The Zero Trust Hub
Trends, insights, and resources for today's cybersecurity leaders. Updated weekly.
In The Wall Street Journal, Illumio CEO Andrew Rubin says cybersecurity’s prevention-first model is breaking down rapidly under relentless, AI-driven attacks. He argues teams must invest equally in breach containment to keep minor intrusions from becoming major disasters.
In Bloomberg Law, Andrew Rubin warns that powerful new AI models like Mythos will drive cyber budgets higher as companies race to match attacker speed. With breaches now inevitable, he says organizations must prioritize resilience and recovery just as much as prevention.
If You Design Zero Trust for Perfection, You’re Designing It to Fail
Public Sector CTO
Early in my career, I used to trust the diagram.
You’d walk into a meeting, someone would pull up a clean architecture slide, and everything would make sense.
Then something would break.
And when you dug into the issue, you realized the diagram wasn’t wrong, just incomplete. It reflected how we thought the environment worked, not how it actually behaved under pressure.
That gap is where most security strategies struggle. It’s also where a lot of Zero Trust efforts stall out.
Zero Trust projects fail often because we design around assumptions instead of what’s really happening inside the environment.
Pressure separates real security from the illusion of it
There’s a lot of discussion right now about operating under pressure. But the pressure itself isn’t the root problem. It simply exposes what was already there.
When teams shrink, complexity becomes harder to manage. When budgets tighten, inefficient tools stand out. When mandates increase, gaps in strategy become harder to ignore.
Most environments today are more complicated than they appear. Security teams are using too many tools, have too little integration, and are missing clarity about how everything works together.
That’s manageable when things are calm. It becomes a problem when they’re not.
Zero Trust works only if your tools work together
Zero Trust was supposed to help solve this. It can, but only if it’s approached as an operating model instead of a checklist.
I still see organizations treating it like a series of separate projects. Identity in one lane. Network in another. Data somewhere else. Each team doing their part, but not always in sync.
Things start to break down here. If your tools don’t share data, you’re missing context. If they can’t act on that context automatically, you’re moving too slow. If your teams have to manually connect the dots during an incident, you’re already behind.
Zero Trust isn’t necessarily about having more controls but about making the controls you already have work together in a meaningful way.
Automation is what makes it all work
Automation comes up in almost every Zero Trust conversation, but it’s often framed too narrowly.
Speed is one consideration. But the real challenge is keeping pace with environments that don’t stand still.
Workloads spin up and down, and users move across systems. Data flows in ways that didn’t exist a few years ago. The environment is constantly shifting, and security has to move with it.
When policies can’t keep up, they drift out of alignment. Gaps start to appear, and they’re exactly what attackers look for.
What works is an approach where policies follow the workload, controls adjust based on context, and systems stay in sync as things change.
That’s how security teams scale without getting buried in manual work.
The hardest part of Zero Trust is defining risk
At the end of the day, the biggest challenge is how organizations think about risk.
Too many teams still define success as stopping every attack. That sounds reasonable, but it leads to the wrong priorities.
Attackers are going to get in. The real question is what happens next.
If an attacker can’t move, can’t escalate, and can’t reach critical systems, the impact is limited and the mission continues.
Zero Trust enables exactly that.
But getting there requires a shift in mindset. Leaders need to move away from the idea that a breach automatically means failure and focus instead on whether that breach can spread and cause real damage.
Security that doesn’t reflect reality will fail
The environment isn’t getting simpler. Threats are evolving faster, complexity is increasing, and security teams are being asked to do more with less.
Pressure exposes what actually works.
If your Zero Trust strategy depends on everything going according to plan, it won’t hold up when conditions change. And they always do.
The organizations that succeed design for what happens during an incident, not just before it. They assume controls will fail and focus on limiting what happens next.
That’s the real test of Zero Trust. Not whether you stop every attack, but whether you can contain one.
STATSHOT
Breaking Barriers
Microsegmentation projects stall for a few clear reasons. Cost, visibility, and integration top the list — and that's good news. Each one is fixable. Teams move faster when roles are clear and skills are in place. Projects keep momentum when leaders address fears about disruption head-on. Once executives back the work, teams can break it into steps and turn intent into results.
.webp)
Anti-Fragile: Why It’s the Future of Cybersecurity
We’ve defined success as recovery. When systems go down, teams respond and operations resume. But returning to the same architecture means returning to the same risk. Michael Adjei explains we must use every attack to come back stronger.
Design Zero Trust for People First, Not Just Systems
We've long built security around systems and compliance. Attackers built their playbook around human behavior. They study habits, exploit friction, and slip through policy gaps. A strategy that ignores the human layer can’t stop breaches. Here's how to fix it.
Zero Trust Resources
Get the industry’s first vendor-neutral Zero Trust certification.
