Resilient Cyber

For those unfamiliar with Zero Trust, if you had to summarize what Zero Trust is, how would you describe it?

Zero trust is in the news quite a bit recently, with NIST even coming out with their own guide just a year ago. Do you think this is really a new topic or more of a maturation of older processes?

It seems like every breach we hear Zero Trust could have prevented x, y, and z - Do you think Zero Trust has the potential to mitigate breaches, or at least minimize their impact?

I see Zero trust typically talked about as only applying to layer 7 in the osi model. Do you think that's true? Or do you see the general concepts as applying to more layers as a defense in depth strategy?

Given the hype around Zero Trust, many vendors are now claiming their product equates to Zero Trust, or gets you Zero Trust compliant and similar phrases, how do you feel about this, and do you see it as misleading?

What does Cyber Resilience mean to you? Does implementing Zero Trust make an organization or system more resilient?