J. Wolfgang Goerlich is an Advisory CISO for Duo Security. He has led IT and IT security in the healthcare and financial services verticals, and advisory and assessment practices in several cyber security consulting firms.
In cybersecurity, we like our multi-year roadmaps. In home improvements, we like our long-term plans. For both, we like to get everything squared away before inviting people in. That’s simply not feasible in most cases. Like the sprints in agile, zero trust can be taken in small but powerful steps.
It is Tim Berners-Lee’s fault. No, really. The first website went live in August 1991. When the web began twenty-eight years ago, it was wide open and without any access control. Our web starting point was deliberately out of control.
You remember the saying "it's the greatest thing since sliced bread?" Before there could be toasted sliced bread there had to be standards. Prior to sliced toasted bread, bread came in all shapes and sizes and electricity was not in every home. The same rule applies to technology innovations like passwordless; we need standards, infrastructure and critical mass.
Selfies kill more people than sharks. This fact doesn’t make sense. Sharks are terrifying. People aren’t all that good at making risk-based decisions. When security leaders seek support for controls, our human nature can become a stumbling block.
The Raptor’s iconic basketball jersey was, like many things, driven by technological limitations. These are the same design challenges we face in IT security.
