Skip to main content

Posts

Zero Trust — From Concept to Board Room Post 3 of 4

Blog Series: Zero Trust — From Concept to Board Room Post 3 of 4 A Practical Guide for InfoSec Professionals, Aspiring CISOs, and New Security Leaders In the first two posts of this series we covered what zero trust is, why it matters, how to win executive and board support for it, and how each of the five pillars works. If you have read those posts, you now understand the architecture. What you may not yet know is where you stand within it. That is what this post is about. Understanding zero trust conceptually is one thing. Knowing your actual current posture — what you have already built, where the gaps are, and how far you realistically are from where you need to be — is something else entirely. That knowledge is what drives everything that comes next: your roadmap, your investment priorities, your sequencing, and your executive narrative. You cannot build a credible program without it. CISA’s Zero Trust Maturity Model gives us the framework to do that assessment with pre...
Read more
Recent posts

Zero Trust — From Concept to Board Room Post 2 of 4

Blog Series: Zero Trust — From Concept to Board Room Post 2 of 4 A Practical Guide for InfoSec Professionals, Aspiring CISOs, and New Security Leaders In the first post of this series, I walked through what zero trust actually is, why it matters more now than ever, and how to build the executive and board support needed to fund and sustain it. If you have not read that post yet, I recommend starting there. The business case and the organizational alignment have to come before the architecture — every time. Now we get into the substance. Zero trust is not a single technology, a single product, or a single policy. It is a coordinated architecture built across five distinct domains that security practitioners call pillars. Understanding these pillars is not optional background knowledge. It is the foundation of every decision you will make when assessing your current posture, building your roadmap, and communicating progress to leadership. CISA’s Zero Trust Maturity Model organi...
Read more

Zero Trust — From Concept to Board Room Post 1 of 4

Blog Series: Zero Trust — From Concept to Board Room Post 1 of 4 A Practical Guide for InfoSec Professionals, Aspiring CISOs, and New Security Leaders I have been in this industry for more than twenty years. I have lived through the transition from perimeter-centric firewalls to cloud-native architectures. I have sat across the table from boards asking why we needed to spend millions on security when “nothing bad has happened yet.” And I have watched organizations that trusted their network edges get torn apart from the inside — by compromised credentials, lateral movement, and attackers who were in the environment for months before anyone noticed. Zero trust is not a product you can buy. It is not a checkbox on a compliance audit. It is a fundamental shift in how you think about security — and more importantly, how your organization operationalizes protection in a world where the perimeter no longer exists. This is the first post in a series designed to walk security profes...
Read more

NCSC Secure Connectivity Principle 8: Establish an Isolation Plan

InfoSec Made Easy OT Security Leadership | NCSC Guidance Series The plan you hope you never need — and why having it ready is non-negotiable in OT security Every other principle in this series has focused on preventing compromise, detecting threats, and limiting the spread of attacks that do occur. Principle 8 addresses the scenario that all of those controls are designed to avoid: a confirmed compromise serious enough that the OT environment needs to be isolated from external influences to prevent further damage, contain the threat, or allow secure recovery. It is the last resort — the plan you execute when other defenses have not been sufficient, or when the threat is serious enough that isolation is the only prudent response. Principle 8 of the NCSC's Secure Connectivity Principles for Operational Technology is about ensuring that when that moment comes, your organization has a plan, has tested that plan, knows it will work without causing additional opera...
Read more