))
E18 – Building a Secure Network with the Zero Trust Blueprint
Manage episode 428959556 series 3555974
Content provided by Anthony Kent. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Anthony Kent or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Introduction:
- Host Introduction: Tanner Greer and Anthony Kent, two IT executives with 35 years of combined experience in the IT field, specializing in cybersecurity.
- Episode Overview: Discussion on Zero Trust security.
Segment 1: Conference Recap
- Anthony's recent attendance at the IT conference for South Carolina co-ops.
- Key takeaway: Importance of IT communication with non-IT stakeholders, avoiding jargon and using relatable examples.
Segment 2: Understanding Zero Trust
- Zero Trust explained: "Never trust, always verify."
- History of Zero Trust: Coined by John Kindervag in the 90s and popularized in the 2000s.
- Shift in mindset: From securing trusted internal networks to assuming all networks are potentially hostile.
Segment 3: Key Concepts of Zero Trust
- Basic principles: Never trust, always verify; least privilege; and assume breach.
- NIST guidance on Zero Trust (800-207).
Segment 4: Implementing Zero Trust
- Defining the protect surface: Identify what needs protection.
- Mapping transaction flows: Understand how data moves.
- Architecting Zero Trust: Building a secure infrastructure.
- Creating Zero Trust policies: Setting rules and guidelines.
- Monitoring and maintaining: Continuous improvement and vigilance.
Segment 5: Real-world Application
- Anthony's recent project: Redesigning an OT environment using Zero Trust principles.
- Challenges and solutions: VLAN segmentation, micro-segmentation, and user/device checks.
Segment 6: Lessons Learned
- Importance of strategic goals: Integrating Zero Trust into organizational strategy.
- Using existing tools effectively: Leveraging current technology to implement Zero Trust.
- Practical tips: Start with test environments, prioritize critical applications, and consider business operations.
Segment 7: Pitfalls and Considerations
- Usability impact: Balancing security measures with operational needs.
- Internal threats: Monitoring for suspicious internal activities.
- Continuous monitoring: Importance of regular checks and updates.
Segment 8: Resources and References
- Recommended reading: "Project Zero Trust" book.
- Key documents: NIST 800-207 and CISA's Zero Trust Maturity Model.
Conclusion:
- Recap of the episode.
- Encouragement to start the Zero Trust journey: Don't be overwhelmed; take it step by step.
- Final thoughts: Zero Trust as a critical part of modern cybersecurity strategies.
Closing:
- Reminder to check previous episodes.
- Contact information: Website, email, and social media handles.
- Episode release schedule: Every other Monday.
Sign-off:
- Hosts' sign-off and thanks for listening.
23 episodes
Share
