1
00:00:00,000 --> 00:00:06,000
Today, let's see, Andres, June 26th. Welcome everybody to the Security in 45 show.

2
00:00:06,960 --> 00:00:12,640
Andres, summer has started. Kids home from school. It's super hot here in North Carolina.

3
00:00:13,360 --> 00:00:17,440
I know that's going to make you laugh a little bit there. I know my North Carolina temperatures

4
00:00:17,440 --> 00:00:23,040
are like winter for you Florida people. But I hope everyone's having a terrific week.

5
00:00:23,040 --> 00:00:26,080
And today we're going to have a great conversation on Zero Trust.

6
00:00:26,080 --> 00:00:31,920
Zero Trust, a topic everybody certainly needs even if they don't realize it.

7
00:00:34,480 --> 00:00:41,520
Exactly. Yeah. And it's interesting because we hear a lot about Zero Trust every day. We hear,

8
00:00:43,120 --> 00:00:50,000
you know, what is Zero Trust? What does it do? Is it a framework? Is it a deployment? Is it

9
00:00:50,000 --> 00:00:53,520
something that we say, for example, a lot of components, things that, you know,

10
00:00:53,520 --> 00:00:58,320
we have already in an environment and the reality is that Zero Trust is not a product.

11
00:00:58,320 --> 00:01:06,000
And we'll talk about that today. I know Mike, we were talking about it earlier. We're super excited

12
00:01:06,000 --> 00:01:13,360
to have two super rock stars guests in our show today. And let me introduce you to them. We have

13
00:01:13,360 --> 00:01:18,480
Stephanie and then we also have Neil. And I would like to give them some time just to make sure

14
00:01:18,480 --> 00:01:23,680
they introduce themselves and we get to know them a lot more. I'll give it to you, Stephanie.

15
00:01:24,400 --> 00:01:33,200
Thank you. Well, I'm Steph. I am a TSS security engineer specializing in security. I work in Cisco.

16
00:01:33,200 --> 00:01:38,560
Not as many years as all these guys over here, but I've been here my fair share of years.

17
00:01:38,560 --> 00:01:46,640
I'm based in Mexico City and I'm happy to help answer any questions that you may have.

18
00:01:49,280 --> 00:01:52,720
My name is Neil Lovering. I've been with Cisco for a little more than 20 years.

19
00:01:53,280 --> 00:01:57,760
I've been doing this networking thing for probably three decades or so since I

20
00:01:57,760 --> 00:02:03,920
got out of the military. I had a CCIE for almost all of that 30 years out there and

21
00:02:03,920 --> 00:02:11,920
just happy to be here and have fun. Thanks. That's awesome. Steph and Neil, I'm really

22
00:02:11,920 --> 00:02:16,080
looking forward to this conversation with you. Neil, you've got such a wealth of experience

23
00:02:16,080 --> 00:02:20,720
and you're a constant learner. I think it says a lot when we were talking earlier and I pointed

24
00:02:20,720 --> 00:02:30,320
out your CCIE number 1772 and you still continue to get certified. And I made a joke about, hey,

25
00:02:30,320 --> 00:02:36,160
are you using your grandfathered in at that point? You said, no, I would call that quitting. I remain

26
00:02:36,160 --> 00:02:40,960
certified. So I think that says a lot. And Steph, you've got a really interesting background in

27
00:02:40,960 --> 00:02:45,520
software engineering. We're real similar with that. I know that's how you got into Cisco

28
00:02:45,520 --> 00:02:52,320
originally. So both of you just have great perspectives for today's topic on zero trust.

29
00:02:53,120 --> 00:02:59,280
Let's just jump right into it. Zero trust is probably something that a lot of people have

30
00:02:59,280 --> 00:03:05,120
heard of and some people are on that zero trust journey. Neil, for you to start off the first

31
00:03:05,120 --> 00:03:10,960
question, I'll throw it your way. Where does the zero trust terminology come from? Why was this

32
00:03:10,960 --> 00:03:18,080
term even invented? Why was it invented? It's hard to do why questions. I've tried to avoid those for

33
00:03:18,080 --> 00:03:23,920
most of my life out there. But really the concept of zero trust came out a little bit more than 20

34
00:03:23,920 --> 00:03:31,200
years ago, actually. They kind of started that kind of as a way of trying to define a better or

35
00:03:31,200 --> 00:03:37,200
closer concept of security, kind of saying that individual users or devices or users with their

36
00:03:37,200 --> 00:03:43,040
devices should only have access to the applications or the resources that they need to. And everything

37
00:03:43,040 --> 00:03:49,360
else is kind of a deny all policy. And we've, you know, security folks have tried to build

38
00:03:49,360 --> 00:03:54,320
worlds like that where you only have permit lists. And of course, those are usually met with catastrophic

39
00:03:54,320 --> 00:03:58,480
failures because you have no idea what the world is going to offer up or where you need to go in

40
00:03:58,480 --> 00:04:04,960
today's world out there. So those definitions have evolved and merged and grown over the years too.

41
00:04:05,680 --> 00:04:09,200
And we point that out with lots of different sessions at Cisco Live and stuff if you have

42
00:04:09,200 --> 00:04:13,680
ever a chance to go. But it's important to understand that vendors themselves should never

43
00:04:13,680 --> 00:04:19,360
be the ones who dictate to anyone out there, this is what zero trust is. Vendors are their participants.

44
00:04:19,360 --> 00:04:24,480
They bring the products, the capabilities, the engineering aspects to helping you achieve those

45
00:04:24,480 --> 00:04:29,360
zero trust goals. But zero trust is an industry concept out there. It's really important to

46
00:04:29,360 --> 00:04:36,880
remember, I think. That's so true. I think that's something people forget is that it's not one

47
00:04:36,880 --> 00:04:44,000
vendor that created it. It is an industry and each company is going to approach it in a different manner there.

48
00:04:45,600 --> 00:04:52,480
Yeah. And the other thing is that you see a lot of, and I love this show already because

49
00:04:52,480 --> 00:05:00,240
we're not just biased over one technology or one vendor, things like that. This is like a general

50
00:05:00,240 --> 00:05:06,000
thing, right? We have many different things. We have many different definitions of zero trust,

51
00:05:06,000 --> 00:05:12,960
many companies already have their own version of that. And just the main idea is just to try to get

52
00:05:12,960 --> 00:05:19,760
into a common place where we can say, hey, this is a good starting point. So this is already

53
00:05:20,400 --> 00:05:28,000
really good. So I was just going to say, and it's named correctly, like of all the confusing

54
00:05:28,000 --> 00:05:32,480
terminology we use, this is something that's actually named correctly. I'm giving you zero

55
00:05:32,480 --> 00:05:38,960
trust until you can prove otherwise to get onto the network. Which itself is kind of a challenge

56
00:05:38,960 --> 00:05:43,040
if you think about it. Mike, if you and I have absolutely zero trust and there's nothing we can

57
00:05:43,040 --> 00:05:47,600
do to ever become friends or to get at least a little bit of knowledge or insight or the ability

58
00:05:47,600 --> 00:05:52,960
to grow a friendship. So there has to be a little bit of give or take when you start that process of

59
00:05:52,960 --> 00:05:58,400
introduction to then take that relationship and flourish it. And that's exactly what zero trust is.

60
00:05:58,400 --> 00:06:05,120
Maybe there's a growth of over time you get better and more access because what we know about you

61
00:06:05,120 --> 00:06:10,720
and your device is actually improving. Or that could change in a heartbeat too. Very good point.

62
00:06:10,720 --> 00:06:15,600
Very good point. Yeah. And in terms of changing in a heartbeat, yeah, we talk about zero trust being

63
00:06:17,040 --> 00:06:22,000
like you can have a retrospective alert or something like that where you could maybe have

64
00:06:22,000 --> 00:06:30,000
your trust revoked or diminished in a way as well. So you're a call out. Yeah. Yeah. Yeah. So many

65
00:06:30,000 --> 00:06:37,040
different ways of ramifications in the zero trust. So I'm excited about this. And Steph, I do have

66
00:06:37,040 --> 00:06:46,160
the next question for you. Just if you don't mind, just name like an everyday example, zero trust and

67
00:06:46,160 --> 00:06:53,920
what is not, what it is and anything that you can tell us about it. Yeah. Well, everyone enforces a

68
00:06:53,920 --> 00:06:59,840
certain level of zero trust in their day to day life. Even if we don't notice it, we are doing it.

69
00:07:01,120 --> 00:07:08,400
For example, almost everyone here surely has some sort of social media. So when you go online and

70
00:07:08,400 --> 00:07:15,200
you configure your social media accounts, when you accept a friend, you are giving them access to the

71
00:07:15,200 --> 00:07:22,800
things you post, the things you think. So you can start giving them access. But even in your social

72
00:07:22,800 --> 00:07:28,400
media, you can start configuring. So only your closer friends can have access to very specific

73
00:07:28,400 --> 00:07:33,440
posts that you make or very specific things that you say. So you can start giving these granular

74
00:07:33,440 --> 00:07:40,640
access to different levels of yourself that you have posted in social media. Now, we talked before

75
00:07:40,640 --> 00:07:46,160
that all of you here are parents, all of you are dads. So another good example here is the parental

76
00:07:46,160 --> 00:07:52,240
controls that you can have in your devices at home. You don't want your kids to access every single

77
00:07:52,240 --> 00:07:58,720
site online because not everything is age appropriate. So you have these controls so your kids are safe

78
00:07:58,720 --> 00:08:04,720
online. And you can even say, okay, you are allowed to go to these videos on YouTube, you're allowed

79
00:08:04,720 --> 00:08:11,120
to go to these games, and that's it. Because not everything online is safe. So you can give this

80
00:08:11,120 --> 00:08:14,800
different level of access and different level of controls to your kids.

81
00:08:17,280 --> 00:08:23,200
That's a really good analogy. I actually have a lot of fun blocking stuff here at my house with my kids.

82
00:08:25,520 --> 00:08:29,680
I don't know, you guys... It's funny too that the example that Steph gave, it's little things like

83
00:08:29,680 --> 00:08:33,760
that in life that we might already be doing and not really thinking about applying to something

84
00:08:33,760 --> 00:08:38,560
as geeky as like a zero trust. And then when you actually go to work and you start doing zero trust,

85
00:08:38,560 --> 00:08:42,560
you can't figure out where to start or what to do. You're already kind of doing that. It's just a

86
00:08:42,560 --> 00:08:47,920
mentality or a focus point or an individual concept. And that's exactly what Steph was

87
00:08:47,920 --> 00:08:56,640
talking about there with friends and family. It's like a fundamental thing, like getting to know

88
00:08:56,640 --> 00:09:02,640
somebody, sharing some information about, in this case with the social media example,

89
00:09:02,640 --> 00:09:09,920
it's absolutely true. I never thought about this. Yeah, we are all doing it in some way or another

90
00:09:09,920 --> 00:09:19,600
with maybe just as part of common sense throughout our daily lives. So that was a great example. I

91
00:09:19,600 --> 00:09:25,920
like that one because it kind of relates Steph to everyday things that we're all doing. Neil, what

92
00:09:25,920 --> 00:09:33,360
about... Same question for you, an example of zero trust, but this time being related to the nerdy

93
00:09:33,360 --> 00:09:40,960
aspect of it in our industry and kind of the security networking industry. Any common examples

94
00:09:40,960 --> 00:09:48,240
or use cases of zero trust that we may find out there in the industry? We kind of see it happening

95
00:09:48,240 --> 00:09:53,600
a lot in today's world if you think about it. You might actually trip across it just when you access

96
00:09:53,600 --> 00:09:59,600
your bank account information. As annoying as it might sound, you get some multi-factor or your

97
00:09:59,600 --> 00:10:04,720
phone goes off or you have to check an email and type in a code or something like that. So that's

98
00:10:04,720 --> 00:10:12,320
kind of a concept of, if not an absolute application of zero trust. So again, it's you and your device

99
00:10:12,320 --> 00:10:18,000
or maybe specifically more you and you happen to have a device accessing one particular application.

100
00:10:18,000 --> 00:10:22,480
Obviously it doesn't give you access to the entire banking industry. It doesn't give you access to

101
00:10:22,480 --> 00:10:27,040
online shopping lists. It doesn't give you access to free movies or downloads. It's the banking

102
00:10:27,040 --> 00:10:32,480
activity, that one thing. So I think that's a really interesting example. And there's multiples

103
00:10:32,480 --> 00:10:37,440
of those in today's world out there. In your networking environment, folks might set up an

104
00:10:37,440 --> 00:10:41,760
example of when I want to log into a server or something, there's only a defined list of people

105
00:10:41,760 --> 00:10:48,800
who are allowed access to this. That's kind of zero trusty in a way that Mike and Neil can get

106
00:10:48,800 --> 00:10:53,280
there, but Andres can't. But Andres has access to the super awesome server out there that no one

107
00:10:53,280 --> 00:10:59,520
else can get into. So is that zero trust? Maybe, maybe not. It just depends on how you look at the

108
00:10:59,520 --> 00:11:06,160
definitions of that. But again, if you're providing individual control or access methods to something

109
00:11:06,160 --> 00:11:11,040
that exists out there, that's kind of zero trust by all of the basic definitions out there. Some

110
00:11:11,040 --> 00:11:15,360
vendors, again, might not have a solution unless they don't consider it that. But remember, vendors

111
00:11:15,360 --> 00:11:23,280
are not making the definitions here. That idea, and it's important for the segmentation because

112
00:11:23,280 --> 00:11:29,600
yeah, with that example between Andres and I with access to different, Andres has an example to

113
00:11:29,600 --> 00:11:36,400
maybe one part of a server that I don't. If my part does get compromised, it's not going to

114
00:11:36,400 --> 00:11:43,680
essentially, or it might not affect his part as much. And it certainly is a good way to

115
00:11:43,680 --> 00:11:49,760
separate the roles. I can still log in just enough to do my job. I don't really need access to

116
00:11:49,760 --> 00:11:55,840
Andres part of the server to do my job. And that's really limiting a lot of risk right there.

117
00:11:58,400 --> 00:12:05,840
Yeah. And that's another thing that I believe it helps a lot with understanding

118
00:12:05,840 --> 00:12:14,560
what the whole zero trust idea is. I know from the industry here, things, let's say for example,

119
00:12:15,520 --> 00:12:22,000
zero trust network access or application access or other things that they mention. And

120
00:12:22,800 --> 00:12:31,520
it just makes, that segmentation is also part of it. And I think it takes us to a really good place

121
00:12:31,520 --> 00:12:36,560
or that common place that I was talking about earlier on the zero trust. So pretty cool.

122
00:12:36,560 --> 00:12:41,120
You bring out some interesting points there too, Andres, the concept of zero trust network access

123
00:12:41,120 --> 00:12:46,240
or zero trust application access. I think some people don't have enough time on their hands or

124
00:12:46,240 --> 00:12:49,840
too much time on their hands. They keep coming with more and more acronyms for our lives out

125
00:12:49,840 --> 00:12:55,120
there, but it's kind of also showing us that the concept of zero trust can be applied to various

126
00:12:55,120 --> 00:13:00,640
things and zero trust can have controls at multiple places out there. It's not just the user

127
00:13:00,640 --> 00:13:05,600
and the endpoint and the iPhone in your hand and the application in the cloud. If you have access

128
00:13:05,600 --> 00:13:10,960
to and your environment has a network, then use the network that can give you controls and visibility

129
00:13:10,960 --> 00:13:16,640
and segmentation if you want. So there's all kinds of things that can help you reach those targets of

130
00:13:16,640 --> 00:13:20,960
what zero trust is in your definition or the protection profiles that you really want.

131
00:13:23,120 --> 00:13:28,640
Imagine the larger a company grows and the larger the threat landscape gets,

132
00:13:28,640 --> 00:13:31,840
the more important zero trust essentially becomes because you've got all these different

133
00:13:31,840 --> 00:13:37,360
avenues of potential attack there. I will be curious.

134
00:13:37,360 --> 00:13:43,920
Sorry, Mike. You see that now with our customers moving to Amazon Web Services and they need to

135
00:13:43,920 --> 00:13:48,080
extend their policies there as well. It's a growing beast.

136
00:13:48,080 --> 00:13:54,560
Yeah, I will be. And I do have a question that I'll ask one of you later about best way to maybe

137
00:13:54,560 --> 00:13:59,040
get started on something like that. I mean, that seems like a massive undertaking. So I will be

138
00:13:59,040 --> 00:14:03,920
curious your thoughts. Maybe if we have some time for that, I'll be curious where you would start

139
00:14:03,920 --> 00:14:11,840
on a huge project like that. Yeah, we'll get to that one for sure. And actually, I do have the

140
00:14:11,840 --> 00:14:20,640
next question for you, Steph. And this one is more oriented to the technology, the way that we

141
00:14:20,640 --> 00:14:28,000
implemented things that you know, for example, what are the tools that we can leverage to start

142
00:14:28,000 --> 00:14:34,640
implementing something like Zero Trust today? You will hear this a lot today, but Zero Trust is

143
00:14:34,640 --> 00:14:43,840
it's a journey. So starting to adopt technologies and tools. Well, it could be challenging at the

144
00:14:43,840 --> 00:14:52,080
beginning, but we need to start somewhere. I've seen with my clients that what they need the most

145
00:14:52,080 --> 00:14:59,200
at the beginning, it's an MFA. We cannot rely only on users and password anymore. This is very risky

146
00:14:59,200 --> 00:15:05,840
nowadays. We have malware actors that have so many techniques to be able to break a password

147
00:15:05,840 --> 00:15:12,320
that relying only on them. Well, it's just not the best route anymore. And well, our users don't

148
00:15:12,320 --> 00:15:18,240
help either. We have users that leave their password in post-its that they just save it in

149
00:15:18,240 --> 00:15:24,240
the notes of their phones. This is just not very safe. And nowadays, it's very common that we have

150
00:15:24,240 --> 00:15:31,280
password administrators that last pass and they have their own level of risk themselves. So we

151
00:15:31,280 --> 00:15:38,560
cannot just rely on this to be able to give them access to our sensitive information. We need more.

152
00:15:38,560 --> 00:15:44,960
We need more layers. So with this extra layer with an MFA, we can be at least more certain that this

153
00:15:44,960 --> 00:15:52,080
user is who they say they are. Another basic step that we can take on this journey is a basic one,

154
00:15:52,080 --> 00:15:58,960
is having endpoint protection. Your security products may fail. Your firewall may not look at

155
00:15:58,960 --> 00:16:04,800
that malicious file. And well, having this last line of defense is always great for having

156
00:16:04,800 --> 00:16:11,600
protection on your endpoints. And well, again, a very essential pillar in your security journey.

157
00:16:12,480 --> 00:16:18,800
And as you said, as you guys said, the segmentation is essential. We need to start

158
00:16:18,800 --> 00:16:25,600
limiting access to all of our resources, to all of our users. Maybe if you ask your questions to

159
00:16:25,600 --> 00:16:33,120
yourself, like, am I going to allow these random users to access these finance documents that have

160
00:16:33,120 --> 00:16:40,240
very sensitive information from their personal iPad? Maybe not. Maybe they don't need access to

161
00:16:40,240 --> 00:16:47,360
that. Maybe if they are accessing from a corporate device that has the antivirus in place, that has

162
00:16:47,360 --> 00:16:54,240
the adequate operating system that has less vulnerabilities, maybe then if I implement my

163
00:16:54,240 --> 00:17:00,640
DLP engine and I know if this user is trying to send this sensitive finance document through their

164
00:17:00,640 --> 00:17:07,280
personal Gmail account, maybe with those layers and layers of protection, maybe then I can give

165
00:17:07,280 --> 00:17:15,040
them access to these very sensitive documents. But yeah, it's beyond checking if my user is saying

166
00:17:15,040 --> 00:17:20,880
who they say they are, is checking credentials, is checking if they are using the correct device

167
00:17:20,880 --> 00:17:24,160
and if they actually have access to that very specific resource.

168
00:17:24,160 --> 00:17:33,040
You actually bring a really good point on the segmentation and the category. For example,

169
00:17:33,040 --> 00:17:41,120
this finance file or server or anything. I think it's something that gets overlooked

170
00:17:41,120 --> 00:17:47,600
most of the cases is just make sure that you categorize your data, sensitive data,

171
00:17:47,600 --> 00:17:53,120
what's critical, what's not and things like that. So I think that brings up a really good point on

172
00:17:53,120 --> 00:17:59,040
that. It's great Steph too, you pointed out there's layers of security here. That concept's been

173
00:17:59,040 --> 00:18:06,480
around for a while. DoD in the US had defense in depth forever out there. Jokingly, UGERS

174
00:18:06,480 --> 00:18:11,680
are filled with layers, so said Shrek out there, but the multiple concepts of overlapping

175
00:18:11,680 --> 00:18:16,960
technologies and capabilities is what really is going to drive our security solutions today.

176
00:18:18,640 --> 00:18:25,680
Yeah, without a doubt. Steph, I like the aspect you mentioned, which was the device itself,

177
00:18:25,680 --> 00:18:30,880
because I don't know, do you guys feel like a lot of times that gets overlooked? I see

178
00:18:30,880 --> 00:18:37,200
a lot of emphasis on doing, they'll get that MFA check in place and yeah, you are the correct user,

179
00:18:37,200 --> 00:18:42,480
but then we forget some of the basics about the device you're on. Yeah, great. You are absolutely

180
00:18:42,480 --> 00:18:49,120
the trusted user that we want to have on the network, but you're on an infected BYOD device,

181
00:18:49,120 --> 00:18:57,840
for example. So I think that's a huge component. All right, so this was a big one for me, this next

182
00:18:57,840 --> 00:19:07,120
question, Neil, because where do you start and kind of, you know, what's the best way to start

183
00:19:07,120 --> 00:19:11,920
and is there a recommended approach? If I'm listening in on this conversation we're having

184
00:19:11,920 --> 00:19:17,360
right now and, you know, hey, this is something I need to get a grip on and my manager wants me to

185
00:19:17,360 --> 00:19:24,800
start designing a zero trust implementation for our company, any recommended advice you have based on

186
00:19:24,800 --> 00:19:29,600
what you've seen out there in terms of where to start? That's a great question because it's a

187
00:19:29,600 --> 00:19:34,960
difficult process to say that there's a one size fits all here. Steph threw out some great examples

188
00:19:34,960 --> 00:19:41,040
of some of the technologies that are almost necessary or seem to be represented in parallel

189
00:19:41,040 --> 00:19:45,120
with zero trust and multi-factor authentication, for example. That might be a quick win. It's not

190
00:19:45,120 --> 00:19:50,240
too difficult to get that up and running. Cisco had it rolled out across their entire global network

191
00:19:50,240 --> 00:19:55,840
in a matter of weeks for the most part. So, you know, maybe it's because Cisco is full of a bunch

192
00:19:55,840 --> 00:20:01,600
of smart people too, but that concept is something that could be actually adopted and consumed quite

193
00:20:01,600 --> 00:20:07,520
well. Using that other thing out there, maybe from your perspective as someone who needs to roll out

194
00:20:07,520 --> 00:20:12,080
zero trust or get an understanding of it, do you have any pain points right now? Do you have any

195
00:20:12,080 --> 00:20:17,120
problems? You know, look at that as a place to implement some tools or have some conversations

196
00:20:17,120 --> 00:20:21,920
around. Oftentimes, too, zero trust is probably going to involve just more than you, the security

197
00:20:21,920 --> 00:20:26,480
person. It might involve the switching folks, the wireless folks, the AD folks, the cloud folks.

198
00:20:26,480 --> 00:20:32,000
Do you have conversations with these guys? If not, why? Why not? You know, have a cup of coffee,

199
00:20:32,000 --> 00:20:37,760
get some conversations going because when you start implementing these corporate-wide, these

200
00:20:38,880 --> 00:20:44,960
campus-wide, these customer-wide security enablement technologies out there, it's going to

201
00:20:44,960 --> 00:20:49,920
touch a lot of folks, not just your desk or your security team out there. So, I think the biggest

202
00:20:49,920 --> 00:20:54,000
thing out there, again, if you want some quick wins, you can easily do that. Find where it hurts

203
00:20:54,000 --> 00:20:58,560
right now or what's being pushed down upon you and do that. But in the longer run out there,

204
00:20:59,120 --> 00:21:02,640
you know, build some friendships, get some coordinations going, and you could be the jack

205
00:21:02,640 --> 00:21:06,080
of all trades, figure out what you're going to do today as far as taking small little bite-sized

206
00:21:06,080 --> 00:21:12,160
pieces off that elephant. That's a really good point. Yeah, because if you're designing something

207
00:21:12,160 --> 00:21:18,160
on that larger scope, that's a great point about communicating and making those friendships with

208
00:21:18,160 --> 00:21:21,920
other people in your organization because they might be seeing, you mentioned pain points, they

209
00:21:21,920 --> 00:21:27,200
might be having pain points that maybe I have not had. So, what are those pain points? And maybe

210
00:21:27,200 --> 00:21:32,080
that would be a great way to start the journey. It's just, hey, let's get back a bunch of time

211
00:21:32,080 --> 00:21:36,720
savings because this one particular event keeps happening and maybe some basic segmentation is

212
00:21:36,720 --> 00:21:44,400
where to start. I like that. I think it will vary from client to client. If we talk to a small

213
00:21:44,400 --> 00:21:49,680
company, there is one guy who is a network guy, a security guy, an AD guy. So, he's having

214
00:21:49,680 --> 00:21:57,200
conversations with himself. So, yeah, I don't think there's a blueprint for every single customer we

215
00:21:57,200 --> 00:22:04,480
have, but yeah, start somewhere and start making a plan for your security journey, of course.

216
00:22:05,200 --> 00:22:09,200
That's a good point, Steph, is do something. Don't sit around waiting until you have the complete

217
00:22:09,200 --> 00:22:13,520
plan because if you take that approach, you're never going to start. You're never going to have

218
00:22:13,520 --> 00:22:16,800
the full plan and there's always things that are going to change out there. Do something.

219
00:22:16,800 --> 00:22:21,360
You're flying an airplane. You can't go from here. I'm in Herndon, Virginia, to Los Angeles on a

220
00:22:21,360 --> 00:22:24,880
straight line. The plane is going to duck and dodge and go up and down all over the place because

221
00:22:24,880 --> 00:22:30,400
that's just what it does. It's making your life easy as a passenger out there. Do something.

222
00:22:30,400 --> 00:22:32,640
Start somewhere. Never stop.

223
00:22:34,080 --> 00:22:40,640
Yeah, and another thing that I'm thinking of that also applies on where to get started is,

224
00:22:40,640 --> 00:22:48,000
again, identifying what are the things that we're securing. That is, I think, one of the

225
00:22:49,680 --> 00:22:56,960
biggest starting points for Zero Trust. Where do we start applying those security controls?

226
00:22:56,960 --> 00:23:02,080
And that makes a lot of sense, I guess. Kind of identifying the important assets

227
00:23:02,080 --> 00:23:06,720
and getting the inventory part of it. Yeah, the visibility, right? That

228
00:23:06,720 --> 00:23:13,040
and I heard this one a lot over the time. You cannot secure what you cannot see. I don't know

229
00:23:13,040 --> 00:23:20,960
if you guys have heard that one and it's on point now that I see where can everybody can get started.

230
00:23:20,960 --> 00:23:29,280
That's good. All right, all right. So you guys are making this too easy.

231
00:23:29,280 --> 00:23:35,760
You know what's funny? We've only on this topic, we've only mentioned where we work with Cisco

232
00:23:35,760 --> 00:23:44,240
like two times. So that shows you that this is and then a vendor agnostic concept, as Neil mentioned

233
00:23:44,240 --> 00:23:51,680
on the very first question. So pretty cool. Yeah, yeah. It makes a lot of sense like this.

234
00:23:51,680 --> 00:24:00,400
I want to and Steph, I think the next question is going to be for you. And let me see my notes here.

235
00:24:00,400 --> 00:24:10,640
Hopefully I don't lose this one. Yes. So we have heard like I know I've delivered for a lot of my

236
00:24:10,640 --> 00:24:17,280
customers Zero Trust workshops inside here in the US. And I've heard that there's a lot of

237
00:24:17,280 --> 00:24:23,760
for a lot of my customers Zero Trust workshops inside here in Cisco. One of the things that

238
00:24:23,760 --> 00:24:30,400
we talk about is frustrate the attackers, not the users. So if you don't mind talking a little bit

239
00:24:30,400 --> 00:24:36,800
about that high productivity versus the strong security paradigm, that'll be good to hear.

240
00:24:37,520 --> 00:24:43,680
Yeah, well, I think we need balance, balance between security and usability. For example,

241
00:24:43,680 --> 00:24:48,960
if we talk again about the MFA, when we are implementing the second factor,

242
00:24:50,720 --> 00:24:55,920
we recommend of course, choosing a method that it doesn't have like a big learning

243
00:24:55,920 --> 00:25:01,840
cure for our users, maybe choose something they already know how to use. It could be for example,

244
00:25:02,560 --> 00:25:07,440
biometrics, they already know how to use the fingerprints for accessing their phone,

245
00:25:07,440 --> 00:25:12,000
maybe their laptops. If you choose that method that they already know how to use,

246
00:25:12,000 --> 00:25:19,840
it won't be as annoying as find your hardware token and use it. Or let's send a code through

247
00:25:19,840 --> 00:25:26,080
your mask to your phone and you type the message and now you can access. So if we can make this

248
00:25:26,080 --> 00:25:31,760
easier for our users, this can help them a lot with these new tasks that they now have to do

249
00:25:31,760 --> 00:25:38,960
every day. We can also implement technology that is hidden. They don't really know we are there

250
00:25:38,960 --> 00:25:44,400
checking their posture because this is a hidden agent that we have, but we are checking it. We

251
00:25:44,400 --> 00:25:49,120
know you're using that you have the antivirus running. We know you don't know that we know,

252
00:25:49,120 --> 00:25:58,880
but we know. We can implement, for example, an RBI with our executives. Executives are known for

253
00:25:58,880 --> 00:26:04,480
not wanting, for wanting to be able to access every single site that they want. They don't want

254
00:26:04,480 --> 00:26:10,800
to be blocked. They are executives and they want to access everything. So with this technology,

255
00:26:10,800 --> 00:26:16,640
we are able to say, OK, go wherever you want, but in a safe way because they are not. They are going

256
00:26:16,640 --> 00:26:22,560
to the site for them is the same experience, but it's not really the same site. This is rendered

257
00:26:22,560 --> 00:26:29,840
image of the site. So this kind of technology is very user friendly for them is the same experience

258
00:26:29,840 --> 00:26:35,920
as before, but now you can sleep at night knowing that they are protected. And well, another thing

259
00:26:35,920 --> 00:26:41,120
I can think about is consistency. If we can provide these consistency, whether they are in

260
00:26:41,120 --> 00:26:46,800
the office or at home and they don't have to guess if they can access the application using the VPN

261
00:26:46,800 --> 00:26:53,680
or not or from their personal device or not, this can help a lot our users to have these same

262
00:26:53,680 --> 00:27:02,240
experience every single time. That use case that you mentioned about the executives wanting to

263
00:27:02,240 --> 00:27:09,120
bypass the security so spot on. I'm pretty sure that it's resonating with a lot of the people

264
00:27:09,120 --> 00:27:16,160
that it's on this call just because it is so true. Like, I don't know how many times when I used to

265
00:27:16,160 --> 00:27:23,280
be in operations some time ago, I remember hearing this like, yeah, you guys are implementing security

266
00:27:23,280 --> 00:27:29,120
and things like this, but you know, I cannot access my X1C website. So yeah.

267
00:27:30,720 --> 00:27:36,960
I like the consistency part is nice. Like having a consistent way is the user where when I log in,

268
00:27:36,960 --> 00:27:42,720
it's the same way every time. And we think about like single sign on, for example, when I authenticate

269
00:27:42,720 --> 00:27:48,480
into the network, I do it one time and it's always the same. And I don't need to remember, I need to

270
00:27:48,480 --> 00:27:53,920
authenticate in this particular way for this particular application. I like the hidden part

271
00:27:53,920 --> 00:27:58,880
of that stuff because yeah, it's great. If I can have my, we were talking about scanning the device

272
00:27:58,880 --> 00:28:03,520
earlier, if I can do all that, I don't need to manually worry about any of that or even be aware

273
00:28:03,520 --> 00:28:12,160
it's coming on. I heard this analogy, it was here from someone in Cisco about, you know, you

274
00:28:12,160 --> 00:28:16,800
shouldn't have to understand like the piping to get to where you want to go in the network.

275
00:28:16,800 --> 00:28:21,760
You know, there's all these pipes connecting everything. And I, as the user, shouldn't really

276
00:28:21,760 --> 00:28:28,560
have to know or understand that or be aware of that. But through like proper segmentation,

277
00:28:29,440 --> 00:28:36,880
it's really nice to frustrate an attacker who would have to figure that out or have to start

278
00:28:36,880 --> 00:28:42,880
thinking about, oh, they have this company has really good segmented role-based access. And

279
00:28:42,880 --> 00:28:49,840
I have compromised an account and I'm in a small little area, the small little segment, but they've

280
00:28:49,840 --> 00:28:56,160
made it very difficult for me to get outside of the segment. So very difficult for the attacker,

281
00:28:56,160 --> 00:28:59,440
but very easy for the user who's just wanting to do their job there.

282
00:29:01,440 --> 00:29:05,440
Segmentation is an interesting term that Mike do because it's not the packets that you have to

283
00:29:05,440 --> 00:29:09,040
worry about as the people who originate those packets and the targets that they're eventually

284
00:29:09,040 --> 00:29:15,600
trying to get to. So if the network or the access is setting up those channels or those swim lanes,

285
00:29:15,600 --> 00:29:22,560
then you're destined to not be able to get to where you need to go or not execute the protocol

286
00:29:22,560 --> 00:29:27,520
of the port when you eventually hit that destination that you are allowed to at least reach.

287
00:29:27,520 --> 00:29:31,280
You can knock on the door, but you can't go through the door, so to speak, or have an analogy from

288
00:29:31,280 --> 00:29:37,920
that perspective. So all that falls into that concept of segregation or separation or segmentation,

289
00:29:37,920 --> 00:29:44,080
whatever term you prefer across there. And that would certainly help that concept of thwarting

290
00:29:44,080 --> 00:29:47,600
or frustrating those attackers. They get into the network, but they can always,

291
00:29:47,600 --> 00:29:50,640
they're only allowed to go left. They can never get to the right-hand side of things.

292
00:29:52,000 --> 00:29:58,560
Absolutely. And basic MFA, yeah, that's a frustrating way for an attacker. Great, I've compromised the

293
00:29:58,560 --> 00:30:04,320
username and password, but Steph, you mentioned MFA being a nice way to start if you're not sure

294
00:30:04,320 --> 00:30:09,600
where to start on the journey of zero trust. And that's pretty frustrating to do an attacker,

295
00:30:09,600 --> 00:30:17,680
not being able to log in when you have the username and password. Neil, what do you see where people

296
00:30:17,680 --> 00:30:25,440
mess up zero trust? I've got my plan and I'm doing my plan and it's just not working. Do you see

297
00:30:25,440 --> 00:30:32,960
any common, hey, this is the reason why individuals are kind of messing up their attempt at zero trust?

298
00:30:32,960 --> 00:30:38,160
That's funny you say that. I just thought of one. So this was not part of any of our previous

299
00:30:38,160 --> 00:30:43,280
discussions out there, but when you bring up the concept of MFA, it's absolutely necessary. And

300
00:30:43,280 --> 00:30:48,640
Steph had some great examples or reasons for that. But when you look at zero trust, you have

301
00:30:48,640 --> 00:30:52,960
different pain points, as I suggested before, different topics that you need to address

302
00:30:52,960 --> 00:30:58,000
immediately, but they're not a one and done. You have to think about at what level do I need to do

303
00:30:58,000 --> 00:31:02,480
that? Is it simply because I'm trying to impress somebody or someone said you must do that, check

304
00:31:02,480 --> 00:31:07,200
the box and I'm done, or I need to get it done, I'll do something else and I'll come back, I'll

305
00:31:07,200 --> 00:31:11,520
make it even better. And we're people, we're humans, we like to always make things better out

306
00:31:11,520 --> 00:31:15,680
there. How much better do you need to make it? Do you have to climb to the absolute top of the

307
00:31:15,680 --> 00:31:21,360
mountain, make it the best, most bulletproof system ever? Maybe not, but maybe a little bit

308
00:31:21,360 --> 00:31:27,040
better than ordinary. So the MFA example in this case might be if I have a yes no button on my

309
00:31:27,040 --> 00:31:31,920
phone, okay, I did it, I'm going to click yes. But there's a zillion documented cases out there of

310
00:31:31,920 --> 00:31:36,560
MFA fatigue. People's phones would go off and they'd just click yes. They had no idea where it came

311
00:31:36,560 --> 00:31:42,320
from, but I was told to click yes when it went off, so I just kept clicking yes. And a number of

312
00:31:42,320 --> 00:31:48,080
networks that were compromised because of that are uncountable out there. So now in today's world,

313
00:31:48,080 --> 00:31:54,000
it's not MFA proof, but it's a little bit more unlikely to be tampered with. There's a code that

314
00:31:54,000 --> 00:31:59,200
shows up on the screen and then your phone says here's the code. Well, if you're not the one who

315
00:31:59,200 --> 00:32:03,200
asked for it, you might ask yourself why is my phone telling me to type in a code? And then

316
00:32:03,200 --> 00:32:06,800
there's the, if you're not the one who has the screen in front of you, where would I even type

317
00:32:06,800 --> 00:32:12,640
in this code? So the two will never connect. So at least that's one example. So there's MFA and then

318
00:32:12,640 --> 00:32:17,520
we're climbing the rope a little bit or climbing the stairway to get better MFA. And that's one

319
00:32:17,520 --> 00:32:23,760
tool of how many might exist across here. So that might be an example, Mike, of how one could not so

320
00:32:23,760 --> 00:32:28,400
much mess it up, but you could be better than. It's not just a checkbox for the sake of doing

321
00:32:28,400 --> 00:32:34,960
something. It's making sure you get it right. So Neil, to that point is zero trust something that

322
00:32:34,960 --> 00:32:41,840
we want to continuously examine as time goes by, like our own zero trust policy or is it a set it

323
00:32:41,840 --> 00:32:48,080
and forget it? Sounds like I'd suggest that people hate to hear the concept, but any type of security

324
00:32:48,080 --> 00:32:53,440
solution, whether you want to use the term zero trust with it, or are you just applying an ACL to

325
00:32:53,440 --> 00:32:58,640
a router or a firewall out there? It's something you want to revisit over time because I look

326
00:32:58,640 --> 00:33:02,480
beyond the screen here and I see the outside world that's constantly changing out there. So there's

327
00:33:02,480 --> 00:33:07,440
always new approaches, new vectors, there's new vulnerabilities that happen on the gear that we

328
00:33:07,440 --> 00:33:12,400
use all the time. So you need to adjust for that. And if you're not willing to circle back and think

329
00:33:12,400 --> 00:33:18,000
about that or adjust your security policy or patch the operating systems, upgrade things, buy new

330
00:33:18,000 --> 00:33:23,200
devices, that's all part of that refresh, that circle back aspect of things. Then you're making

331
00:33:23,200 --> 00:33:29,680
yourself more open to attack by not doing that and zero trust kind of calls that out. But that's that

332
00:33:29,680 --> 00:33:35,360
concept's been around forever out there. Yeah, that's a really good point. I mean, you were just

333
00:33:35,360 --> 00:33:41,360
bringing me back to like my tack days when we were having conversations about moving off of like

334
00:33:41,360 --> 00:33:48,240
triple-des into AES for example. It's like if you weren't revisiting that, you'd still be on an

335
00:33:48,240 --> 00:33:55,920
older algorithm that's going to get hacked. So yeah. Even triple-des is getting to that point

336
00:33:55,920 --> 00:34:03,200
of being on the edge and should consider moving forward and elliptical curve or quantum and all

337
00:34:03,200 --> 00:34:09,120
that stuff is coming in today's world, right? So yeah, it doesn't stop. To your point, Neil,

338
00:34:09,680 --> 00:34:14,320
I have heard too many times from customers, especially with email security, if I just set

339
00:34:14,320 --> 00:34:20,960
it up, I can forget about it. No, you cannot just forget about your email security. You have to

340
00:34:20,960 --> 00:34:29,200
continuously feed these products. So yeah, I've heard that a lot. It's called zero trust, not zero

341
00:34:29,200 --> 00:34:41,360
work. I wish for the latter, of course, but yeah, no, it is so true. There's always that constant

342
00:34:41,360 --> 00:34:50,560
improvement and you hear also out there, the attackers are just getting better and the only

343
00:34:50,560 --> 00:34:58,800
need to be right once. And it is a constant battle between defenders and the attackers and making

344
00:34:58,800 --> 00:35:04,560
sure that we get it right. And I know, Neil, I'm going to go over a little bit of what you just

345
00:35:04,560 --> 00:35:12,160
mentioned about just checking those boxes. Yes, I see it happening a lot with financial institutions

346
00:35:12,160 --> 00:35:19,120
that, hey, we need to have network controls, right? Network access control. We need to make

347
00:35:19,120 --> 00:35:26,640
sure that we know and they just buy the solution and don't implement it. So that is maybe another

348
00:35:26,640 --> 00:35:32,640
example of what we see there. Or to your point, Andres, someone buys a firewall because someone

349
00:35:32,640 --> 00:35:37,120
said they need to insecure and then they put a permit any any statement at the bottom. I would

350
00:35:37,120 --> 00:35:42,960
call that a router. I don't care what little sticker on the outside the boxes. Yes, so true.

351
00:35:42,960 --> 00:35:49,680
Very expensive paper. What is it called? Later three gateways what it turns into at that point.

352
00:35:49,680 --> 00:36:01,520
Yes. Oh, boy, I've seen those a lot. Yeah. Awesome. I know we're getting close to,

353
00:36:01,520 --> 00:36:07,120
and I think this is the final question we have. And this one's for you, Steph.

354
00:36:08,400 --> 00:36:16,400
We hear a lot of the technologies. We hear a lot of about zero trust. But and even though

355
00:36:17,120 --> 00:36:23,120
we talked about how to get started, where to get started. But what about, and this one's more

356
00:36:23,120 --> 00:36:30,720
specific to Cisco use cases. What are our customers say, for example, get started, they need help,

357
00:36:30,720 --> 00:36:36,320
they want to see what how we can help them where where we would take them to.

358
00:36:38,000 --> 00:36:45,600
Well, as it said too many times today, security is a journey. It's a never ending process where

359
00:36:45,600 --> 00:36:50,720
when you think you are fully projected, there's a new kind of a title is released into the wild

360
00:36:50,720 --> 00:36:57,440
and you have nothing in place. But if you feel you can be in a better place in regards to your

361
00:36:57,440 --> 00:37:03,600
zero trust journey in your company, a good way to start is reaching us. We can help you develop a

362
00:37:03,600 --> 00:37:10,960
plan. We can help build the correct strategy for you. And if you already have some pieces of the

363
00:37:10,960 --> 00:37:16,640
puzzle already in place, of course, you can contact your accounting and we can help you find some

364
00:37:16,640 --> 00:37:23,440
areas of improvements that you may have. I know one thing that comes to mind is,

365
00:37:23,440 --> 00:37:28,880
yeah, the zero trust workshops, that's a kind of a fun way to learn zero trust.

366
00:37:30,560 --> 00:37:38,320
And then the Cisco blueprints, I think that's kind of a cool way to see little details about areas

367
00:37:38,880 --> 00:37:45,040
that maybe I want to get started in a particular area, a particular pain point or something like

368
00:37:45,040 --> 00:37:50,480
that. So, so I guess that's a question too. Also, Mike, to your point is you can have these

369
00:37:50,480 --> 00:37:56,240
very generic conversations that happen to be and produce these nifty little documents at the end,

370
00:37:56,240 --> 00:37:59,840
or you have a lab environment that maybe you explore something you've never seen before.

371
00:38:00,640 --> 00:38:05,360
And that might open a door that you never even thought about before. You didn't think about

372
00:38:05,360 --> 00:38:10,000
the need for this product or this capability. You never had this picture come back that had a couple

373
00:38:10,000 --> 00:38:13,520
of red dots on it. You thought your life was full of green environments. Everything was great.

374
00:38:13,520 --> 00:38:20,000
So being honest and having these type of conversations can now lead to a more secure

375
00:38:20,000 --> 00:38:24,240
environment. Absolutely. You just have to be willing to have those conversations.

376
00:38:24,960 --> 00:38:30,560
Kind of like the MFA thing that you brought up, Neil, like you might have, people might not be

377
00:38:30,560 --> 00:38:34,880
aware until they see it in a lab that, hey, you can do like a verified push with the codes on the

378
00:38:34,880 --> 00:38:40,480
screen. Like, wow, I didn't know that was an option. So, yes, spurring that conversation and learning.

379
00:38:40,480 --> 00:38:47,680
And I was going to mention some of that too. We, I think, and we'll make sure we put it on

380
00:38:47,680 --> 00:38:55,760
the community posts that we do after the episode, but I'm sure we do have those Zero Trust workshops

381
00:38:55,760 --> 00:39:02,400
and there's a lot more information. There's one that it's very hands-on gear or the software,

382
00:39:02,400 --> 00:39:08,400
and the other one is more like on the planning and the strategy behind it. So that'll be a good

383
00:39:08,400 --> 00:39:15,760
thing to bring up. So we've got a whole lot of people on the call and everyone's dying to hear

384
00:39:15,760 --> 00:39:22,720
like a good dad joke. So now you go, Mike, and that'll burn up our last minute. So,

385
00:39:23,600 --> 00:39:28,800
if we go a little bit over, that'll be okay. I really want to hear what you've got to say,

386
00:39:28,800 --> 00:39:36,320
Neil and Steph on your, tell you what, do you want me to go first? I do want you to go first.

387
00:39:36,320 --> 00:39:42,320
Okay. Well, I was having trouble thinking of a good Zero Trust dad joke, but it did occur to me

388
00:39:42,320 --> 00:39:47,600
that I kind of had something funny happen when I was talking with my two sons who are seven and

389
00:39:47,600 --> 00:39:53,680
eight. And they were like, Hey dad, what's the security 45, you know, about? And I said,

390
00:39:53,680 --> 00:39:58,560
well, we're going to be talking about this thing called Zero Trust. They were like, dad, what is

391
00:39:58,560 --> 00:40:04,640
that? What is Zero Trust? And I said, well, it's kind of like, you know, how dad has, you know,

392
00:40:04,640 --> 00:40:10,800
how dad has the truck and I have to have a driver's license that allows me to drive a vehicle,

393
00:40:10,800 --> 00:40:17,280
but I have to have a key that makes it so I can just drive that specific truck. And they said,

394
00:40:17,280 --> 00:40:21,760
okay, I think I got it. I think I got it. And I said, and you know, if I were to do something

395
00:40:21,760 --> 00:40:28,240
bad, I could get like my ability to drive the truck taken away. And they said, oh, like a

396
00:40:28,240 --> 00:40:33,040
speeding ticket. And I said, yeah, like a speeding ticket. And they go, well, dad, I don't have any

397
00:40:33,040 --> 00:40:37,520
speeding tickets. Can I drive the truck? And I said, well, you guys, you don't have the license

398
00:40:37,520 --> 00:40:44,320
or like the key to get to the truck. So the next morning I woke up and they had like a debt. They

399
00:40:44,320 --> 00:40:50,000
woke me up. They had a key that they made out of cardboard and a little driver's license with a

400
00:40:50,000 --> 00:40:54,880
little picture that they had, you know, created on their own. And they're like, dad, we're good

401
00:40:54,880 --> 00:40:59,360
to go. I don't have any tickets. I got this license. I got this key. And I said, well, guys,

402
00:40:59,360 --> 00:41:06,000
it's got to be from a trusted source, like a DMV. And then I said, you know what, let's just go,

403
00:41:06,000 --> 00:41:08,480
you can sit on my lap and we'll just drive around the block one time.

404
00:41:10,400 --> 00:41:15,120
So I love that way that that actually encompasses everything.

405
00:41:19,280 --> 00:41:25,360
Real real life examples, you know, of zero trust. Steph, why don't you go next? What do you got for

406
00:41:25,360 --> 00:41:34,800
us? Well, of course I can go. It just can go better from here. It's a very bad joke, but you know,

407
00:41:34,800 --> 00:41:40,400
I found it online. Why don't the zero trust policies make friends easily?

408
00:41:42,240 --> 00:41:49,680
Zero trust policies make friends easily. Because they don't trust anyone, not even for a bite.

409
00:41:51,760 --> 00:41:55,120
That's what we were talking about. There's got to at least be a little trust to get

410
00:41:55,120 --> 00:42:02,240
to get somewhere. OK, I like it. I'll admit I'll fail on the joke part. I'm not a big joke person.

411
00:42:02,240 --> 00:42:07,040
I haven't had kids like you do, Mike. You're still lucky to have kids at home. Mine are grown.

412
00:42:07,040 --> 00:42:12,080
My youngest is twenty seven. So I haven't thought of dad jokes for quite some time out there.

413
00:42:12,080 --> 00:42:17,680
So I try to have fun all the time and make jokes about everything in life. But to carry a joke on

414
00:42:17,680 --> 00:42:23,520
is a hard thing for me to do. Understood. It is. Yes, it is. That's why I couldn't even think of

415
00:42:23,520 --> 00:42:29,840
one. And I was just like, you know, yours is more of a live example, which is exactly it actually.

416
00:42:29,840 --> 00:42:38,160
So I liked it. Exactly. Yeah, there's no topping off that one. I do have a very silly one in this

417
00:42:38,800 --> 00:42:43,760
way. All of them are terrible. But but yeah, this one is good, I think.

418
00:42:45,120 --> 00:42:48,240
How does zero trust order coffee? You guys know?

419
00:42:48,240 --> 00:42:57,760
Oh, it's like with like creamer that has like zero percent fat or something.

420
00:42:57,760 --> 00:43:01,360
No, it is here. I don't trust anyone. I'll bro myself.

421
00:43:04,880 --> 00:43:11,920
Very nice. Very nice. So I must be a zero trust coffee person then. So there you go. There you go.

422
00:43:11,920 --> 00:43:18,240
Well, this has been so much fun. I would love to hear, Neal and Steph, if you have any closing

423
00:43:18,240 --> 00:43:22,240
thoughts about today's conversation. Steph, I'll kick it over to you first.

424
00:43:23,360 --> 00:43:30,880
Yeah, just keep in mind that security, as we've said, is it's a journey. Step by step. Don't rush.

425
00:43:30,880 --> 00:43:36,240
Don't don't just buy or see the first thing you see. Oh, OK, I need this. I will implement this now.

426
00:43:36,240 --> 00:43:42,240
See your options, see what the thing that fits the best to your company. Of course, we're Cisco,

427
00:43:42,240 --> 00:43:47,280
but if there's something out there that makes more sense to you, go for it. The idea here is that you

428
00:43:47,280 --> 00:43:54,720
are well protected and step by step. Don't rush. I think that will be the best way to start. It's

429
00:43:55,600 --> 00:43:57,360
easy. Don't rush.

430
00:43:58,880 --> 00:44:03,280
To follow on what Steph was saying, that you do have to be very careful.

431
00:44:03,280 --> 00:44:08,320
To follow on what Steph was saying, that you're doing something. You're not sitting around

432
00:44:08,320 --> 00:44:14,160
thinking about doing something or continually in the planning process. You're always doing

433
00:44:14,160 --> 00:44:19,680
something and the plan's going to change. The plan's going to get better. The plan's going to

434
00:44:19,680 --> 00:44:23,440
adjust. You might find something that doesn't work, but you're doing something. You're always

435
00:44:24,080 --> 00:44:28,960
taking a step forward or two steps forward and half a step back. There's always forward momentum.

436
00:44:28,960 --> 00:44:38,640
I'm sorry. Great. My takeaways, we started off, Neil, you're talking about zero trust being an

437
00:44:38,640 --> 00:44:45,920
industry topic, not something that was created by a vendor. I really liked, Steph, that you pointed

438
00:44:45,920 --> 00:44:50,800
out that we have zero trust in our everyday lives. You gave that social media account. I'm like,

439
00:44:50,800 --> 00:44:56,960
that's resonating with me with kids watching YouTube and stuff, for example. Then, Neil,

440
00:44:56,960 --> 00:45:05,280
you got into zero trust in the industry. Yeah, something that every company does need.

441
00:45:07,600 --> 00:45:13,360
Some specific use cases of zero trust in the environment. Then, of course, we talked about

442
00:45:14,960 --> 00:45:19,360
implementing it using the technology and the tools. Steph, you thought a good one might be

443
00:45:19,360 --> 00:45:26,480
doing some MFA with verification of the user and the device. Then, Neil, you touched a little bit

444
00:45:26,480 --> 00:45:35,280
on the segmentation and the concept of it's not just zero work, as Andre said, but we're going to

445
00:45:35,280 --> 00:45:39,920
analyze it as we go, not just forget about it, but stay on top of the game and make sure that we're

446
00:45:39,920 --> 00:45:47,760
at least more secure than maybe the competitors right around us. We do not want to be that easy

447
00:45:47,760 --> 00:45:58,800
target. Great stuff. That's great stuff. For my takeaways, what I really like and always like

448
00:45:58,800 --> 00:46:04,720
about zero trust in the conversation is the strategy, just making sure that you identify

449
00:46:04,720 --> 00:46:11,280
those things that you want to make sure are secure. You want to make sure that you have

450
00:46:11,280 --> 00:46:20,240
a roadmap of what you want to do. Keys into zero trust, making sure that high productivity versus

451
00:46:20,240 --> 00:46:30,640
strong security is well thought of. Remember, we're not trying to frustrate anything that wants to

452
00:46:30,640 --> 00:46:35,360
come and attack us. We don't want to frustrate our users. So, just eliminating that friction.

453
00:46:35,360 --> 00:46:41,760
Just what are the things that takes to get to zero trust right? We had some examples, Neil,

454
00:46:41,760 --> 00:46:48,880
you gave really good examples about what do we see there. The last thing is just make sure that

455
00:46:48,880 --> 00:46:56,320
you know there's help out there from, you know, we're biased on where we work at. But

456
00:46:56,320 --> 00:47:07,040
if you want to learn more about zero trust strategy, where to get help, feel free to reach out and we'll do our best to make sure that will help out.

457
00:47:07,920 --> 00:47:12,320
Andres, I'll add that we're biased, of course, we're all working for Cisco and we sell security stuff.

458
00:47:13,120 --> 00:47:19,520
But there's no vendor on the planet who can solve every zero trust question and every zero trust

459
00:47:19,520 --> 00:47:24,880
challenge you might have out there. So, it's going to be a multi-facility challenge. So,

460
00:47:24,880 --> 00:47:30,000
it's going to be a multi-vendor approach. I only say that because if you turn the coin over and

461
00:47:30,000 --> 00:47:34,560
there's a vendor that says we got this, just buy our stuff and you're totally covered, then that's

462
00:47:34,560 --> 00:47:40,720
the first person you walk out the door. And that's certainly not anyone on this call. Yeah, great points.

463
00:47:40,720 --> 00:47:47,680
Great, great points. Well, Neil and Steph, it has been an absolute pleasure. I do want to personally

464
00:47:47,680 --> 00:47:52,560
thank you guys for all the good you do in the world with zero trust. You're helping a lot of people

465
00:47:52,560 --> 00:47:57,280
through this call and through the work you do every day. So, much appreciation for you guys taking

466
00:47:57,280 --> 00:48:07,360
the time to join Andres and myself today. Happy to be here. Next call, July 24th. Andres, I believe

467
00:48:07,360 --> 00:48:14,480
that's our AI conversation. That one's going to be cool because it's not about AI, it's about

468
00:48:15,520 --> 00:48:22,240
the security of AI because AI is great until it gets hacked. So, we had a great conversation

469
00:48:22,240 --> 00:48:28,480
today on zero trust. Neil, Steph, thank you again. Andres, I will see you on the next one. Stay secure,

470
00:48:28,480 --> 00:48:52,960
everybody. And we'll see you on the next show. Thank you. Have a good one. Bye, guys. Take care.