DrZeroTrust

🚨 RSA Attendees, Let's Shake Things Up! 🚨Ever been frustrated that your voice isn't heard at big tech events? Me too. That's why I built 10ring—the app where YOU rate vendors, anonymously if you prefer, and help drive real transparency and accountability.No fluff. No selling your emails. Just honest feedback, community-driven rankings, and heck—I’ll even toss $100 cash daily to whoever reviews the most vendors.I put my own money where my mouth is because change doesn’t happen by accident—it happens when we speak up together.Ready to join the movement? Let's make RSA2025 unforgettable.#10ringApp #RSA2025 #TechTransparency #CyberSecurityTakeawaysThe Tenring app is designed to enhance vendor-user interactions.Users can choose to be anonymous or public while using the app.Dr. Cunningham funded the app entirely out of his own pocket.The app aims to democratize technology and improve vendor practices.Users can win $100 for contributing reviews and feedback.The app will be live for a limited time during the RSA conference.Users can save vendors they want to engage with later.The app features a clean and intuitive interface for easy navigation.Community feedback is crucial for improving vendor services.Dr. Cunningham encourages collaboration to change the tech landscape.

In this conversation, Chase Cunningham and Dave Rand discuss the concept of Zero Trust security and how Faction Networks is innovating in this space. They explore the challenges of securing IoT devices, the unique approach of Faction in avoiding central key repositories, and the importance of encryption. The discussion also touches on the future of cybersecurity, the integration of AI, and the user experience in implementing these security measures.TakeawaysZero Trust is essential for modern cybersecurity.Traditional VPNs are inadequate for current security needs.IoT devices pose significant security challenges.Faction Networks uses a unique approach to key management.Encryption is a core component of Faction's security model.Micro-segmentation helps in isolating critical devices.AI can enhance security through anomaly detection.Privacy is a priority in Faction's design.User experience is crucial for security implementation.The future of cybersecurity will involve hardware and software integration.

In this conversation, Dr. Chase Cunningham and Scott Aldridge discuss the principles of the Visible Ops methodology and its application in cybersecurity. Scott shares his extensive background in IT and cybersecurity, emphasizing the importance of understanding and managing IT assets through effective change and configuration management. They explore practical techniques for implementing cybersecurity best practices, the significance of leadership support, and the challenges organizations face in adopting these practices. The discussion also touches on the value of partnering with managed service providers (MSPs) and the need for a proactive approach to cybersecurity, including the adoption of a zero trust model.TakeawaysYou can't control what you can't measure.Assume breach and prepare accordingly.Progress over perfection is key in cybersecurity.Best practices often aren't implemented effectively.Building cybersecurity expertise in-house is expensive.Partnering with an MSSP can be cost-effective.Integrity management is crucial for IT security.Leadership support is essential for cybersecurity initiatives.Compliance does not guarantee a good cybersecurity posture.Understanding your IT assets is foundational for security.

In this conversation, Dr. Zero Trust analyzes a recent incident involving the leak of tactical action plans by high-ranking officials through unsecured communication channels. He discusses the implications of this leak on national security, the classification of information, and the accountability of government officials. The conversation highlights the discrepancies in how classified information is treated among different individuals and the need for integrity and accountability in leadership roles.TakeawaysThe incident involved a leak of tactical action plans.High-ranking officials should use secure communication methods.The classification of information is often misinterpreted.There is a double standard in accountability for leaks.Leadership must hold themselves accountable for their actions.The integrity of government officials is crucial for national security.Past incidents of information leaks show a pattern of behavior.The consequences for lower-ranking individuals are harsher than for officials.Public trust in government is eroded by lack of accountability.The conversation emphasizes the importance of protecting classified information.

In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses the intersection of cybersecurity and finance, focusing on market trends, vulnerabilities, and the implications of recent cybersecurity incidents. He emphasizes the importance of understanding the financial aspects of cybersecurity, including stock performance and investment strategies, while also addressing the challenges faced by government programs and the ongoing threats from ransomware and state-sponsored attacks.TakeawaysCybersecurity is becoming increasingly intertwined with financial markets.Investors should consider buying stocks after breaches for potential rebounds.Government cybersecurity programs face significant vulnerabilities.Microsoft has not patched a critical vulnerability for eight years.Legislative bodies are scrutinizing the DHS's response to cyber threats.Ransomware operations may have connections to state actors.Investment opportunities exist in the cybersecurity sector despite volatility.Fake updates are a common tactic used by ransomware gangs.Understanding the financial impact of cybersecurity breaches is crucial.Staying informed and proactive is essential for cybersecurity.

In this conversation, Dr. Chase Cunningham and Barry Mainz, CEO of Forescout, discuss the pressing issues surrounding cybersecurity, particularly in critical infrastructure, legacy systems, and the importance of a zero trust approach. They critique the Netflix series 'Zero Day' for its portrayal of cybersecurity threats and explore the current state of security in various sectors, including healthcare and airports. The discussion emphasizes the need for compliance, business continuity, and the integration of cybersecurity into business strategies. They also touch on the future of cybersecurity investments and the importance of considering schools as critical infrastructure.TakeawaysThe portrayal of cybersecurity in media can be exaggerated.Critical infrastructure is vulnerable and requires investment in security.Zero trust principles should be applied to OT and IoT systems.Legacy systems pose significant challenges for cybersecurity.Compliance requirements for OT and IoT are lacking compared to other sectors.Business continuity is a key driver for cybersecurity investments.Cybersecurity discussions should focus on business impacts, not just technical details.Heterogeneous environments require flexible security solutions.Airports vary in their cybersecurity readiness based on age and investment.Healthcare cybersecurity often reacts to breaches rather than preventing them.

SummaryIn this conversation, Dr. Zero Trust discusses various cybersecurity topics, including active malware campaigns, the risks associated with Veterans Affairs data, and the implications of recent data breaches. He also highlights legislative efforts to improve cybersecurity in the agricultural sector and the importance of cybersecurity for law firms. Additionally, he shares insights on investment strategies related to cybersecurity breaches and concludes with his upcoming travel plans and a new system he's trying for secure mobile use.Active malware campaigns are increasingly prevalent and require attention.Veterans Affairs data is at risk due to cybersecurity failures.Personal data breaches are common, and many individuals are affected.Legislative efforts like the Farm and Food Cybersecurity Act aim to address vulnerabilities.Cybersecurity is essential for law firms to protect sensitive data.Investing in companies post-breach can be financially beneficial.The importance of proactive cybersecurity measures cannot be overstated.Dr. Zero Trust is exploring new technologies for secure mobile use while traveling.Staying informed and secure is crucial in today's digital landscape.

In this conversation, Dr. Zero Trust discusses the current state of cybersecurity, focusing on leadership appointments, the confusion surrounding cyber threat naming, emerging threats, and the intersection of espionage and cybercrime. He critiques the lack of operational expertise in cybersecurity leadership, highlights the challenges posed by evolving cyber threats, and emphasizes the importance of understanding the implications of AI in cybersecurity operations. The discussion also touches on data privacy legislation efforts, ransomware trends, and the security vulnerabilities in the drone industry.TakeawaysLeadership in cybersecurity should prioritize technical expertise over political loyalty.The U.S. is currently losing the cyber war against adversaries.Confusion in naming cyber threat actors complicates response efforts.Emerging cyber threats are increasingly sophisticated and state-sponsored.AI can significantly enhance cybersecurity operations and efficiency.Data privacy legislation is often ineffective and redundant.Ransomware groups are evolving and becoming more organized.The cybercrime ecosystem is thriving with complex interconnections.Drones present significant security vulnerabilities that could be exploited.Public awareness of cybersecurity risks is crucial for protection.

In this conversation, Dr. Zero Trust discusses the current state of cybersecurity, focusing on leadership appointments, the confusion surrounding cyber threat naming, emerging threats, and the intersection of espionage and cybercrime. He critiques the lack of operational expertise in cybersecurity leadership, highlights the challenges posed by evolving cyber threats, and emphasizes the importance of understanding the implications of AI in cybersecurity operations. The discussion also touches on data privacy legislation efforts, ransomware trends, and the security vulnerabilities in the drone industry.TakeawaysLeadership in cybersecurity should prioritize technical expertise over political loyalty.The U.S. is currently losing the cyber war against adversaries.Confusion in naming cyber threat actors complicates response efforts.Emerging cyber threats are increasingly sophisticated and state-sponsored.AI can significantly enhance cybersecurity operations and efficiency.Data privacy legislation is often ineffective and redundant.Ransomware groups are evolving and becoming more organized.The cybercrime ecosystem is thriving with complex interconnections.Drones present significant security vulnerabilities that could be exploited.Public awareness of cybersecurity risks is crucial for protection.

In this conversation, Dr. Zero Trust, Anne Saunders, and Jack discuss the complexities of cybersecurity, particularly in the context of IoT and operational technology. They explore the vast attack surface presented by IoT devices, the challenges of securing these devices, and the importance of embedding security into the design of technology. The discussion also touches on regulatory frameworks, investment trends in cybersecurity, and the future of IoT security solutions. Takeaways IoT represents a significant attack surface for cybersecurity. Embedding security into device design is crucial. Data collection from IoT devices poses security risks. Regulatory compliance is becoming more stringent with NIS2. Investment in cybersecurity is often driven by immediate results. The cost of breaches can have a tangible impact on businesses. AI is changing the landscape of cybersecurity discussions. Supply chain security is a critical component of IoT security. Static credentials are a major vulnerability in cybersecurity. A holistic approach to cybersecurity is necessary for effective protection.

In this conversation, Dr. Zero Trust discusses various aspects of cybersecurity, including recent ransomware threats, the implications of AI and deepfake technology, and the importance of adopting a Zero Trust security framework. He also critiques the Biden administration's cybersecurity measures and highlights the ongoing challenges posed by stolen credentials and cyber threats. The discussion emphasizes the need for better security practices and the potential future risks associated with cyber warfare. Takeaways Life can throw unexpected challenges, like caring for family. Ransomware attacks are evolving, targeting cloud services. Strong passwords and two-factor authentication are essential. AI technology can be misused for scams and deception. OpenAI's models may exhibit unexpected language behaviors. Government measures against cyber threats may be insufficient. Stolen credentials remain a primary attack vector in cybersecurity. Zero Trust security is crucial for modern organizations. Cybersecurity is a growing market with increasing investment. Future threats may include drone warfare and cyber attacks on infrastructure.

In this conversation, Dr. Zero Trust discusses various aspects of cybersecurity, focusing on ransomware attacks, their impact on educational institutions, challenges in the cybersecurity workforce, emerging startups, government initiatives, financial implications of data breaches, and the effectiveness of cybersecurity labeling programs. The discussion highlights the need for proactive measures in cybersecurity and the importance of addressing non-human identity security challenges. Takeaways Ransomware attacks are on the rise, with significant impacts on organizations. Cybersecurity events have affected educational systems, compromising student data. There is a critical shortage of qualified cybersecurity professionals despite high demand. Emerging cybersecurity startups are receiving substantial funding but need to demonstrate efficacy. Government initiatives are being introduced to enhance cybersecurity measures. Data breach notification laws can increase borrowing costs for businesses. The Cyber Trustmark program may not effectively address cybersecurity concerns. Non-human identities pose significant security challenges that need to be addressed.

In this conversation, Dr. Zero Trust reflects on the state of cybersecurity as the new year begins, discussing the persistent issues of phishing, social engineering, and weak passwords that continue to plague the industry. He reviews significant cyber incidents from the previous year, including data breaches and legal developments, while also sharing personal reflections on his own goals and challenges faced in 2024. The discussion emphasizes the need for a strategic shift in cybersecurity practices and the importance of addressing foundational issues to prevent ongoing failures in the field. Takeaways The most prevalent methods of exploitation in cybersecurity are still phishing and social engineering. Weak passwords remain a significant security risk in 2024. Recent legal developments include a U.S. ban on data sales to adversarial nations. Cyber incidents continue to rise, with notable breaches affecting government and private sectors. Personal reflections reveal the importance of honesty in assessing one's goals and achievements. Organizations relying on outdated practices are more likely to face breaches. The concept of 'cyberflation' highlights the financial impact of cybersecurity failures on consumers. A strategic shift towards Zero Trust (ZT) is necessary for better security outcomes. The need for public awareness and legislative action in cybersecurity is critical. 2024 was marked by a lack of significant progress in cybersecurity despite increased awareness.

In this conversation, I discussed various aspects of cybersecurity, including the manipulation of narratives through social media, the implications of leadership structures within Cyber Command and the NSA, personal liability for cybersecurity leaders, emerging trends for 2025, and significant supply chain vulnerabilities. The discussion also reflects on the challenges faced by cybersecurity professionals and highlights key incidents from the past year. Takeaways Social media can easily manipulate narratives, impacting public perception. The dual leadership of Cyber Command and NSA raises concerns about authority and effectiveness. CISOs face increasing personal liability, affecting their role and decision-making. Ransomware incidents are expected to remain high, posing ongoing risks to organizations. Supply chain vulnerabilities can have cascading effects across industries. Generative AI poses new threats, enhancing the capabilities of malicious actors. Cybersecurity leaders are experiencing burnout, with many considering leaving their roles. The importance of reassessing functional dependencies in cybersecurity insurance is critical. Fortune 100 companies are significantly affected by recent vulnerabilities in web application firewalls. The year in cybersecurity was marked by significant breaches and challenges, indicating a need for improved practices.

In this conversation, I discussed various cybersecurity reports, highlighting the increasing risks associated with AI, human behavior, and organizational vulnerabilities. He emphasizes the need for better security practices, the implications of recent data breaches, and the importance of updated cybersecurity legislation. The conversation also touches on the failures of government agencies to secure communications and the need for accountability in cybersecurity funding. Takeaways Fridays are a better time for live streaming. There is a significant uptick in state-sponsored cyber attacks. Organizations are not configuring AI services securely. Human behavior poses a major risk in cybersecurity. Phishing attacks have a guaranteed click rate of 5%. Windows has a new zero-day vulnerability affecting multiple versions. Deloitte experienced a significant data breach. NIST emphasizes password length over complexity. Cybersecurity legislation in Canada is facing delays. The EU has identified substantial cyber threats to its member states.

In this conversation, I discussed the ongoing cybersecurity talent crisis, highlighting qualified individuals seeking employment and the systemic issues contributing to the hiring problem. He delves into recent cybersecurity incidents, their financial implications, and the impact of identity security on consumer behavior. The discussion also touches on government regulations and the need for innovative practices in cybersecurity, emphasizing the importance of proactive measures and collaboration in the industry. Takeaways There is a significant talent shortage in cybersecurity. Qualified individuals are struggling to find work in the industry. The hiring process needs to be more inclusive and flexible. Recent cyber incidents have financial repercussions for companies. Consumers are increasingly concerned about identity security. Government regulations are often bureaucratic and ineffective. Innovative practices like micro-segmentation are essential for cybersecurity. Companies must prioritize transparency and security in their software. The cybersecurity industry needs to adapt to evolving threats. Collaboration is key to addressing the hiring crisis and improving security.

In this conversation, Dr. Zero Trust and Kevin Brink discuss the challenges and innovations in implementing Zero Trust security frameworks, particularly within the Department of Defense (DoD). Kevin shares insights on the need for automation in Zero Trust assessments to overcome the limitations of manual processes, emphasizing the importance of empirical data for continuous evaluation. They explore the cost and scalability of Zero Trust solutions, as well as the value of assessing existing security measures against Zero Trust principles. Takeaways Automation is essential for effective Zero Trust assessments. Manual assessments are labor-intensive and unsustainable. Empirical data is crucial for validating security measures. Zero Trust can be applied across various industries, not just DoD. Breach and attack simulations provide quantitative data for assessments. Cost-effective solutions can scale based on organizational needs. Continuous monitoring is key to maintaining security compliance. Zero Trust frameworks can help identify areas of inefficiency. Integration with existing systems enhances the value of Zero Trust. Understanding the specific needs of an organization is vital for implementation.

In this conversation, I discussed various aspects of cybersecurity, including recent TSA regulations, stock market trends related to cybersecurity companies, emerging threats from AI-driven phishing scams, the importance of veteran employment in the cybersecurity field, rising salaries and stress levels among cybersecurity professionals, and the need for organizations to address vulnerabilities and improve their security measures. The discussion emphasizes the importance of proactive measures in cybersecurity and the potential for financial gain in the stock market following breaches. Takeaways The TSA is proposing new cybersecurity regulations for surface transportation. Investing in cybersecurity stocks can be profitable after breaches. AI is increasingly being used in sophisticated phishing scams. Veterans can fill the talent gap in cybersecurity roles. Cybersecurity salaries are rising, but so is job-related stress. Organizations need to patch vulnerabilities promptly to avoid exploitation. Emerging tools and resources can aid in cybersecurity efforts. The importance of reporting significant security concerns is emphasized. Cybersecurity professionals are seeking better work-life balance and training opportunities. Proactive measures are essential to combat evolving cyber threats.

In this episode of the Dr. Zero Trust podcast, hosts James Pham and Oz Wasserman from Opsin discuss the implications of generative AI in the context of cybersecurity and Zero Trust principles. They explore the evolution of AI, the risks associated with generative AI, and how Opsin aims to secure sensitive data while leveraging AI for productivity. The conversation highlights the importance of understanding the security landscape as generative AI becomes more integrated into enterprise environments.

I discussed various topics related to #cybersecurity, including CISA's new international cyber security plan, the appointment of a new CISO at UnitedHealthcare, the progress of federal agencies in implementing #zerotrust, and the evolving landscape of hacking influenced by #AI. The discussion also touches on a serious hacking incident involving The Walt Disney Company and food safety, insights into hacker motivations, and the vulnerabilities present in critical infrastructure. I really emphasized the need for effective leadership and actionable solutions to address these pressing cybersecurity challenges. #drzerotrust #happyhalloween Takeaways CISA's international cyber security plan aims to enhance global cooperation. UnitedHealthcare's new CISO faces significant challenges post-ransomware attack. Federal agencies are making progress on Zero Trust implementation. AI is changing the hacking landscape, making it more accessible. A former Disney employee's hacking incident raises serious food safety concerns. Insights from hackers reveal motivations beyond financial gain. Critical infrastructure vulnerabilities are alarmingly prevalent. Effective leadership is crucial for solving cybersecurity issues. Simple fixes can prevent major security breaches. The conversation highlights the importance of proactive cybersecurity measures.