Jason Garbis’ Post

In case you missed it: Thoughts on the recent "Cost of a Data Breach" report from IBM: 70% of breached organizations experienced a significant or very significant business disruption, but only 12% of breached organizations have fully recovered, with more than three-quarters of those stating that the recovery took longer than 100 days. What should we learn from this? https://lnkd.in/es--S9Zy

Flashback Friday - an entertaining (and hopefully insightful) conversation about Zero Trust, between Achilles and the Tortoise.

Our inaugural Zero Trust practitioner community meeting sparked an unexpected revelation about Zero Trust as a strategy…

Do you have a security strategy? Do you need one? And what does this have to do with Zero Trust? Thanks to those of you who joined us for the inaugural meeting of The Neighborhood ( https://lnkd.in/eaKKnvaf ), our new Zero Trust practitioner peer community. This was a great conversation, with people bringing different perspectives on how they and their enterprises are approaching Zero Trust. Our topic for this session was Zero Trust as a Security Strategy, and I want to highlight one specific point that we discussed, which was around the definition of a Security Strategy. We all agreed that Zero Trust is a security strategy, but had to talk through what exactly we meant by a security strategy, and how this strategy manifested itself within their enterprises. I’m distilling this down here, but essentially we agreed that a security strategy is what you use to define your vision, prioritize investments (time and budget), and define the structure of your security team and program. So far, this is straightforward, but the interesting bit was when someone made the offhand comment that “this is the first time that we’ve actually had a security strategy”. This sparked a great and intense discussion – and the consensus was that in general, information security organizations don’t have a strategy in place, so the adoption of Zero Trust is actually the first time they’ve defined one. That is - Zero Trust isn’t replacing an existing security strategy, it’s sparking the team to create their first ever security strategy. And this is a fundamentally important, but often overlooked aspect of Zero Trust. In fact, I don’t think I ever thought of it this way before this conversation! So treat Zero Trust as not just a way to implement information security best practices, but also as a way to for the first time give your team a unified way of thinking about and approaching security within your enterprise. Interested in exploring this further, and talking about how a Zero Trust strategy can benefit your enterprise? Sign up for a free, 30-minute one-on-one Zero Trust Strategy Kickstart session : https://lnkd.in/eB5Dx9At We’ll use this time to share our deep experience helping enterprises define and launch successful Zero Trust initiatives, and we’ll walk you through the What, Why and How of our Zero Trust Strategy methodology. After this session, you'll be ready to define and execute a Zero Trust strategy that will be highly effective for your enterprise, and be able to rapidly and incrementally deliver results. Sign up here https://lnkd.in/eB5Dx9At We look forward to meeting with you.

Starting in just 2 hours. joing us for our inaugural Zero Trust practitioner virtual meetup. Details and registration below. I look forward to seeing you there! ------------------- Interested in learning about Zero Trust through in-depth discussions in a peer community?  If you’re an information security practitioner at an enterprise, you’re welcome to join The Neighborhood - a newly launched place for practitioners to share and learn through interactive guided discussions. We meet for virtual video discussions on alternate Wednesdays, for one hour starting at 1:00 pm ET, with our first session coming up on October 2. Learn more and register here: https://lnkd.in/eaKKnvaf

Coming up tomorrow - our inaugural Zero Trust practitioner virtual meetup. Details and registration below. I look forward to seeing you there! ------------------- Interested in learning about Zero Trust through in-depth discussions in a peer community? If you’re an information security practitioner at an enterprise, you’re welcome to join The Neighborhood - a newly launched place for practitioners to share and learn through interactive guided discussions. We meet for virtual video discussions on alternate Wednesdays, for one hour starting at 1:00 pm ET, with our first session coming up on October 2. Learn more and register here: https://lnkd.in/eaKKnvaf

Thoughts on the $30M T-Mobile data breach settlement.