Resilient Cyber
Resilient Cyber
S2E10: Shane Barney - Federal Zero Trust, Cloud, and DevSecOps

S2E10: Shane Barney - Federal Zero Trust, Cloud, and DevSecOps

Chris - There's quite a push for Zero Trust in the Federal Government, with the Cyber EO and ZT publications from CISA. What do you see as some of the biggest impediments for the Government's adoption of ZT? What are some of the biggest opportunities?

Nikki - One of your recent posts you mention the difference between zero trust being a concept vs being something to act on. What do you think the right way to implement a zero-trust architecture is?

Nikki - Do you have any resources for practitioners who are looking to ensure they are meeting a zero trust architecture framework?

Chris - You commented recently about Compliance NOT being Security. This is something that many of us who have been in the field long enough agree with. That said, the Government's approach to cybersecurity largely revolves around Compliance. Why is that, and how do we go about changing that to a focus on real security?

Chris - You recently had some comments about the CISO reporting relationship, in the Federal space, reporting to the CIO. Do you want to share any thoughts on who you think the CISO should report to and how CISO's can help influence who they report to, to support their security initiatives?

Nikki You mention a need for CIO/CISO partnership - can you expand on why that's so important in an organization? How can the organization benefit from this partnership?

Chris - As you know, there's a big push for DevSecOps both in Government and Industry. What can Security teams learn from their Development peers and how do we successfully facilitate the push for DevSecOps?