Hello all, thanks for a productive and interesting conversation in our bi-weekly working session.
Here is the recording link, and appended below are the AI-generated meeting notes of moderate value
Zoom recording: https://cloudsecurityalliance.zoom.us/rec/share/rLrZgaDG8Ats-gddZIU6Fh9o2Fe3-oSdwBOkVNpNkLIdIqGIUxiMKa2r4nIRZTgW.mL0t9Eu_LDplN6s6
Action Items and Follow-ups:
-
-
With Jonathan Flack
-
Need - title, abstract, participants
-
Pathway - brighttalk vs ad hoc - TBD based on scheduling
-
Jason to assemble
-
Panel Discussion
-
BizValue - panel discussion, straightforward discussion of the document
-
Josh Woodruff - to create title, abstract, participants, structure
-
Research team participants - Rajesh Murthy
-
Case Studies
-
Andrea (and colleague) - fireside chat - large ZT network - ready to go!
-
Vendor-neutral and anonymized, but that's OK
-
Looking for enterprises / practitioners
-
Elier can help recruit
-
Erik to connect this to ZTAC BoF program
Our next meeting is on Weds, Oct 18 at 11am ET
AI-generated Meeting notes
- In the discussion, Jason, Erik, Josh, Andrea, and Rajesh talked about organizing a webcast on achieving zero trust without expanding the budget, planning a panel discussion on the content of a white paper, considering business value customer journey presentations, and discussing the possibility of a one-page document on the business of zero trust. They also mentioned conducting a survey with the help of Hillary Baron and gathering case studies from various vendors. - PLAY @0:33
- Andrea, Rajesh, Jason, Erik, and Elier had a discussion about the challenges and concerns related to network convergence, cognitive infrastructures, and the functionality of networks. They also discussed the idea of creating case studies and holding birds of a feather sessions to explore the business value of Zero Trust in real-life scenarios. - PLAY @10:48
- The group discussed the benefits of simplifying complex interactions and relations into schematic diagrams based on NIST and other frameworks, which made it easier to explain and understand security architectures and use cases. They also explored the idea of creating use case-specific schematics and promoting success stories of implementing zero trust. - PLAY @21:25
- Rajesh, Jason, and Andrea discussed the need for an end-to-end case from a Zero Trust Architecture group, focusing on creating a clear and localized solution. They also highlighted the importance of considering data access, governance, and monitoring in the implementation of Zero Trust. - PLAY @31:23
- Andrea, Jason, Rajesh, Josh, Joseph, and others discussed their experiences and challenges in implementing Zero Trust architecture in various organizations. They shared insights on mapping maturity models, addressing acquisitions, and the importance of not just relying on specific tools but also focusing on architecture and behavior changes. - PLAY @41:06
- Joseph, Jason, Rajesh, Andrea, Josh, and Saif had a discussion about the challenges they faced with the influx of new tools and technical debt due to a change in leadership. They also talked about their methods for assessments, including workshops, and the importance of documenting their findings to create a living strategy for the organization. - PLAY @51:00
------------------------------
Jason Garbis, CISSP
Co-Chair, Zero Trust Working Group
Principal, Numberline Security
Author: Zero Trust Security: An Enterprise Guide
------------------------------