Off the Wire: A Play by Play on Cybersecurity and Technology Issues

Introduction:

• Host Introduction: Tanner Greer and Anthony Kent, two IT executives with 35 years of combined experience in the IT field, specializing in cybersecurity.
• Episode Overview: Discussion on Zero Trust security.

Segment 1: Conference Recap

• Anthony's recent attendance at the IT conference for South Carolina co-ops.
• Key takeaway: Importance of IT communication with non-IT stakeholders, avoiding jargon and using relatable examples.

Segment 2: Understanding Zero Trust

• Zero Trust explained: "Never trust, always verify."
• History of Zero Trust: Coined by John Kindervag in the 90s and popularized in the 2000s.
• Shift in mindset: From securing trusted internal networks to assuming all networks are potentially hostile.

Segment 3: Key Concepts of Zero Trust

• Basic principles: Never trust, always verify; least privilege; and assume breach.
• NIST guidance on Zero Trust (800-207).

Segment 4: Implementing Zero Trust

• Defining the protect surface: Identify what needs protection.
• Mapping transaction flows: Understand how data moves.
• Architecting Zero Trust: Building a secure infrastructure.
• Creating Zero Trust policies: Setting rules and guidelines.
• Monitoring and maintaining: Continuous improvement and vigilance.

Segment 5: Real-world Application

• Anthony's recent project: Redesigning an OT environment using Zero Trust principles.
• Challenges and solutions: VLAN segmentation, micro-segmentation, and user/device checks.

Segment 6: Lessons Learned

• Importance of strategic goals: Integrating Zero Trust into organizational strategy.
• Using existing tools effectively: Leveraging current technology to implement Zero Trust.
• Practical tips: Start with test environments, prioritize critical applications, and consider business operations.

Segment 7: Pitfalls and Considerations

• Usability impact: Balancing security measures with operational needs.
• Internal threats: Monitoring for suspicious internal activities.
• Continuous monitoring: Importance of regular checks and updates.

Segment 8: Resources and References

• Recommended reading: "Project Zero Trust" book.
• Key documents: NIST 800-207 and CISA's Zero Trust Maturity Model.

Conclusion:

• Recap of the episode.
• Encouragement to start the Zero Trust journey: Don't be overwhelmed; take it step by step.
• Final thoughts: Zero Trust as a critical part of modern cybersecurity strategies.

Closing:

• Reminder to check previous episodes.
• Contact information: Website, email, and social media handles.
• Episode release schedule: Every other Monday.

Sign-off:

• Hosts' sign-off and thanks for listening.