Last month, news broke that senior Navy leaders aboard the USS Manchester were running a secret, unauthorized WiFi network on the ship. They only used the network to check sports scores, text home, and stream movies, according to the Navy Times article. But they kept its existence under wraps for months before the ship’s superiors grew suspicious and started investigating

The lying, the cover ups, the secrecy — all of it is bad. But I was especially disappointed that the Navy’s disciplinary charges for the network’s ringleader, then-Command Senior Chief Grisel Marrero, were only for dereliction of duty and obstruction of justice

While these charges are certainly valid, I think the much bigger issue is that the network put every sailor on that ship — and potentially the lives of every sailor around the world — at risk. And Marrero even has a master's degree in information security! Why wasn’t the secret network’s potentially catastrophic cybersecurity risk a major part of the investigation and charges?

We always talk about how we live in an interconnected world. But that means that we also have an interconnected responsibility.

Cybersecurity responsibility belongs to the entire organization

Cybersecurity used to be something that felt distant for most employees. If something went wrong, they’d shrug it off and say, “That’s IT’s problem.”  

But Zero Trust changes that mindset. Suddenly, everyone — from entry-level employees to the C-suite — has a role to play in protecting the company.

Zero Trust isn’t just a product or a tool you install and forget about. It’s a strategy that revolves around the idea that nothing, whether inside or outside of your organization, should be trusted by default. This is why Zero Trust is often called a least-privilege model.  

It’s not just about locking down your network. It's about acknowledging that everything, down to each person, device, and workload communicating in the network, plays a role in keeping it secure.

Zero Trust breaks down silos

One of the greatest shifts Zero Trust brings is that it breaks down silos across an organization.  

It’s not uncommon for gaps in ownership and visibility to expose weaknesses that organizations didn’t even know they had. Misunderstandings about who owns what, such as who controls the server versus who’s responsible for the software on it, can lead to finger pointing rather than better security. And a lack of visibility into what’s communicating across a network creates security gaps that attackers will find and exploit.  

Zero Trust, by its very nature, forces everyone to take a closer look at who is responsible for what. Suddenly, the network team is talking to the app owners. The security folks are collaborating with every department to ensure that sensitive data remains secure. It’s no longer about passing the buck.  

Cybersecurity has to be everyone’s job

Yes, you have dedicated security professionals, but expecting them to be the sole line of defense is a recipe for disaster.  

If even one person flubs security, the entire organization can be put at risk. In a Zero Trust model, breaches are not seen as IT failures but organizational ones. It encourages shared responsibility.

Employees need to understand that their actions matter — clicking on suspicious links, failing to update software, or ignoring security protocols — can expose the entire organization. In fact, as many as 70% of successful data breaches originate from endpoint devices, according to IBM.

It's not about blaming the security team when something goes wrong. It’s about recognizing that everyone plays a part in keeping the organization safe.

Creating a Zero Trust culture shift

Ultimately, the shift to Zero Trust is about more than just technology. It’s about changing the culture of security.  

The old way of thinking where you could set up a firewall and walk away is over. The only way to stay secure in today’s world is by making security a part of everyone’s job.  

Seeing security from a Zero Trust point of view teaches people that they are responsible for protecting the organization, not just the IT team.  

Zero Trust forces security conversations and breaks down barriers between teams, leading to more collaborative, security-conscious workplaces.

In a Zero Trust world, no one gets a free pass. And I think that’s a really good thing.

This week, The Zero Trust Hub features:

• New Zero Trust and microsegmentation innovation you need to know about
• What it looks like to transition to a mature Zero Trust architecture (spoiler alert: it's more than just technology!)
• My thoughts on Cybersecurity Awareness Month
• What you can expect from the upcoming Illumio World Tour