Doug LaneMy top security topics
One of the best things about working in cybersecurity is that it's always changing. There are always new things to learn and think about. Here are some of the areas of security that I'm thinking about the most right now:Securing the digital supply chainThe evolution of cloud-native securityInternet of Things (IoT) securityThe human element of securitySecuring web3 and blockchainI'll take them one by one this week and share some quick thoughts on why I think they're interes...
Doug LanePoor man’s Gong
If you’re someone who works with me, you may have noticed that I ask to record our Zoom calls more often than I used to. There’s a reason for this. While I can’t justify the cost of a revenue intelligence platform like Gong for my small shop, I made up my own poor man’s version. Here’s how it works.Download and install Descript. (There’s a free version.)Hit the record button on a Zoom call and pick the “Record on this computer” option.After the Zoom call ends, drag the video file that Zoom sp...
Doug LaneWelcome to the simulation
OK, now that the marketing guy explained what Zero Trust is, let’s get into some ways to give security buyers a plan for it (that hopefully includes some of you). There’s a real danger that this could get boring in a hurry, so here’s what I’m thinking. Over the next few days, I’ll give you my quick take on what I like and don’t like about the three possible starting points I mentioned. I’m not going to regurgitate every detail, but I’ll try to give you the gist. Then, I’m going to make up a f...
I share daily thoughts about cybersecurity and emerging technology. [Subscribe](https://daily.axalane.com) or [hire me](https://axalane.com)
Doug LaneMy top security topics
One of the best things about working in cybersecurity is that it's always changing. There are always new things to learn and think about. Here are some of the areas of security that I'm thinking about the most right now:Securing the digital supply chainThe evolution of cloud-native securityInternet of Things (IoT) securityThe human element of securitySecuring web3 and blockchainI'll take them one by one this week and share some quick thoughts on why I think they're interes...
Doug LanePoor man’s Gong
If you’re someone who works with me, you may have noticed that I ask to record our Zoom calls more often than I used to. There’s a reason for this. While I can’t justify the cost of a revenue intelligence platform like Gong for my small shop, I made up my own poor man’s version. Here’s how it works.Download and install Descript. (There’s a free version.)Hit the record button on a Zoom call and pick the “Record on this computer” option.After the Zoom call ends, drag the video file that Zoom sp...
Doug LaneWelcome to the simulation
OK, now that the marketing guy explained what Zero Trust is, let’s get into some ways to give security buyers a plan for it (that hopefully includes some of you). There’s a real danger that this could get boring in a hurry, so here’s what I’m thinking. Over the next few days, I’ll give you my quick take on what I like and don’t like about the three possible starting points I mentioned. I’m not going to regurgitate every detail, but I’ll try to give you the gist. Then, I’m going to make up a f...
I share daily thoughts about cybersecurity and emerging technology. [Subscribe](https://daily.axalane.com) or [hire me](https://axalane.com)
Subscribe to Doug Lane
Subscribe to Doug Lane
<100 subscribers
<100 subscribers
Share Dialog
Share Dialog
I feel your judgment. But let’s see you come up with a better subject line that ties in NIST Special Publication 800-207.
This bad boy is the polar opposite of the “ducks and bunnies” version of Zero Trust. Weighing in at exactly 50 pages, it’s not for the faint of heart. But I think it’s a really impressive and helpful document – both for security buyers and vendors.
The good news: Unlike pretty much anything else out there, it actually goes deep on explaining what “doing Zero Trust” actually means.
The bad news: It’s very long, dense, and theoretical. (Not great ingredients for a tight sales narrative.)
Since it’s impossible to summarize a 50-page document in an email, I picked my favorite part.
This diagram:
While still pretty deep in the weeds, it puts all of the vendors running around screaming about how they help with Zero Trust in context.
In doing so, it establishes two tiers of Zero Trust vendors:
Alpha Dogs: Policy Engine, Policy Administrator, and Policy Enforcement Point
Rest of the Pack: All of the other security technologies that provide food for the alpha dogs.
So if I was a security vendor, I might consider creating a kinder, gentler version of this diagram and using it to emphasize where my product fits in.
Best case, I’d explain why I’m an alpha dog Zero Trust product. (I assume these to be things like Zero Trust network access and segmentation, but NIST’s definition is pretty theoretical.)
If I’m not lucky enough to be an alpha dog, I’d position myself as a critical foundation that you should start with to prevent your alpha dog from tripping and falling on its nose.
Yes, this is kind of what I was dinging the Spectra Alliance gang for doing yesterday. But I think the key missing piece is getting really crisp and credible about why you should be first.
-Doug
I feel your judgment. But let’s see you come up with a better subject line that ties in NIST Special Publication 800-207.
This bad boy is the polar opposite of the “ducks and bunnies” version of Zero Trust. Weighing in at exactly 50 pages, it’s not for the faint of heart. But I think it’s a really impressive and helpful document – both for security buyers and vendors.
The good news: Unlike pretty much anything else out there, it actually goes deep on explaining what “doing Zero Trust” actually means.
The bad news: It’s very long, dense, and theoretical. (Not great ingredients for a tight sales narrative.)
Since it’s impossible to summarize a 50-page document in an email, I picked my favorite part.
This diagram:
While still pretty deep in the weeds, it puts all of the vendors running around screaming about how they help with Zero Trust in context.
In doing so, it establishes two tiers of Zero Trust vendors:
Alpha Dogs: Policy Engine, Policy Administrator, and Policy Enforcement Point
Rest of the Pack: All of the other security technologies that provide food for the alpha dogs.
So if I was a security vendor, I might consider creating a kinder, gentler version of this diagram and using it to emphasize where my product fits in.
Best case, I’d explain why I’m an alpha dog Zero Trust product. (I assume these to be things like Zero Trust network access and segmentation, but NIST’s definition is pretty theoretical.)
If I’m not lucky enough to be an alpha dog, I’d position myself as a critical foundation that you should start with to prevent your alpha dog from tripping and falling on its nose.
Yes, this is kind of what I was dinging the Spectra Alliance gang for doing yesterday. But I think the key missing piece is getting really crisp and credible about why you should be first.
-Doug
No activity yet