Zero trust security is a complex and moving target, but cybersecurity experts today explained how focusing on your people and instilling a culture of cybersecurity can help Federal agencies reduce zero trust complexity.
At the Visualyze Zero Trust Security Summit hosted by MeriTalk and Gigamon on Feb. 29 in Washington, D.C., panelists shared how they are focusing on the culture piece of zero trust in order to be successful.
“We can talk about the tech stack … but it’s really about the changes that are happening inside the organizations themselves,” said Sean Connelly, senior cybersecurity architect at the Cybersecurity and Infrastructure Security Agency (CISA) and program manager of its Trusted Internet Connections (TIC) initiative.
Connelly explained that it’s about “the people, the process,” adding, “I think that is critical in terms of just shaping that discussion from the get-go.”
Laurie Ludwig, the zero trust program manager for the U.S. Customs and Border Protection’s (CBP) Office of Information Technology (OIT), explained that when CBP first began its zero trust journey, the agency placed a heavy emphasis on cybersecurity training.
Ludwig said CBP has frequently held town halls on zero trust, discussions with its industry partners about zero trust, and zero trust briefings for the CBP IT Governance Council.
“As much education and knowledge sharing as possible has been really helping us,” she said. “So, when something does come along [and say], ‘Hey, we need to do this in order to make sure that we’re hitting our mark,’ there is already an understanding there of what zero trust is, and why we’re doing this, and why we need to expedite this.”
Ludwig also stressed the importance of taking employees who aren’t necessarily in the cybersecurity field, “and helping them understand what does that ‘never trust, always verify’ mean, continuing our phishing simulation emails, increasing our training around cybersecurity, so that they start to feel more of a sense of ownership of securing the agency as well. Everybody has a responsibility in that.”
Similarly, partnership and communication can also help Federal agencies reduce zero trust complexity, according to Erica Jackson, zero trust strategic business development manager at Dell Technologies.
Dell Technologies recently launched its Project Fort Zero initiative with over 45 partners designed to accelerate the path to zero trust. This end-to-end zero trust solution will be validated by the Department of Defense (DoD) this year, Jackson noted.
She explained that organizations must “step up” both their partnership and communication and “share those lessons learned so we can all achieve that zero trust journey.”
Driving home the culture piece, Imran Umar, vice president and zero trust lead at Booz Allen Hamilton, added that zero trust “requires a new way of thinking,” and encouraged agencies to do so to achieve “the integration of capabilities across the pillars.”
For agencies looking to gain more insights on zero trust, Connelly recommended they explore the Technology Modernization Fund’s (TMF) website, which he said is “an easy way for agencies to understand how some of the some of the other agencies are tackling zero trust.”