Quick Read

The term cybersecurity expert is overplayed. There is no official or legal definition, and between companies, the meaning of “cybersecurity expert” can vary greatly. When we talk about cyber, we need to understand our audience and trust the “experts” we rely on for information. As we talk to others, what attributes do we use to signal that we are cybersecurity experts? As we interview people for job openings, how do we qualify and differentiate between all of the candidates calling themselves “experts”?

DISA’s 163-page document on the Zero Trust Reference Architecture presents seven pillars of a zero trust environment. These include the user, device, network, applications, data, visibility, and orchestration. Each of these pillars deserves a deep analysis, but in this short post we argue why the first two — user and device — are most critical.

Zero Knowledge and Zero Trust: they’re basically the same, right? Not quite. While these two terms might be similar in name, they are in fact two completely different ideas. Zero Knowledge can be used to help complete the notion of Zero Trust, but it cannot work in the opposite direction. Zero Knowledge is a mathematical distinction, whereas Zero Trust is a philosophical one.