In this episode, we dive deep into the organizational and cultural roadblocks of Zero Trust with Mark Simos, Lead Cybersecurity Architect at Microsoft. Mark, a veteran who has spent over 25 years helping enterprises operationalize security, reveals why failure in Zero Trust often stems not from technical missteps, but from a fundamental misunderstanding of roles, responsibilities, and business incentives. He shares the journey of evolving from a technical expert to a "storyteller" and how that shift is essential for CISOs today.

Guest: Mark Simos (https://www.linkedin.com/in/marksimos)
Host: Dr. Victor Monga (https://www.linkedin.com/in/victorvirtual)
Co-Host: Dr. Victor Monga (https://www.linkedin.com/in/beingageek)

Mentioned Resources:

• Mark Simos on LinkedIn: https://www.linkedin.com/posts/marksimos_security-doesnt-get-better-until-we-correct-activity-7376623700508418048-yEDF?utm_source=share&utm_medium=member_desktop&rcm=ACoAABKQrw8BhNT_WGckKwwZ1zNfi6UkyFkMpZU
• The Open Group Security Roles and Responsibilities Standard: https://www.opengroup.org/open-group-july-virtual-event-explore-open-digital-standards-across-industries
• Microsoft Cybersecurity Reference Architecture (MCRA): https://learn.microsoft.com/en-us/security/adoption/mcra

Highlights:
--| The Two Broken Assumptions: How Zero Trust changes the assumption that the firewall is enough, and—crucially—that security is only the security team's job.
--| The CISO's Trap: Why technical CISOs often fail and get rotated out when they talk "speeds and feeds" instead of connecting security to business risk and outcomes.
--| Accountability vs. Blame: The critical difference leaders must understand to stop the cycle of finger-pointing and achieve real change.
--| The Microsoft SFI Example: How linking executive pay and incentive structures to security metrics drives cultural change across the organization.
--| The Role of the Storyteller: Mark's realization that communicating complex technology requires narrative skills to land concepts with business leaders.
--| The Future of Jobs: How AI will augment and change tasks, but the fundamental jobs to be done in security (and the need for human expertise) will remain.
--| One Key Piece of Advice: The single most important thing a CISO or architect can do to modernize their org structure around Zero Trust.

This episode is a must-listen for anyone struggling to move their Zero Trust initiative beyond the technical implementation phase. Mark provides a clear roadmap for embedding security accountability throughout the entire business.

Subscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges.

• https://ztjourney.com
• LinkedIn
• YouTube

Disclaimer: The views expressed are those of the speakers.