I'm also a security nerd. I've been in the infosec world for long enough to realise, that the current model of managing people and data security is not working. It's expensive, facing a skills shortage and doesn't deliver what it should.
The TLDR; - just be suspicious of everything. Every request, every device and don't just use username and password to authenticate someone. Ever. Don't trust your private LAN. Ever. Assume everything you manage - every application, API, service and piece of data, as being potentially accessible from the Internet.
That is basically bad. Think eavesdroppers, attackers, malware and more.
Think as if your firewall didn't exist - sorry firewall folks.
This site is basically just a blog and collection of anything that happens to be Zero Trust related.
Get involved. Comment. Add stuff.
For transparency, I am a Product Manager at Digital Identity ISV ForgeRock.
For my other blogs, comments, media and history see my home on the Internet.
Copyright @ All Rights Reserved