hitting questions on this one!
46:55
September 19, 2022
Cyber news and Zero Trust insights for 9/14/2022
What a wake up call this week when working with SMB's on their cyber security strategy and the reality of the space.  Do SMB's use outsourced security, and is that smart?  Does that hurt their overall awareness?  Why aren't things getting patched the way they should even when we have been notified by CISA and others of "critical vulnerabilities"?  Does the upcoming legislation around semi-conductors and silicon pointed at China have any impact on our national security and cyber future?  Those questions and a few more on this one.
26:57
September 15, 2022
Cyber news and Zero Trust insights for 9/7/2022
Is the news media collaborating to manipulate our collective consciousness?  How would that happen?  Is local news "more true" than national news?  What about OPSEC for the war in Ukraine?  Could an organization cause a kinetic attack based on pictures that came from soldiers sharing via social media?  How does politics play into the space around cyber and disinformation?  Some hard hitting questions in this one to ponder.
31:28
September 07, 2022
Security for Apps and Low or No Code Systems
How can you secure no code or low code applications?  Is devsecops a real thing?  Does anyone actually do this?  How should organizations look at the risks from these types of "factory made" apps?  Why is the 8200 unit such a big thing in the Israeli cyber scene?  What types of pricing make sense for security applications that you might not own?  How should the market approach the future of application security in an all cloud world?  Those questions and more on this one.
28:55
September 01, 2022
Cyber news and Zero Trust insights for 8/24/2022
An article from Recorded Future points out new legislation in North Carolina and Florida that bars state backed organizations from paying ransomware attacks.  Surely that means they have their stuff on lock and have no misconfigured assets, right?  Google has an AI and privacy program that seem to be intersecting and could impact all of us, and Apple is dealing with those issues as well.  How do we handle this problem?  According to new research from Tessian "apathy" is the biggest vulnerability for an organization, but don't we train our folks enough to mitigate that risk?  Those questions and more on this episode.
32:09
August 25, 2022
Selling Zero Trust at enterprise scale.
Do enterprises really buy Zero Trust?  How should they think about a strategic approach to a problem.  What about rip and replace?  Are there no-go's when it comes to working to help an enterprise adopt ZT?  Where do they budget for these endeavors?  Is this only a big business problem?  Those questions and more on this episode.
31:37
August 22, 2022
Cyber news and Zero Trust insights for 8/17/2022
Okta's Zero Trust study.  What does it say about the market and the growth of ZT?  More cyber insurance shenanigans, why does this keep coming up?  Should we really use this "service"?  Water treatment plant is hacked in the UK, but is it really a clear case of compromise?  What happens if you try and send someone shit in a box (literally) and the service is hacked?  Is that a PII violation, or HIPPA or what?  How many devices are out there that are possibly exploitable right now (hint, it's a lot!).  Those questions and more on this episode.
30:43
August 18, 2022
How to sell into the channel the right way.
Truths about selling into the channel market with a real expert.  How should your organization go about selling to a channel?  Is the market different?  How can you use those partners smarter?  Do you have to sell twice?  What shouldn't you do to leverage that channel?  How can you optimize your channel approach and force multiply your sales efforts?  Those points and more on this episode!
35:38
August 16, 2022
Cyber news and Zero Trust insights for 8/10/2022
How hard is it to find "internal use only" files with a simple crafted search?  How about spreadsheets with passwords and admin logins?  What should we think about this whole Trello thing?  What happened when I got phished (yup, they got me).  Was it even a problem?  Is the national emergency alert system really vulnerable?  How big does the Zero Trust market get in the next 9 years?  Those points and more on this episode!
29:01
August 11, 2022
Cyber news and Zero Trust insights for 8/3/2022
Are there potential ways to attack a nuclear site via online misconfigurations?  What about water as a vital national resource, can you attack a water supply system?  Or a dam?  Are containers inherently secure, and does that matter when they are part of a cluster?  PE firms keep buying up the security market players, is there an anti-trust issue there?  Is your threat intelligence service pulling in IOC's from US Cyber Command?  Was the Pelosi visit part of a cyber attack?  Does that matter and is it cyberwarfare?  Weak security in the system used to track organ transplant systems, that's ok right?  And some points on how to stay motivated (lol) and my thoughts on dealing with trolls online.  My cool new swag from Lumu and more on this episode.  Check it out!
34:21
August 04, 2022
Cyber news and Zero Trust insights for 7/27/2022
Can I find privacy violations with Shodan?  What companies are using hackable unpatched scada systems that are misconfigured?  Can we find osint on a company that has government contracts but is not secure?  Why is phishing training still a multi-billion dollar business when a variety of reports indicate that the numbers for that "defense" don't justify that expense?  Is the government really as secure as we think they are?  What about finding illegal violations of compliance mandates in ics systems?  Isn't breaking the law a bad thing?  Those questions and more on this podcast!  
28:39
July 28, 2022
Applying Zero Trust to Cloud Workloads and Kubernetes.
More ideas and thoughts around applying Zero Trust to cloud workloads and kubernetes.   How should we think about the inherent vulnerabilities in these application development environments?  How can you secure something that only exists for minutes at a time?  Can you use open source solutions to approach the problems in this space?  Do developers really need to be security engineers, and should security people know how to build apps to make things more secure?  Check this one out and look for a video demo on Tigera.io and their open source Calico solution soon!
22:45
July 18, 2022
Cyber news and Zero Trust insights for 7/6/2022
Marriott got hacked again, say what?  Does it mean anything?  What about their fines, didn't that teach them something?  Can I find vulnerable government assets that are misconfigured and make 30 grand in bug bounties in half an hour?  What about cloud resources that the DoD uses?  A billion records are stolen in China, what's up with that?  Those questions and more on this episode!
25:35
July 07, 2022
What's up with the WAF market?
What's up with the WAF market?  Talking about how we should and shouldn't use a WAF with an expert.  Is the WAF the best way to address the problems we face?  Where is this market going?  What about the evolution of the WAF and it's place in history?  And some hard questions with data to challenge why we might need to move to a new approach.
27:33
July 05, 2022
Cyber news and Zero Trust insights for 6/29/2022
Can I find medical offices open to the internet?  How hard would it be to hack them?  Why is phishing training a problem for enterprises and businesses?  Deepfakes and PII are being used for nefarious purposes, say what?  Those points and more on this episode.
27:15
June 30, 2022
Cyber news and Zero Trust insights for 6/15/2022
Thoughts on RSA2022.  New research from Digital Shadows breaks down key areas of concern for us.  I find some vulnerable databases on the web (some are "security vendors"...uh oh).  We are still failing at the basics, and the password is eating our lunch, why is this still a problem?  A great new blog from the S/R team at Forrester on the economy and the security market.  Did AI just go sentient?  Those thoughts and more on this episode!
29:38
June 16, 2022
What is Collaboration Security?
Can an organization be compliant if they are using Slack to share files, passwords, and other critical and risky data?  How does an agent-less system keep up with all of those short communications in collaboration applications?  Is there more risk if we use modern applications that allow unlimited interaction and collaboration?  What about business context, is there value to deciphering risk?
29:11
June 09, 2022
Cyber news and Zero Trust insights for 6/1/2022
RSA is next week, I really need a beard trim.  See y'all out there!  Finding vulnerable hospital systems on the internet shouldn't be this easy, but here we go.  Don't worry though they all are HIPPA compliant lol.  How powerful is pimeyes at finding images of people on the internet and how does that affect privacy and security?  Should you be worried?  The new Microsoft Zero Day, how bad is it?  What about hacking tractors and affecting the food supply, that can't be a thing right?  DHS took seven years to hire one person, yeah.  Your tax dollars at work.  Costa Rica ignored it's own cyber defense strategy, and that worked out well right?  How much money is going into the Zero Trust market?  And the tech jerk of the year award goes to an absolute turd of a person.  Those questions and more on this one!
34:56
June 02, 2022
Cyber news and Zero Trust insights for 5/25/2022
Can you find vulnerable stuff online from 2003?  Surely not?  Uh oh.  Do we need a cyber moonshot to get past the failures we face in cyber security?  Is there more evidence that legislation isn't dealing with reality, and that some of our leaders are missing the point?  Using your phone SIM to do MFA, good or bad?  Is DuckDuckGo really a "private" browser?  Those points and more on this episode.
23:03
May 25, 2022
Cyber news and Zero Trust insights for 5/18/2022
What matters more, targeting the "asset" (tractors) or the infrastructure for John Deere.  Can you overthrow a government with a ransomware attack?  Why are insurers changing their approach to cyber policies and why are they raising rates?  What about the NSA guidance on best practices, is it really that different?  Those questions and more on this one!
30:29
May 19, 2022
Cyber news and Zero Trust insights for 5/11/2022
Can we find vulnerable ICS and SCADA controls on the internet?  What about the physical doors that are in those facilities?  Have we really learned anything a year after the pipeline hack?  Microsoft has put out it's advise for ransomware defense, is it any good?  What about F5 and it's big new vulnerability, should you be worried?  Why shouldn't we talk about gangs "going down" in cyber, and does that hurt or help as we deal with those threats?  Those points and more on this episode!
30:32
May 12, 2022
Cyber news and Zero Trust insights for 5/4/2022
Finding vulnerable passwords with Google dorks, it's super easy (don't do this).  How many VPN's can I find that are possibly misconfigured?  Why does it take a 600 million dollar hack for a company to adjust it's approach to cyber?  New banking legislation and rules on a 36 hour reporting mandate, good or bad?  Those points and more on this episode.
32:46
May 05, 2022
Helping Small and Mid Sized Businesses in Cyber with Arctic Wolf
What do SMB's care about in cyber?  Where do they need help?  How do they budget for this issue?  Is there value to training or is it better to have a technical control?  What is "security theater for businesses, and what fixes problems?  Those questions and more on this episode!
24:30
April 28, 2022
Cyber news and Zero Trust insights for 4/21/2022
Why is the government looking at legislation on "quantum security"?  Can I find vulnerable systems for ICS and SCADA that have no authentication on a livestream?  Does a cyber attack have the ability to stop a university from operating and put it out of business for good?  What about T-Mobile's "unstoppable" phish?  Should we be scared?  Those questions and more on this episode.
31:36
April 21, 2022
Cyber news and Zero Trust insights for 4/14/2022
The dog barks, like always.  What is the Zero Trust market map?  How about Microsoft's new CVE issue, is that something that we should have fixed years ago (the answer is hell yes).  Can I find vulnerable assets with no authentication in real time?  Forrester research published some great data on enterprise breach activity globally, what does it mean and how should we think about it?  What about cyber and nuclear threats, do those relate?  Those questions and more on this episode.
28:25
April 14, 2022
Cyber Insurance, Truth and Consequences with an Expert
Is cyber insurance worth it?  Do insurers actually know what they are doing, and why are policies not being honored?  Is a strategy useful for better security and helping lower a premium?  What data is being used to validate a policy, or is that even a thing?  Is this a big deal for small business, or is cyber insurance better suited for enterprises?  And am I wrong by saying it's a "rip off"?  Those questions and more on this very cool episode.
32:29
April 11, 2022
Deploying Zero Trust at the Enterprise Level
Working with big enterprise ZT, how does one engage the leadership effectively?  Is this about more tech?  Who holds the keys to the kingdom on budget?  Where does it make sense to start with a big time roll out?  How hard is it to get ZT in place?  How long is the journey?  Where does one go after they solve their first problem?  And why is Sean Connery on the line for this call?
29:22
April 05, 2022
The Devil Never Sleeps new book review
"The Devil Never Sleeps" is one of the best books out there that can help us better understand how to deal with today's never ending threats.  Juliette Kayyem has done a great job of helping break down a variety of past historical issues and applied realistic and insightful ways to help her readers think more intelligently about accepting the threats and dealing with them, rather than being fearful of them.  Her book is a must read, go get your copy now!
22:21
March 28, 2022
Conversations with an Enterprise Architect doing the work to enable ZT!
Is #zerotrust happening in Australia?  What problems do the folks doing the work run into?  How does he deal with the business side of the issues he face?  Where did he start?  How should one go about discussing security strategy with folks that aren't in our space?  And what is a no no for getting things done when collaborating with business leaders?
22:57
March 25, 2022
Cyber news and Zero Trust insights for 3/23/2022
What should we take from the Okta situation?  More legislation to mandate training for government cyber security, really?  Too many agencies are getting involved in cyber, right?  What about the White House's "guidance" on the Russian threats?  Deepfakes and disinformation can influence actual combat, say what?  More bad hiring practices in cyber and some real issues with state and local cyber practices.  Check it out!
33:46
March 24, 2022
Cyber news and Zero Trust insights for 3/17/2022
Why isn't cyber getting any better nationally with all this legislation?  How should we view CISA's new rules?  What about the Committees that congress and the Senate sit on?  Analysis on a deepfake that has some very interesting implications.  Where can we do better?
23:32
March 17, 2022
Cyber news and Zero Trust insights for 3/2/2022
Where can you go to learn how to "do" a deepfake, I'll tell you, but be careful.  My thoughts on "getting involved in the conflict" in Ukraine from a cyber perspective.  The Conti group had a leak and some great reporting was published on it, wow!  Analysis on wiper malware, and the "most advanced malware ever", lol.  Also, some finer points on what Zero Trust means and how to enable this strategy from a variety of vendors, and a new report on 9 steps to ZT, most of them are business related!  Say what?
30:51
March 02, 2022
Cyber news and Zero Trust insights for 2/23/2022
Zero Trust world was a blast, well done Threatlocker!  Microsoft has done some great work in helping people to understand Zero Trust.  Misinformation for critical infrastructure and corporate security is hard to do without a solid technology in place, especially at scale.  Reference architectures for Zero Trust are available.  Is the IRS the agency that can finally help with the ransomware problem and crypto crime?  The Justice Department's three year plan to move to Zero Trust and how they are approaching the issue, and an example of a state and local government that is enabling Zero Trust.  Check it out!
26:22
February 23, 2022
Cyber news and Zero Trust insights for 2/16/2022
#cyberwarfare and first strike capabilities in the Ukraine conflict?  Finding vulnerable SCADA and electric systems in @shodan isn't hard, how much is out there?  How did the #fbi get back stolen #crypto?  Should we be "afraid" of hacking and cyber threats (weird things are happening everywhere lately, are you worried)?  Some tips on how to read through congressional documents that are available on the hill.  Also, some pork that is being tossed into the new protecting America act that has been passed.  Lastly, how should we think about getting and using threat intelligence without paying for it.  Check it out!
25:30
February 16, 2022
Cyber news and Zero Trust insights for 2/8/2022
More ways cyber insurers are getting out of paying.  Two students hack a school system and ask for a job, awesome.  Microsoft talks about the lack of good IAM for Azure.  Google breaks down cryptojacking in it's cloud.  The insanity around threat intelligence and naming a threat actor group, and more on this episode.
33:43
February 08, 2022
Cyber news and Zero Trust insights for 2/2/2022
Interesting points on a Zero Trust report by Illumio.  How to stop the majority of ransomware, it's not that hard.  How did we allow the US DoD to buy drone technology that was financed by China?  And what about some Shodan results that we should be aware of (like a submarine)?
25:56
February 02, 2022
Threat intelligence and the cyber security market with Brian Kime.
What is threat intelligence, and what is the value in data?  Does brand defense make a difference?  Do his customers worry about deepfakes?  What is attack surface management and how is that market changing?  And more on this episode.
37:45
January 24, 2022
Cyber news and Zero Trust insights for 1/19/2022
The new memorandum on cyber security for the federal government and Zero Trust.  Drones are used to attack an airport in the Middle East.  Lawyers and cyber insurance team up as they address the issues we face in cyber, and more on this episode.
28:15
January 19, 2022
Cyber news and Zero Trust insights for 1/12/2022
Predictions from vendors for 2022.  Are the leaders on Capitol Hill actually doing anything on the cyber front?  The first log4j malware attacks are showing up, what can we do?  What about insider trading using hacked systems to gain a financial advantage?  Those questions and more on this episode!
27:22
January 12, 2022
A look back at the major hacks of 2021
A look back at 2021 and the major hacks we endured.  How did they happen?  What should we learn?  Where did it all go wrong?  Can we defend ourselves from these threats in the future?  Does Zero Trust really make sense?
21:05
January 07, 2022
Disinformation and Narrative Intelligence in Cyber
Is disinformation actually affecting people?  What is narrative intelligence?  Should corporate organizations defend their brand from trolls and narrative attacks?  Will this be more important in the near future?
35:23
December 27, 2021
Big Dollars and the Cyber Security Market...
Do the crazy valuations of companies help them or hurt them?  Does big money in cyber security investing fix the problem?  Why do some people continue to build businesses even after they cash out?  
29:41
December 22, 2021
Why Golf is the best strategy sport there is...and how it relates to cyber security.
What can we learn from the game of golf and security strategy?  What telemetry matters most?  Do you practice right in cyber or in your golf game?  What's your favorite course?  And many more great golf analogies!
29:16
December 15, 2021
Cyber news and Zero Trust insights for 12/06/2021
Is cyber insurance a rip off?  What do insurance providers do to get out of paying their policy holders?  Does cyberwar affect small businesses?  Is everything of value to defend?  Are humans really the biggest threat vector?  Should you pay attention to a CISA advisory?
29:46
December 06, 2021
Multi Spectrum Warfare and how US loses in the future
What is multi spectrum warfare?  Is the US the global superpower anymore?  How do state and local governments look at cyber versus federal?  Will China maneuver in the next 2 years to prepare for a future war?
37:12
December 01, 2021
People, cyber and all the issues therein...
What does empathy really mean?  How do you deal with the "brilliant jerk"?  Where is the line on terminating an employee who endangers your business with bad cyber practices?  Is the industry really more fair?  What about sexism and privilege?
40:39
November 22, 2021
#killthepassword with Simon Moffatt
What do consumers really think about passwords?  Can technology solve the problem of unsafe passwords?  Where does the market go for better user access?  Does cloud make a difference?  And more on this episode.
29:51
November 16, 2021
IdRamp and SSI in the consumer and business space.
Can I download and configure an SSI app during a live recording?  Is SSI useful for the average consumer use case?  How should we look at the combination of SSI and biometrics?  Does this ultimately help kill the password?
29:05
November 08, 2021
Cyber news and Zero Trust insights for 10/27/2021
Disinformation with lobsters?  What about the Missouri Governor and "hacking" that website?  Does the new ransomware plan make much difference?  New threats in email from Microsoft and how do humans detect them?
29:27
October 27, 2021
Conversation with an advisor to fortune 100 executives.
How does he advise companies to select technology?  What does he think about strategy?  What is a non starter for him?  How do board members look at cyber risk and technology expenses?
25:17
October 25, 2021
Cyber Dollars and Market Shenanigans with an Industry Icon.
Richard Stiennon (the OG Curmudgeon) and I discuss investments and market dynamics in cybersecurity.  He provides his views on a variety of topics and breaks down how he sees the market through his lens and vast experience.  Check out his books and his insights on this space every chance you get!
27:50
October 18, 2021
Cyber news and Zero Trust insights for 10/13/2021
Stealing secrets via PB&J?  What is the MSSP market for ZT?  When is hacking not hacking?  Thoughts on the USAF Chief Software Officer's scorched earth letter, and more.
30:55
October 13, 2021
Cyber news and Zero Trust insights for 10/6/2021
Cybersecurity awareness month at the White House, so what?  Big dollars for ZT in the DoD, really?  The demographics of cybercrime and what that means for the rest of us, and what about maritime cybersecurity?
35:01
October 06, 2021
Chat with a master of brand building and design.
Discussions on how a brand builder and designer worked to build one of the most successful brands in all of cybersecurity.  How valuable is culture and leadership to a brand in the space?  How do you "punch above your weight class" with marketing?  And how much value is there in a simple, authentic message?
40:49
October 04, 2021
Chat with a CISO of "the largest company nobody has heard of"
Discussions on how a big time CISO handles security for his organization.  Getting executive buy in.  What is a non-starter for solutions and vendors?  How does his team select tooling?  What is the most important thing for his global organization?  These and other important questions in this episode.
38:54
September 28, 2021
Cyber news and Zero Trust insights for 9/22/2021
Bad OPSEC on social media?  Farmers COOP hit with ransomware?  State government organization down for 4 months after "sophisticated" attack?  What should you know about cyber insurance?  Banking industry sees 1300% increase in attacks in 2021!  10 ways to avoid failing at ZT and more in this episode.
36:58
September 22, 2021
Cyber Certifications and Education with an Expert
Are certifications worth it?  Does school prepare the workforce for a career in cyber?  What about K-12?  How do we get better?  What matters more being certified or time on the keyboard?  Why do we have a shortage of cyber folks when the labor statistics say so many people are looking for work in technology?
42:39
September 20, 2021
Cyber news and Zero Trust insights for 9/15/2021
Deepfakes are being used by scammers, now!  What about the ZT study?  Do you need more money for ZT?  Is social media a valid threat vector?
30:42
September 15, 2021
Threatlocker, the next Unicorn in cyber security.
Thoughts from a guy running a cyber security company on everything from growth, hiring, and how he keeps his company secure even though he knows they are a real target.
32:58
September 13, 2021
Cyber news and Zero Trust insights for 8/31/2021
Is the new director of CISA doing the right thing?  Do people really pay for ransomware keys?  What about the T-Mobile hack?  Is sorry good enough?  What is the new method of ransomware that only encrypts part of a file?
29:49
August 31, 2021
Cyber news and Zero Trust insights for 8/25/2021
A government and industry meeting on cyber at the White House?  Why is cyber insurance such a crazy market sector?  What do ransomware actors do when they get on a system?  What should we learn from those tactics and how can we defend ourselves better?
29:26
August 25, 2021
Truth and tactics about Chinese cyber warfare.
Insights and knowledge with an expert on China, the CCP, and the motivations and tactics around cyber warfare operations.
42:30
August 23, 2021
Cyber news and Zero Trust insights for 8/17/2021
MFA/2FA is no good?  What about disinformation and propaganda with covid?  Is your baby's camera vulnerable to the new compromise?  And what do users actually think about going "around" security controls?
26:46
August 18, 2021
Zero Trust conversation with John Kindervag
A conversation on Zero Trust with the person noted for coining the term and starting the ZT movement.
46:04
August 16, 2021
Cyber news and Zero Trust insights for 8/11/2021
Was Blackhat worth the trip, no.  What happens when you ransom a tractor?  How big is the ZT market?  Another hospital is shut down due to an attack, did patients die?  What about JCDC?
29:44
August 11, 2021
Discussions on Ransomware and Cyber Warfare with General John Davis.
Is ransomware a weapon?  What do we do about these attacks?  What is the task force doing about this?  Do the folks on Capitol Hill get it?  And that one time I got beat up by a bully...
47:32
August 09, 2021
Fast talk, cyber truth's and some predictions in the space
Why does Jeff talk so fast?  What's a solid 10 year prediction if there is such a thing?  How should some of the major problems be solved?  Will we all be unemployed after this podcast?  Those items and more on this episode.
42:41
August 02, 2021
Cyber news and Zero Trust insights for 7/28/2021
Masks everywhere at Blackhat?  Why does Kaseya have a ransomware decryptor NDA?  Why the lack of MFA in Twitter?  Are we getting better at fixing vulnerable software?  And What is the Ransomware Sheriff?
29:39
July 28, 2021
What is a Zero Trust Overlay Network? Why do people with British accents sound so smart? Is Zero Trust achievable with today's digital infrastructure?
What is a Zero Trust Overlay Network?  Why do people with British accents sound so smart?  Is Zero Trust achievable with today's digital infrastructure?  More on those topics and other interesting discussions on how to use SDN/SDP and what this all means for security practitioners.
45:14
July 26, 2021
Cyber news and Zero Trust insights for 7/21/2021
Laws for critical infrastructure security and pipelines? A federal breach notification law?  The US indicts for APT actors for hacking?  An interview with a ransomware operator?  Will NATO's condemnation of APT actions make a difference?
30:26
July 21, 2021
What is JIT and how does it help enable Zero Trust?
Art from @britive and Martin from @vubiquity talk about how they see access playing a key role in Zero Trust and discuss how they enable focused access controls in an on demand model.
36:48
July 19, 2021
Cyber news and Zero Trust insights for 7/15/2021
A Congressional bill on Deepfakes?  What about the trend in phishing and ransomware?  Do APT nation state leaders care about our "requirements"?  And what happens when a law firm sues a ransomware gang?
34:21
July 15, 2021
Cyber news and Zero Trust insights for 7/7/2021
Some really great reports published recently on a variety of issues in cyber.  Check it out.
25:05
July 07, 2021
AppSec, SDLC, and baking with Sandy Carielli
Sandy has forgotten more about SDLC, AppSec and software security than most folks will ever know.  I was very lucky to get to pick her brain for a few minutes on how this affects the software lifecycle, and discuss her thoughts on how we "shift left" on building secure code.  
37:30
July 05, 2021
Cyber news and Zero Trust insights for 6/30/2021
Some really great reports published recently on a variety of issues from leadership in cyber to how the SEC is getting involved in enforcing fines in this space.  Check it out.
21:24
June 30, 2021
"Think like a hacker" with Tal Kollender from Gytpol.
"Think like a hacker" with Tal Kollender from Gytpol.  Check out her background and learn about what it's like to be a real woman in technology and how she looks at helping customers fix their issues and stop threats in their tracks.
30:37
June 28, 2021
Cyber news and Zero Trust insights for 6/23/2021
Some finer points on a recent ZT EO and the new guidance, a rant on the issues that continue to plague organizations as ransomware gangs keep coming back, and my thoughts on the next generation of cyber folks coming into the workforce.
27:09
June 23, 2021
Cyber news and Zero Trust insights for 6/16/2021
Some finer points on a recent ZT market publication, a rant on the issues that continue to plague organizations, and my thoughts on how SMB's should face this threat.
26:59
June 16, 2021
Cyber News and Zero Trust for 6/9/2021
What should we think about with the most recent ransomware hacks and are we doing enough nationally to counter this threat?  Also how can or should Zero Trust be part of this conversation, and what can a person in a leadership position do when faced with guaranteed failure?
20:26
June 09, 2021
An Interview with the Next Generation of Cyber Security Pro's
This session I interviewed my intern.  We talked about how our generation (the old guard) can help bring the next generation of cyber security pro's into the workforce and about how we can help them be interested and engaged during their work.
23:22
June 07, 2021
Zero Trust and Cyber Security News for 5/28/2021
Episodes with music are only available on Spotify.
Each week I run through the biggest stories in cyber security and Zero Trust and discuss the truth and reality of what is going on.
20:42
May 28, 2021