Numberline Security

Do you have a security strategy? Do you need one? And what does this have to do with Zero Trust? Thanks to those of you who joined us for the inaugural meeting of The Neighborhood ( https://lnkd.in/eaKKnvaf ), our new Zero Trust practitioner peer community. This was a great conversation, with people bringing different perspectives on how they and their enterprises are approaching Zero Trust. Our topic for this session was Zero Trust as a Security Strategy, and I want to highlight one specific point that we discussed, which was around the definition of a Security Strategy. We all agreed that Zero Trust is a security strategy, but had to talk through what exactly we meant by a security strategy, and how this strategy manifested itself within their enterprises. I’m distilling this down here, but essentially we agreed that a security strategy is what you use to define your vision, prioritize investments (time and budget), and define the structure of your security team and program. So far, this is straightforward, but the interesting bit was when someone made the offhand comment that “this is the first time that we’ve actually had a security strategy”. This sparked a great and intense discussion – and the consensus was that in general, information security organizations don’t have a strategy in place, so the adoption of Zero Trust is actually the first time they’ve defined one. That is - Zero Trust isn’t replacing an existing security strategy, it’s sparking the team to create their first ever security strategy. And this is a fundamentally important, but often overlooked aspect of Zero Trust. In fact, I don’t think I ever thought of it this way before this conversation! So treat Zero Trust as not just a way to implement information security best practices, but also as a way to for the first time give your team a unified way of thinking about and approaching security within your enterprise. Interested in exploring this further, and talking about how a Zero Trust strategy can benefit your enterprise? Sign up for a free, 30-minute one-on-one Zero Trust Strategy Kickstart session : https://lnkd.in/eB5Dx9At We’ll use this time to share our deep experience helping enterprises define and launch successful Zero Trust initiatives, and we’ll walk you through the What, Why and How of our Zero Trust Strategy methodology. After this session, you'll be ready to define and execute a Zero Trust strategy that will be highly effective for your enterprise, and be able to rapidly and incrementally deliver results. Sign up here https://lnkd.in/eB5Dx9At We look forward to meeting with you.

On September 30, T-Mobile announced a $30M settlement with the FCC related to recent data breaches. As part of this settlement, T-Mobile agreed to spend over $15M to improve their information security program, including the adoption of Zero Trust. What does this mean, and what should we learn from it?

Recently, I gave a Zero Trust briefing to a financial services firm's Board of Directors, and this sparked a few thoughts in my mind.

It’s not just cyberattacks that you need to be concerned about, says Numberline Security’s Jason Garbis. Data loss can be the result of human error or hardware or software failure, making zero trust data resilience the foundation of your data protection strategy.  Head over to The Wall Street Journal to learn why and discover how Siemens AG partners with #Veeam to protect their customers’ data from data loss of any kind. https://vee.am/BUNtKwq #DataResilience #ZeroTrust #DataProtection Custom Content from WSJ

I highlight four specific findings in the 2024 IBM Cost of a Data Breach report: Breach Costs, Shadow Data, AI, and Ransomware. What can we learn from these, and how does this report disappoint us?

Learn how to use and adapt the CISA Zero Trust Maturity Model. Jason Garbis revisits his #RSAC 2024 Birds of a Feather session in this RSAC Podcast, sharing real-world examples of challenges, benefits, and approaches about the model. #ZeroTrust https://spr.ly/6043iZObJ

Join us for an expert discussion on the SEC Cybersecurity Rules. Chen Burshan, Yair Geva, Jason Garbis, and Alex Sharpe will talk about why the rule change came about and how you can better prepare. We hope to see you there! https://lnkd.in/eytXeQPE