Introduction:

• Host Introduction: Tanner Greer and Anthony Kent, two IT executives with 35 years of combined experience in the IT field, specializing in cybersecurity.


• Episode Overview: Discussion on Zero Trust security.

Segment 1: Conference Recap

• Anthony's recent attendance at the IT conference for South Carolina co-ops.


• Key takeaway: Importance of IT communication with non-IT stakeholders, avoiding jargon and using relatable examples.

Segment 2: Understanding Zero Trust

• Zero Trust explained: "Never trust, always verify."


• History of Zero Trust: Coined by John Kindervag in the 90s and popularized in the 2000s.


• Shift in mindset: From securing trusted internal networks to assuming all networks are potentially hostile.

Segment 3: Key Concepts of Zero Trust

• Basic principles: Never trust, always verify; least privilege; and assume breach.


• NIST guidance on Zero Trust (800-207).

Segment 4: Implementing Zero Trust

• Defining the protect surface: Identify what needs protection.


• Mapping transaction flows: Understand how data moves.


• Architecting Zero Trust: Building a secure infrastructure.


• Creating Zero Trust policies: Setting rules and guidelines.


• Monitoring and maintaining: Continuous improvement and vigilance.

Segment 5: Real-world Application

• Anthony's recent project: Redesigning an OT environment using Zero Trust principles.


• Challenges and solutions: VLAN segmentation, micro-segmentation, and user/device checks.

Segment 6: Lessons Learned

• Importance of strategic goals: Integrating Zero Trust into organizational strategy.


• Using existing tools effectively: Leveraging current technology to implement Zero Trust.


• Practical tips: Start with test environments, prioritize critical applications, and consider business operations.

Segment 7: Pitfalls and Considerations

• Usability impact: Balancing security measures with operational needs.


• Internal threats: Monitoring for suspicious internal activities.


• Continuous monitoring: Importance of regular checks and updates.

Segment 8: Resources and References

• Recommended reading: "Project Zero Trust" book.


• Key documents: NIST 800-207 and CISA's Zero Trust Maturity Model.

Conclusion:

• Recap of the episode.


• Encouragement to start the Zero Trust journey: Don't be overwhelmed; take it step by step.


• Final thoughts: Zero Trust as a critical part of modern cybersecurity strategies.

Closing:

• Reminder to check previous episodes.


• Contact information: Website, email, and social media handles.


• Episode release schedule: Every other Monday.

Sign-off:

• Hosts' sign-off and thanks for listening.