Zero Trust Journey

Victor Monga
  • 5.0 (4)
  • TECHNOLOGY

Zero Trust Journey isn’t about taking sides—it’s about real conversations, sharing research, and learning together. Our goal is to explore Zero Trust from every angle and help cybersecurity practitioners make sense of it in a practical, no-fluff way. And yes, we do love to chat about coffee and listen to the occasional dad joke along the way. Here’s what we do: Conversations with Experts: We chat with subject matter experts who share their opinions, experiences, and Zero Trust journeys.Research and Product Insights: We explore Zero Trust products and solutions in the market that may fit into a Zero Trust architecture.A Zero Trust Architecture: We’re building and refining an ever-growing architecture focused solely on the needs of cybersecurity practitioners.CSA CCZT Study Group: We host a study group for the Cloud Security Alliance (CSA) Certificate of Competence in Zero Trust (CCZT).If you’re a cybersecurity professional looking for honest discussions, practical insights, and tools that evolve with your Zero Trust strategy (plus the occasional coffee tip), Zero Trust Journey is for you. Join us!

  1. FEB 16

    Episode 40: Over-provisioning access is a common issue

    In this episode of the Zero Trust Journey, Dr. Victor Monga sits down with Jamie Fitz-Gerald, VP of Product Management at Okta. We dive deep into why identity has become the new perimeter and why the biggest risk to your organization isn't just a lack of tools—it's the effectiveness of the ones you already have. What You’ll Learn: The Identity Perimeter: Why attackers have stopped "breaking in" and started "logging in."System Resilience: Lessons from electrical engineering on surviving 1, 2, and 3-point failures.Productivity vs. Security: How to balance the "padlock on the door" with a seamless user experience.The Effectiveness Gap: Why having the best tools doesn't mean you're secure if you aren't testing them.Subscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges. https://ztjourney.com LinkedIn YouTube Disclaimer: The views expressed are those of the speakers.

    26 min

  2. FEB 13

    Episode 39: ZTMM+ How to Assess and Roadmap Zero Trust

    "Zero Trust is not a journey where you have to spend a lot of money upfront before you can get started. In almost every case, you just need to use what you have better." In this workshop-style episode of the Zero Trust Journey, Dr. Victor Monga sits down with Jason Garbis and Jerry Chapman from Numberline Security. They move beyond the theory to conduct a live Zero Trust assessment of a fictitious company, "Precision Dynamic Manufacturing" (PDM). From "sticky note" admin passwords to flat networks where CNC machines and Wi-Fi guests coexist, Jason and Jerry map out a practical, no-fluff roadmap to maturity. IN THIS EPISODE, WE COVER: The ZTMM+ Framework: Why the standard CISA model needed an upgrade and how "Governance" acts as the critical glue across all five security pillars.The PDM Case Study: A deep dive into an SMB with 200 employees—evaluating the risks of an IT stack built by the "neighbor's kid" and how to secure it before a CMMC audit.MFA is Non-Negotiable: Jerry breaks down the journey from simple SMS codes to phishing-resistant authentication and why it’s the single most important move for identity.Stop Buying, Start Configuring: How to leverage your existing Microsoft Entra ID (Azure AD) stack to achieve Zero Trust principles without a massive capital investment.Network Segmentation for OT: Practical strategies for isolating "crusty" legacy hardware and CNC machines from the rest of the enterprise to stop lateral movement.Building External Trust: How a mature Zero Trust posture directly impacts your ability to secure cyber insurance and win contracts with security-conscious partners. Connect with the Guests: Jason Garbis: https://www.linkedin.com/in/jasongarbis Jerry Chapman: https://www.linkedin.com/in/jerrychapman Subscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges. https://ztjourney.com LinkedIn YouTube Disclaimer: The views expressed are those of the speakers.

    41 min

  3. FEB 8

    Episode 38: Bridging the Cybersecurity Effectiveness Gap

    "We don’t have a tools problem in cybersecurity anymore. We have an effectiveness problem." In this episode of the Zero Trust Journey, Dr. Victor Monga sits down with Snehal Antani, CEO and Co-Founder of Horizon3.ai and former CTO at the US Department of Defense. Snehal reveals the shocking data gathered from over 200,000 autonomous pen tests: why enterprises spend $18 billion on endpoint security yet continue to see breaches rise. ▶ IN THIS EPISODE, WE COVER: ▶ The 1-in-14,000 Risk: How a single misconfigured agent led to a full domain compromise. ▶ The "Big 4" EDR Reality Check: Snehal breaks down out-of-the-box effectiveness for CrowdStrike, SentinelOne, Sophos, and Windows Defender. ▶ Credential Pivoting vs. Malware: Why 97% of successful "RAT" deployments use harvested credentials, not CVE exploits. ▶ The "Monday Morning Battle Rhythm": How to build a continuous validation loop between your Red and Blue teams. ▶ Vendor Truth: Why "Professional Services" are often just a band-aid for product design gaps. Subscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges. https://ztjourney.com LinkedIn YouTube Disclaimer: The views expressed are those of the speakers.

    25 min

  4. 12/28/2025

    Episode 37: Zero Trust is essential for SMBs, not a luxury

    Host: Dr. Victor Monga (https://www.linkedin.com/in/victorvirtual) Co-Host: Zach Pugh (https://www.linkedin.com/in/zachary-pugh) Co-Host: Steve Turner (https://www.linkedin.com/in/beingageek) What You'll Learn: The SMB Target on Your Back: Why believing you are "too small to be targeted" is a fatal error, and why cybercriminals actively hunt for SMBs with weak defenses.Zero Trust on a Budget: How to implement Zero Trust principles—focusing on identity and context rather than just technology—without needing a massive security team or budget.The First Line of Defense: Why Multi-Factor Authentication (MFA) is the non-negotiable first step for any SMB looking to secure their infrastructure.Compliance vs. Security: Understanding why compliance is just a baseline, and how Zero Trust helps you meet standards while actually securing your assets.Asset Visibility: Why you cannot secure what you don't know you have, and the importance of managing assets to prevent devastating financial loss.This episode is a must-listen for SMB owners, IT generalists, and security practitioners looking to build a resilient security posture that protects against the devastating costs of a data breach.Subscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges. https://ztjourney.com LinkedIn YouTube Disclaimer: The views expressed are those of the speakers.

    24 min

  5. 11/10/2025

    Episode 36: I Zero Trust What You’re Saying – Oct 2025

    Welcome to I Zero Trust What You’re Saying – Oct 2025 Edition! In this episode, we break down the latest Zero Trust news, trends, and updates that matter to security practitioners. No hype—just real insights to help you navigate the evolving cybersecurity landscape. Stay informed, stay secure, and as always, Zero Trust everything! 🔗 News Links: --| https://www.cio.gov/zero-trust-data-security-guide-may2025/ --| https://www.meritalk.com/articles/pentagon-to-release-updated-zero-trust-strategy-by-end-of-year/ --| https://govciomedia.com/federal-zero-trust-forum/ --| https://www.cisa.gov/topics/cybersecurity-best-practices/zero-trust --| https://www.securityweek.com/socure-acquires-risk-decisioning-company-effectiv-for-136m/ --| https://news.sophos.com/en-us/2024/10/21/sophos-to-acquire-secureworks-to-accelerate-cybersecurity-services-and-technology-for-organizations-worldwide/ --| https://therecord.media/pokemon-video-game-developer-game-freak-confirms-data-breach --| https://thehackernews.com/2024/10/cloudflare-thwarts-largest-ever-38-tbps.html Subscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges. https://ztjourney.com LinkedIn YouTube Disclaimer: The views expressed are those of the speakers.

    16 min

  6. 11/04/2025

    Episode 35: The Critical Role of Testing in Zero Trust

    Guest: James Plouffe (https://www.linkedin.com/in/jamesplouffe) Host: Dr. Victor Monga (https://www.linkedin.com/in/victorvirtual) In this essential episode, host Dr. Victor Monga sits down with James Plouffe, Principal Analyst at Forrester, to tackle the bold claim that "Zero Trust without testing is a lie." James, who also served as a Technical Consultant on the hit TV show Mr. Robot, shares his expert perspective on why security leaders are experiencing Zero Trust fatigue and how they can prove their progress. What You'll Learn: Zero Trust is a Journey, Not a Destination: Why viewing Zero Trust as a project you can "finish" is fundamentally flawed.The Critical Gap: Why continuous security validation and testing controls are the single most important factors in a Zero Trust strategy.Operationalizing MITRE ATT&CK: How to shift away from old audit checklists and use frameworks like MITRE ATT&CK to create demonstrable proof of your defenses.Overcoming the "People Problem": Strategies for getting buy-in from long-time employees and successfully implementing controls like micro-segmentation without causing friction.The Biggest Win for Least Lift: Where security leaders should invest their resources first to achieve the highest impact (Hint: It’s all about Identity and MFA).Hacking Hollywood: James shares his experiences ensuring technical accuracy on the set of Mr. Robot and meeting actor Rami Malek. This episode is a must-listen for CISOs and security practitioners looking to move beyond theory and build a tangible, well-tested, and effective Zero Trust architecture. Subscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges. https://ztjourney.com LinkedIn YouTube Disclaimer: The views expressed are those of the speakers.

    34 min

  7. 10/27/2025

    Episode 34: SMB Cybersecurity Investment in the Zero Trust Era

    00:00 Introduction to SMB Cybersecurity Challenges 02:43 The Importance of Securing SMBs 05:32 Lack of In-House Expertise in SMBs 08:23 The Cybersecurity Buying Journey for SMBs 11:15 Decision-Making in Cybersecurity Purchases 14:18 Cost of Inaction vs. Cost of Protection 17:03 The Role of AI in Cybersecurity for SMBs 20:06 Advice for SMB Leaders on Cybersecurity Investments Guest: Ken Yao (https://www.linkedin.com/in/kennethyao) Guest: Martin Rivera Neuhaus (https://www.linkedin.com/in/martinriveran) Host: Dr. Victor Monga (https://www.linkedin.com/in/victorvirtual) Protect Your Business and Your Partners! Small and Medium Businesses (SMBs) make up 99.9% of US businesses, but 60% lack a dedicated cybersecurity expert. This leaves them vulnerable—and makes them a massive weak link in the global supply chain. In this vital episode of the Zero Trust Journey podcast, Dr. Victor Monga is joined by Martin Rivera, CEO of Enstall Technologies, and Ken Yao, CEO of Cybers, to discuss the unique challenges SMBs face when trying to buy, implement, and manage cybersecurity solutions. This is a must-listen for every SMB owner, CEO, or business leader who handles sensitive data or is part of a larger supply chain. Learn how to make smart, pragmatic security investments even without an in-house CISO. Highlights: --| The Cost of Inaction: Why getting breached is often a death sentence for an SMB, contrasted with the recovery resources available to large enterprises.  --| Minimal Viable Security: How SMBs can determine their "good enough" security posture and make strategic bets to stay ahead of threat actors.  --| The Buying Lifecycle: Who is the decision-maker for security at a small company (CEO vs. CFO/CTO) and the 5 key factors that drive their purchasing decisions (cost, functionality, UX, compatibility, and support).  --| The CISO Communication Gap: Why technical leaders often fail to secure budget from the CEO, and how to quantify risk in simple business terms (e.g., millions in lost revenue) to get buy-in.  --| The AI Promise: How AI-driven tools can potentially bridge the massive skill gap and help non-IT trained staff manage complex security tools. Subscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges. https://ztjourney.com LinkedIn YouTube Disclaimer: The views expressed are those of the speakers.

    25 min

  8. 10/15/2025

    Episode 33: The Zero Trust Transformation: Shifting from Technical Fix to Cultural Change

    In this episode, we dive deep into the organizational and cultural roadblocks of Zero Trust with Mark Simos, Lead Cybersecurity Architect at Microsoft. Mark, a veteran who has spent over 25 years helping enterprises operationalize security, reveals why failure in Zero Trust often stems not from technical missteps, but from a fundamental misunderstanding of roles, responsibilities, and business incentives. He shares the journey of evolving from a technical expert to a "storyteller" and how that shift is essential for CISOs today. Guest: Mark Simos (https://www.linkedin.com/in/marksimos) Host: Dr. Victor Monga (https://www.linkedin.com/in/victorvirtual) Co-Host: Dr. Victor Monga (https://www.linkedin.com/in/beingageek) Mentioned Resources: Mark Simos on LinkedIn: https://www.linkedin.com/posts/marksimos_security-doesnt-get-better-until-we-correct-activity-7376623700508418048-yEDF?utm_source=share&utm_medium=member_desktop&rcm=ACoAABKQrw8BhNT_WGckKwwZ1zNfi6UkyFkMpZUThe Open Group Security Roles and Responsibilities Standard: https://www.opengroup.org/open-group-july-virtual-event-explore-open-digital-standards-across-industriesMicrosoft Cybersecurity Reference Architecture (MCRA): https://learn.microsoft.com/en-us/security/adoption/mcra Highlights: --| The Two Broken Assumptions: How Zero Trust changes the assumption that the firewall is enough, and—crucially—that security is only the security team's job. --| The CISO's Trap: Why technical CISOs often fail and get rotated out when they talk "speeds and feeds" instead of connecting security to business risk and outcomes. --| Accountability vs. Blame: The critical difference leaders must understand to stop the cycle of finger-pointing and achieve real change. --| The Microsoft SFI Example: How linking executive pay and incentive structures to security metrics drives cultural change across the organization. --| The Role of the Storyteller: Mark's realization that communicating complex technology requires narrative skills to land concepts with business leaders. --| The Future of Jobs: How AI will augment and change tasks, but the fundamental jobs to be done in security (and the need for human expertise) will remain. --| One Key Piece of Advice: The single most important thing a CISO or architect can do to modernize their org structure around Zero Trust. This episode is a must-listen for anyone struggling to move their Zero Trust initiative beyond the technical implementation phase. Mark provides a clear roadmap for embedding security accountability throughout the entire business. Subscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges. https://ztjourney.com LinkedIn YouTube Disclaimer: The views expressed are those of the speakers.

    40 min
See All (40)

Ratings & Reviews

5
out of 5
4 Ratings

About

Zero Trust Journey isn’t about taking sides—it’s about real conversations, sharing research, and learning together. Our goal is to explore Zero Trust from every angle and help cybersecurity practitioners make sense of it in a practical, no-fluff way. And yes, we do love to chat about coffee and listen to the occasional dad joke along the way. Here’s what we do: Conversations with Experts: We chat with subject matter experts who share their opinions, experiences, and Zero Trust journeys.Research and Product Insights: We explore Zero Trust products and solutions in the market that may fit into a Zero Trust architecture.A Zero Trust Architecture: We’re building and refining an ever-growing architecture focused solely on the needs of cybersecurity practitioners.CSA CCZT Study Group: We host a study group for the Cloud Security Alliance (CSA) Certificate of Competence in Zero Trust (CCZT).If you’re a cybersecurity professional looking for honest discussions, practical insights, and tools that evolve with your Zero Trust strategy (plus the occasional coffee tip), Zero Trust Journey is for you. Join us!

Information

  • Creator
    Victor Monga
  • Years Active
    2024 - 2026
  • Episodes
    40
  • Rating
    Explicit
  • Copyright
    © 2026 Zero Trust Journey
  • Show Website
    Zero Trust Journey