Doug LaneMy top security topics
One of the best things about working in cybersecurity is that it's always changing. There are always new things to learn and think about. Here are some of the areas of security that I'm thinking about the most right now:Securing the digital supply chainThe evolution of cloud-native securityInternet of Things (IoT) securityThe human element of securitySecuring web3 and blockchainI'll take them one by one this week and share some quick thoughts on why I think they're interes...
Doug LanePoor man’s Gong
If you’re someone who works with me, you may have noticed that I ask to record our Zoom calls more often than I used to. There’s a reason for this. While I can’t justify the cost of a revenue intelligence platform like Gong for my small shop, I made up my own poor man’s version. Here’s how it works.Download and install Descript. (There’s a free version.)Hit the record button on a Zoom call and pick the “Record on this computer” option.After the Zoom call ends, drag the video file that Zoom sp...
Doug LaneWelcome to the simulation
OK, now that the marketing guy explained what Zero Trust is, let’s get into some ways to give security buyers a plan for it (that hopefully includes some of you). There’s a real danger that this could get boring in a hurry, so here’s what I’m thinking. Over the next few days, I’ll give you my quick take on what I like and don’t like about the three possible starting points I mentioned. I’m not going to regurgitate every detail, but I’ll try to give you the gist. Then, I’m going to make up a f...
I share daily thoughts about cybersecurity and emerging technology. [Subscribe](https://daily.axalane.com) or [hire me](https://axalane.com)
Doug LaneMy top security topics
One of the best things about working in cybersecurity is that it's always changing. There are always new things to learn and think about. Here are some of the areas of security that I'm thinking about the most right now:Securing the digital supply chainThe evolution of cloud-native securityInternet of Things (IoT) securityThe human element of securitySecuring web3 and blockchainI'll take them one by one this week and share some quick thoughts on why I think they're interes...
Doug LanePoor man’s Gong
If you’re someone who works with me, you may have noticed that I ask to record our Zoom calls more often than I used to. There’s a reason for this. While I can’t justify the cost of a revenue intelligence platform like Gong for my small shop, I made up my own poor man’s version. Here’s how it works.Download and install Descript. (There’s a free version.)Hit the record button on a Zoom call and pick the “Record on this computer” option.After the Zoom call ends, drag the video file that Zoom sp...
Doug LaneWelcome to the simulation
OK, now that the marketing guy explained what Zero Trust is, let’s get into some ways to give security buyers a plan for it (that hopefully includes some of you). There’s a real danger that this could get boring in a hurry, so here’s what I’m thinking. Over the next few days, I’ll give you my quick take on what I like and don’t like about the three possible starting points I mentioned. I’m not going to regurgitate every detail, but I’ll try to give you the gist. Then, I’m going to make up a f...
I share daily thoughts about cybersecurity and emerging technology. [Subscribe](https://daily.axalane.com) or [hire me](https://axalane.com)
Subscribe to Doug Lane
Subscribe to Doug Lane
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
OK, our first possible starting point for a buyer plan for Zero Trust is “A Practical Guide To a Zero Trust Implementation” from Forrester Research.
Side note: This is paid research, but if you Google the title, you will find numerous security vendors willing to give you free access in return for a one-way ticket into their lead nurture hellscape.
I’m a big fan of maturity models for positioning and selling security products. Security is never “done,” so helping buyers understand where they are – and where they want to get to – is constructive for everyone.
This is the approach Forrester takes with this report. They lay out five phases of Zero Trust maturity and then map broad categories of security capabilities into stages over a 10-year time horizon. (Yikes, I guess we’re gonna be at this for another decade.)
The general sequence they suggest for building a Zero Trust Architecture is:
People
Workloads
Devices
Network
Data
There are some things I like about their approach. It provides an actual recommended sequence to prioritize and tackle Zero Trust. And it offers a reasonable amount of detail in a concise package that won’t overwhelm security buyers.
There are some things I don’t like as well. Take this with a grain of salt, since I’m a marketing person and not a security architect. But I think they got the sequence wrong.
Think of it like protecting a bank. What would provide more risk reduction impact faster:
A. Giving your security guards and employees incrementally better weapons, cash drawers, and panic buttons. (People and Devices)
B. Structurally reinforcing the vault and significantly reducing the ease of getting to it. (Workloads and Network)
I’ll take option B.
Many companies I come across already have reasonable identity and access management and endpoint security measures in place. Do they need to get better? Sure. But I think workload and network are where you can make a more significant impact faster.
Overall, I do think this is a useful report that can be used to frame a journey that you can help the buyer with. But it might not be the best option to lead with if you’re on the network and data side of Zero Trust (and want to sell something in the next few years).
-Doug
OK, our first possible starting point for a buyer plan for Zero Trust is “A Practical Guide To a Zero Trust Implementation” from Forrester Research.
Side note: This is paid research, but if you Google the title, you will find numerous security vendors willing to give you free access in return for a one-way ticket into their lead nurture hellscape.
I’m a big fan of maturity models for positioning and selling security products. Security is never “done,” so helping buyers understand where they are – and where they want to get to – is constructive for everyone.
This is the approach Forrester takes with this report. They lay out five phases of Zero Trust maturity and then map broad categories of security capabilities into stages over a 10-year time horizon. (Yikes, I guess we’re gonna be at this for another decade.)
The general sequence they suggest for building a Zero Trust Architecture is:
People
Workloads
Devices
Network
Data
There are some things I like about their approach. It provides an actual recommended sequence to prioritize and tackle Zero Trust. And it offers a reasonable amount of detail in a concise package that won’t overwhelm security buyers.
There are some things I don’t like as well. Take this with a grain of salt, since I’m a marketing person and not a security architect. But I think they got the sequence wrong.
Think of it like protecting a bank. What would provide more risk reduction impact faster:
A. Giving your security guards and employees incrementally better weapons, cash drawers, and panic buttons. (People and Devices)
B. Structurally reinforcing the vault and significantly reducing the ease of getting to it. (Workloads and Network)
I’ll take option B.
Many companies I come across already have reasonable identity and access management and endpoint security measures in place. Do they need to get better? Sure. But I think workload and network are where you can make a more significant impact faster.
Overall, I do think this is a useful report that can be used to frame a journey that you can help the buyer with. But it might not be the best option to lead with if you’re on the network and data side of Zero Trust (and want to sell something in the next few years).
-Doug
No activity yet