The Segment

The Monday Microsegment for the week of October 21st. All the cyber security news you need to stay ahead, from Illumio's The Segment podcast.Suspected cyber bandit in data broker breach busted! In Brazil!LockBit dethroned as RansomHub crowned new king of the ransomware arenaAnd Casio races the clock as it struggles in the wake of a ransomware attackAnd Gary Barlet joins us again to talk about election security. Read his piece with the Financial Times: https://www.ft.com/partnercontent/illumio/tackling-election-security-with-zero-trust.htmlHead to The Zero Trust Hub: hub.illumio.comIllumio World Tour Registration: https://www.illumio.com/illumio-world-tour

In this episode, host Raghu Nandakumara sits down with Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft, to explore the evolving landscape of cyber threats and the importance of resilience in the face of ransomware. They discuss the changing tactics of threat actors, the critical role of Zero Trust in modern cybersecurity, and the growing influence of AI on both cyber defense and offense. Sherrod also shares insights into balancing objective and subjective assessments in security, emphasizing the need for strong foundational practices and operational resilience.--------“Pre-decision making. If we come under ransom, are we going to pay? A lot of people start spiraling and it's like, wait, do you want to be spiraling now or do you want to be spiraling when we're actually under ransom? Let's spiral now. Let's do that worrying now, so that if something happens in the future, we're ready for that.”--------Time Stamps (04:53) Sherrod's career journey(16:15) Importance of basic security practices in ransomware resilience(18:37) Ransomware: To pay or not to pay?(22:08) Building a culture of ransomware resilience(26:19) Subjectivity of security(29:51) Evolution of threat actors(34:13) Zero Trust's impact on security(46:04) Role of AI in cybersecurity(49:49) Future of threat intelligence --------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.Illumio World Tour --------LinksConnect with Sherrod on LinkedIn

The Monday Microsegment for the week of October 14th. All the cyber security news you need to stay ahead, from Illumio's The Segment podcast.Tiny company, massive data breach, and a swarm of lawsuits. New details in NPD bankruptcyThe Wayback Machine moving forward after a series of attacksAnd OpenAI shuts down efforts to use it for AI-powered wrongdoingAnd Gary Barlet to talk about Cybersecurity Awareness Month. Head to The Zero Trust Hub: hub.illumio.comIllumio World Tour Registration: https://www.illumio.com/illumio-world-tour

The Monday Microsegment for the week of October 7th. All the cyber security news you need to stay ahead, from Illumio's The Segment podcast.China breaches U.S. broadband providers in months long breachIt’s double trouble as two flaws put critical networking infrastructure at riskAnd U.S. authorities seize dozens of internet domains tied to Russian hackers.And John Kindervag joins us to talk about the 14 year Zero Trust journey. Head to The Zero Trust Hub: hub.illumio.comIllumio World Tour Registration: https://www.illumio.com/illumio-world-tour

In this episode, host Raghu Nandakumara sits down with Nicole Tisdale, Founder and Principal of Advocacy Blueprints. Nicole spent 15 years as a national security expert at The White House - National Security Council and the U.S. Congress's House Committee on Homeland Security. She joins the podcast to discuss cyber equity and security policy. --------“Should have, would have, could have - public policy is not about penalizing people for what they could have been doing or should have been doing. It's about making it better in the present and then making it better in the future.”--------Time Stamps (02:01) Nicole’s background (08:31) Responses to breaches and reporting (11:19) Victims of cyber hacks (17:39) Defining cyber equity (24:19) High impact cyber attacks (37:42) Linking Zero Trust to Cyber Equity: Secure-by-design --------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Nicole on LinkedInThe Hidden Injustice of Cyberattacks by Nicole Tisdale Illumio World Tour

In this episode, host Raghu Nandakumara sits down with Tristan Morgan, Managing Director Cyber Security at BT Group, and Mark Hendry, Digital Services Partner at Evelyn Partners to discuss DORA regulations and compliance in the financial services sector. They discuss the interplay between regulatory standards like NIS2 and DORA, the importance of proportionality and operational resilience, and the broader adoption of principles such as Zero Trust. Learn more on how to achieve DORA compliance: Illumio.com/doraLearn strategies for DORA compliance in this ebook: https://www.illumio.com/resource-center/zero-trust-segmentation-dora --------"If you did a search on DORA and looked for the word segmented, ss in micro-segmentation, instantaneous severing of elements of the network in order to contain and what have you, it's in there. It's absolutely in there. So, you just need to know what you're looking for and you'll find it. And Zero Trust will evolve. It might evolve into a different name or a different set of characteristics that we seek to achieve, but DORA should last. And we might find terms like Zero Trust start to pop up in regulatory technical standards or implementing technical standards that accompany it, but it's absolutely in there because it's such a good way to protect our organizations from harm, the types of harm that we've talked about." - Mark "If you were to build something completely separate and ask all businesses to comply with something that was different, not only would there be significant cost, I think actually you get much greater resistance. Whereas, these regulations like DORA actually build upon industry-recognized best practices that many businesses are already adopting to a degree, and it actually is sensible, but it also makes the barrier to compliance less." - Tristan--------Time Stamps (04:22) Current cyber threat landscape (11:02) Operational resilience and cyber resilience(12427) Compliance and regulatory standards (15:22) A historical look at compliance (25:58) The tipping point for the EU to prioritize operational resilience(36:48) What differentiates DORA from other legislation? (44:24) The role of Zero Trust within DORA --------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Tristan on LinkedInConnect with Mark on LinkedIn

In this episode, host Raghu Nandakumara sits down with Thomas Mueller-Lynch, Global Director Digital Identities at Siemens to explore Siemens' ambitious zero trust program. They delve into the challenges of implementation and the strategic benefits of zero trust in bolstering product security and streamlining IT architecture. Thomas highlights the essential role of identity management and the importance of collaboration between IT, cybersecurity, and business units in advancing zero trust effectively.--------"You cannot run a Zero Trust program exclusively out of IT. You cannot run it exclusively out of cybersecurity. And also if the business, or at least our organization, which is quite big and lots of different business units, if everybody of these business units starts by their own something, it will also not work. It will only work as teamwork all together. So IT typically brings in the services and the service operational model. Cybersecurity brings in the rules and partly also kind of architecture, as well as IT by the way, and business obviously owns all of these assets. So if you don't have them on the same table, at the same table it won't work at all."--------Time Stamps *(03:56) Thomas' journey at Siemens*(08:59) Challenges in Zero Trust implementation*(16:08) Business benefits of Zero Trust*(27:32) Balancing big vision with tactical steps*(34:06) Identity's role in Zero Trust*(43:10) Collaborating across IT, security, and business for zero trust success*(44:59) How Zero Trust drives competitive advantage --------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Thomas on LinkedInDownload your copy of The Forrester Wave for Microsegmentation Solutions: Illumio is a Leader in The Forrester Wave™: Microsegmentation Solutions, Q3 2024.

In this episode, host Raghu Nandakumara sits down with Indy Dhami, Partner at KPMG UK, to explore the evolution from traditional InfoSec to cyber resilience. They discuss the strategic implementation of Zero Trust, the impact of regulatory pressures, and the challenges posed by AI. Indy emphasizes the critical role of foundational cybersecurity practices in maintaining business continuity and driving innovation.--------"The way I see it with some of these regulations, it's changing the focus of very siloed-based approaches to addressing regulatory requirements, to as I term, it's turning compliance into a team sport. You need to have your Chief Information Security Officer at the table for DORA. However, you also need to have the person that's responsible for all of your human resources or the person that's responsible for your business operations or for your important business services. And the more mature organizations that I'm working with are approaching it in that way. They have all of those key stakeholders at the table. They've understood that there are certain roles to play for each of these functions and they're working together."--------Time Stamps (01:27) Indy's career journey(07:40) The shift to cyber resilience(10:18) Importance of cybersecurity awareness(13:19) Ransomware ethics and initial client concerns(17:10) Evolution of regulations in cybersecurity(27:58) Understanding Zero Trust(35:54) Adoption and implementation of Zero Trust strategy(48:19) Harmonizing risk, security, and fraud(50:55) Future challenges in cybersecurity(53:05) Impact of AI and quantum computing on cybersecurity(55:03) Indy's vision of the future --------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Indy on LinkedIn

In this episode, host Raghu Nandakumara sits down with Kyla Guru, a Stanford University student and passionate cybersecurity advocate. Kyla's journey started at the age of 14, leading her to found Bits N' Bytes Cybersecurity Education. She shares the importance of proactive cyber education, insights from her work with government and private sector organizations, and the role of AI in cybersecurity defense. Kyla also emphasizes integrating security into product development and the significance of grassroots community engagement in fostering cybersecurity awareness. --------“Even with artificial intelligence, we should just think about how our defense in depth, our security posture hasn't necessarily changed that much. It has changed in terms of improvement, but it's a cat-and-mouse game and the threat actors are also improving so we have to adapt. It's not just a one-and-done. ‘I've done my security. I'm done with it. I'm not going to think about it.’ It's more so, ‘Okay, can we revise this now that the threat actors are evolving? What can we do to just stay ahead of the needle?’ And I think as designers, that's a big thing to think about when you're designing a product is like, ‘Okay, if I build this, if I design this this way, how would attackers try and go around it and what is their next move?”--------Time Stamps (00:43) Kyla's background and journey into cybersecurity(08:28) Proactive approaches to cyber education(11:09) Ways to measure cybersecurity education impacts(19:25) Incorporating the zero trust concept into education(25:53) Importance of secure by design(32:52) Significance of user experience in security(35:29) Day-to-day in threat intelligence(38:21) Addressing common and recurring vulnerabilities(42:39) AI's impact on cybersecurity(47:08) Future of cybersecurity and the human element(49:20) Advice to cybersecurity professionals --------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Kyla on LinkedInCheck out Bits N' Bytes Cybersecurity EducationLearn more about GirlCon

In this episode, host Raghu Nandakumara sits down with Stephen J. White, the CEO of Viking Technology Advisors to discuss the critical role of Zero Trust Network Access (ZTNA), cloud adoption, and AI in modernizing network security. He emphasizes the importance of visibility, automation, and holistic approaches to enhance operational efficiency and security.--------“It's about making security the enabler for Google, like you just said, it is the enabler, but then it's also making it invisible to the user community, so that it's secured, controlled, managed, but they can do their jobs as effectively no matter where they are. And it's just, this is a really pivotal time." - Steve White--------Time Stamps (04:42) The security challenges of modernization(17:29) Connecting business and security outcomes (29:02) Should cybersecurity and network teams merge? (31:01) What will generative AI bring to security?(49:31) The borderless network and managing the perimeter --------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Stephen on LinkedIn

In this episode, host Raghu Nandakumara sits down with Sean Connelly, Former Director of CISA’s Zero Trust Initiative, to discuss the evolution of network architectures; why incidents over the past 5 years have catalyzed a greater federal focus on cyber resilience, and specifically Zero Trust; and how CISA is thinking about protecting data in new ways.Timestamps: (04:39) How the nature of the perimeter has changed (12:00) The shift towards being critical-asset focused and how it accelerated cloud adoption(15:36) The process behind drafting recent regulation and EO 14028(36:56) Are agencies making the expected improvements? (41:48) The key challenges moving forward --------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Sean on LinkedIn

In this episode, host Raghu Nandakumara sits down with Carlos Buenano, CTO, OT at Armis, to discuss his path to OT security, the importance of Zero Trust in industrial environments, and how to make progress in security while not compromising productivity.--------“They are not in charge of security. Until now they haven't been accountable to basically provide security. Okay. Of course, they are concerned about being disrupted, the operations being disrupted.” - Carlos Buenano--------Time Stamps:(08:39) How to discuss security with OT practitioners(13:49) Why we have so many legacy systems in OT and OT’s perspective on security (24:19) Adoption of Zero Trust in OT environments and challenges (39:23) Pros and cons of the American and European approaches, how to accelerate adoption(44:15) Relevance of AI in the OT space--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Carlos on LinkedIn

“The more that we distribute, the more that we decentralize, the more that we fragment, the more that we go down pathways of things like no code low code, the more that we go down serverless. We're just creating a distributed environment that is a target rich environment for the bad actors and an incredibly difficult landscape for us to manage from a security standpoint.” - Richard Bird--------Time Stamps(14:39) Cognitive dissonance in cybersecurity (26:01) The role of Zero Trust in a decentralized world(30:51) Misconceptions about Zero Trust(40:48) What does Zero Trust have to do with API Security?(56:36) The future of Zero Trust and API Security --------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Richard on LinkedIn

Welcome back to The Segment! In our Season 2 premiere, host Raghu Nandakumara sits down with John Kindervag, Chief Evangelist at Illumio and the “Godfather of Zero Trust”, to unpack John’s Zero Trust origin story, where folks go wrong on their Zero Trust journeys, federal Zero Trust momentum, and so much more.--------“I said all interfaces should have the same trust and it should be zero. And that's really where Zero Trust comes from, is just a pushback against how we were building firewalls which affected policy and there was no reason for it." - John Kindervag--------Time Stamps(09:00) The foundation of “trust but verify”(15:39) The motivation behind John’s seminal papers at Forrester(24:16) The uptick of Zero Trust (31:41) Is Zero Trust difficult to adopt? (46:48) What does a culture of Zero Trust mean?--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with John on LinkedInRead the NSTAC Report to the President on Zero Trust and Trusted Identity Management (February 2022)

In this episode, host Raghu Nandakumara sits down with Ann Johnson, Corporate Vice President, Microsoft Security Business Development, to explore AI, everyday Zero Trust conversations, cyber resilience best practices, and so much more. --------“Democratization has to exist as well, and there has to be global standards and there has to be global regulation, but there also has to be global cooperation, right?.. We’re seeing an increase in collaboration and cooperation, but we’re not where we need to be. And the only way we actually defeat the bad enemy is with collective defense, and we need to get a lot better about collective defense.”--------Time Stamps(04:32) An egalitarian approach to cybersecurity(11:01) “The greatest thing the industry can do is improve visibility”(13:50) Three steps to Zero Trust(25:00) What’s driving Zero Trust adoption?(28:00) Talking cyber resilience to the Board(34:36) Becoming a better CISO--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Ann on LinkedIn

In this episode, host Raghu Nandakumara sits down with Richard Staynings, Chief Security Strategist at Cylera, to discuss how the role of the CISO has changed over the past 30 years, the IT challenges facing modern healthcare organizations, and today’s cybercrime landscape.--------“I'd like to think that all healthcare organizations are looking at all aspects of Zero Trust, right? But Zero Trust is a journey. It's not something where you can throw a switch on and become Zero Trust certified overnight. It's a mindset. It's a journey.”--------Time Stamps(02:49) The role of the CISO through the years(08:32) Understanding the perpetrators of cybercrime(19:00) The medical OT threat landscape(29:00) Reducing HIoT risk with Zero Trust(39:00) AI and the future of healthcare--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Richard on LinkedIn

In this episode, host Raghu Nandakumara sits down with Ryan Fried, Senior Security Engineer at Brooks Running, to discuss the role of cybersecurity in the manufacturing and retail sectors, building a successful Zero Trust program, and the difference between being compliant and being secure. --------“How can we go towards Zero and, I’ll say, Zero-ish Trust? Actual Zero Trust is really hard to do, and I think it's really intimidating...But, for instance, what we're talking about is micro-segmentation from a Zero Trust perspective, what is the best bang for our buck that we're gonna get with being the least disruptive?” - Ryan Fried--------Time Stamps* (06:31) Mapping out your risk exposure* (10:44) Striking a balance between good security and “good enough”* (13:03) Compliance in less regulated industries* (17:22) Being compliant vs. being secure* (24:22) Zero-ish Trust in action--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Ryan on LinkedIn

In this episode, host Raghu Nandakumara sits down with Rob Ragan, Principal Researcher at Bishop Fox – live at RSAC 2023! – to discuss the different types of threats, offensive security trends, and how to continuously find new opportunities to improve cyber resilience.--------"I'm seeing a lot more folks that are security engineers and are on blue teams that are also then wanting to participate in those red team exercises and in those tests, and be involved and actually understand how they can learn and apply those techniques while they're building into their threat models.And I see that the folks that are doing that on a more regular basis are maturing more rapidly. And if they're not factoring in that testing to what they've implemented, then there may be long periods and long gaps where there's a susceptibility that remains unknown." - Rob Ragan--------Time Stamps* (2:23) Learning the wrong ways to build applications* (6:31) Securing IoT/OT and national critical infrastructure* (15:36) Zero Trust and offensive security* (19:27) Maturing faster with more testing* (24:32) TCO and ROI--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Rob on LinkedIn

In this episode, host Raghu Nandakumara sits down with Gary Barlet, Federal Field CTO at Illumio, to discuss his own personal experience with Zero Trust, top cyber challenges facing federal organizations, and why embracing an “assume breach” approach to cybersecurity matters.--------"You wanna continue to try to do your best, but there's no such thing as perfect. And you have to be ready for the alternative, right? What happens when the art of the perfect fails you, and you have to deal with a breach? And I think that that monumental shift in approach and philosophy is something that I think that modern entities, agencies, and businesses, if they don't make that shift, they're just gonna continue to lose." - Gary Barlet--------Time Stamps* (3:07) Fighting the everyday battle in cyberspace* (7:16) How to “assume breach”* (17:53) The US Government’s top cyber challenges* (28:17) Breach economics* (35:33) The future of Zero Trust--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com/--------LinksConnect with Gary on LinkedIn

In this episode, host Raghu Nandukumara chats with Shawn Kirk, Worldwide Leader for Security Go to Market at Amazon Web Services. The two of them discuss the shared responsibility model, making incremental Zero Trust improvements in the cloud, and understanding cloud economics and ROI. --------"When we're having conversations with customers we are very, very reluctant to put the actual technology, feature or the control at the beginning of the conversation. Because, particularly with something as nuanced to Zero Trust, you really have to have a much more in-depth understanding of the problem that they're trying to solve." - Shawn Kirk--------Time Stamps* (5:19) How to secure your cloud migration* (9:38) Zero Trust’s role in cyber conversations* (17:34) ROI benefits of cloud security* (19:25) Top security challenges facing AWS customers* (22:46) Evolving threats in the cloud--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Shawn on LinkedIn

In this episode, host Raghu Nandukumara sits down with Illumio CTO and Co-Founder PJ Kirner, to discuss Illumio’s founding story, taking a data-driven approach to innovation and market validation, and what RSA attendees should be thinking about as they gear up for this year’s conference. --------"I do think we fell off the bandwagon with all this implicit trust in the environment…All these things that were just allowed to talk to each other implicitly—no one ever thought about, you know, let’s turn this into explicit trust? That's a place where I think we definitely needed Zero Trust to help us along that journey." - PJ Kirner--------Time Stamps* (0:47) The Illumio founding story*(11:39) What do submarines and cyber resilience have in common?*(14:55) Overcoming implicit trust *(24:40) Validating ideas with data* (36:13) What a CTO hopes to see at RSA--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com or visit us at RSAC in San Francisco, between April 24 – April 27! You can find us in the North Hall, at Booth 5778.--------LinksConnect with PJ on LinkedIn

In this episode, host Raghu Nandakumara sits down with Stephen Coraggio and Greg Tkaczyk, Managing Partner and Executive Consultant at IBM Security, to discuss the business value of cybersecurity, defining your crown jewels, and overcoming “analysis paralysis” and other Zero Trust challenges. --------“Back in the day it was around protecting everything, encrypting everything, and really making sure that we scan everything in an environment. Now when we talk to clients, it's around how do we make sure that we are truly looking after the most important things in our environment, making sure that those are properly protected, [and] controlled.” - Stephen Coraggio“You don't want to spend four months deciding what top five policies you want to enforce in a CSPM solution—Make those decisions quickly and reduce risk.” - Greg Tkaczyk--------Time Stamps* 10:17 – Defining your “crown jewels”* 13:09 – Overcoming “analysis paralysis”* 22:35 – ZT as a framework: “It’s a set of guiding principles”* 30:30 – What comes next in cyber (a case for AI/automation)* 34:10 – Using data to demonstrate ROI--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com/--------LinksConnect with Stephen on LinkedInConnect with Greg on LinkedIn

In this episode, host Raghu Nandakumara and Vishal Salvi, CISO and Head of the Cyber Practice at Infosys, explore the evolution of the CISO over the past 25 years, democratizing cybersecurity and why “doing the boring things right” matters. --------“If you start taking an approach of zero tolerance—we need to start getting a sense of more governance around how do we manage this?While we want to empower people, while we want to have speed and agility—you cannot do it at the cost of IT hygiene and therefore poor security and therefore risk of being breached.” - Vishal Salvi--------Time Stamps* (6:02) Evolving as the profession evolves * (9:30) Being an empathetic business leader * (16:30) Back to basics — “Doing the boring stuff right” * (20:52) Democratizing cybersecurity within the organization * (31:50) How to make the most of your cyber investments * (41:05) What excites a CISO--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com/--------LinksConnect with Vishal on LinkedInCheck out Infosys

In this episode, host Raghu Nandakumara and Gerald Caron, Former Chief Information Officer for the Office of the Inspector General at the US Department of Health and Human Services, unpack how to manage operational risk, the role of data mapping in any successful Zero Trust strategy, and demonstrating ROI. --------“Because when you're managing risk, it's not just an IT thing. It's also a mission thing as well. What are the political aspects of the risk and the decisions that you're making? That informs the IT risk as well. But I think it has to be well understood that this is, going back to the ROI, this is why this is a good investment. This is gonna help mitigate this risk… [Zero Trust] is a cultural thing for an organization and it needs to be communicated.” - Gerald Caron--------Time Stamps* (5:00) Understanding your operational risk posture as a CIO* (9:52) What peanut butter, the cinema and Zero Trust have in common* (14:10) Demystifying Zero Trust: Driving the adoption of ZT at the OIG* (18:40) Measuring progress and effectiveness* (25:53) Aligning Zero Trust with your company’s business strategy--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com/--------LinksConnect with Gerald on LinkedIn

In this episode, host Raghu Nandakumara chats with George Finney, best-selling author and Chief Security Officer at Southern Methodist University, about his experiences with Zero Trust in higher education, the cultural elements of cybersecurity, his new book “Project Zero Trust” and why some Zero Trust projects fail. --------“That understanding fundamentally of trust is something we don't necessarily talk about a lot in organizations. When you get into Zero Trust, the real trick is how do I spot the trusts? When I look at a computer, router, firewall, server config — what's the trust? How do I go through and get rid of them?That's what Zero Trust is about. It's not about not trusting people. It's about finding those trusts in our digital systems and getting rid of them.” - George Finney--------Time Stamps* (5:40) Establishing a unified security culture* (11:10) What Zero Trust isn’t: “Don’t take the cynical approach” * (16:50) The secret sauce to being a CSO today is building in security from day 1 * (24:00) Understanding your “protect surface” to maximize ROI * (28:30) The reason some Zero Trust projects fail isn’t because of tools - it’s people--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com/--------LinksConnect with George on LinkedInCheck out George's best-selling book "Project Zero Trust"

In this episode, host Raghu Nandakumara sits down with Chase Cunningham, former Forrester analyst and “Dr. Zero Trust”, to discuss the evolution of the Zero Trust framework and what organizations get wrong when mapping out their Zero Trust strategies. --------“...John [Kindervag] says it all the time: Trust is a human emotion; we've built it into computers. If you remove the trusted relationships, it's not that there's going to be “zero trust.” It's that they're going to have manageable risk based on trust relationships, and that makes the bad guy's day really hard.” — Dr. Chase Cunningham--------Time Stamps* (6:34) Zero Trust is nothing new, just an evolution of something that’s always made sense * (10:32) You can get Zero Trust wrong – but start small to get it right * (16:18) How vendors have changed the Zero Trust landscape * (21:39) How APIs are transforming the future of cybersecurity platforms * (28:34) Federal Zero Trust progress is “fast-ish” --------SponsorAssume breach. Minimize impact. Increase resilience. With Illumio, the Zero Trust Segmentation company. Learn more at illumio.com/--------LinksConnect with Chase on LinkedInCheck out the DrZeroTrust podcast

In the past two years, more than three-quarters of organizations have been attacked by ransomware, and over two-thirds have experienced at least one software supply chain attack. Attackers are smarter, more sophisticated and move more quickly than ever. If your organization hasn’t been breached yet, odds are you will be. On “The Segment: A Zero Trust Leadership Podcast”, you will hear from industry experts about the latest cybersecurity and ransomware trends. We will unpack how modern organizations can reduce risk and curtail impact with Zero Trust - a “never trust, always verify” approach to cybersecurity.Join us for The Segment: A Zero Trust Leadership Podcast, brought to you by Illumio.-------Assume breach. Minimize impact. Increase resilience. With Illumio, the Zero Trust Segmentation company. Learn more at illumio.com/