Netskope debuts as a Leader in the 2024 Gartner® Magic Quadrant™️ for Single-Vendor Secure Access Service Edge Get the report

close
close
  • Why Netskope chevron

    Changing the way networking and security work together.

  • Our Customers chevron

    Netskope serves more than 3,400 customers worldwide including more than 30 of the Fortune 100

  • Our Partners chevron

    We partner with security leaders to help you secure your journey to the cloud.

A Leader in SSE.
Now a Leader in Single-Vendor SASE.

Learn why Netskope debuted as a leader in the 2024 Gartner® Magic Quadrant™️ for Single-Vendor Secure Access Service Edge

Get the report
Customer Visionary Spotlights

Read how innovative customers are successfully navigating today’s changing networking & security landscape through the Netskope One platform.

Get the eBook
Customer Visionary Spotlights
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling
Your Network of Tomorrow

Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.

Get the white paper
Your Network of Tomorrow
Introducing the Netskope One Platform

Netskope One is a cloud-native platform that offers converged security and networking services to enable your SASE and zero trust transformation.

Learn about Netskope One
Abstract with blue lighting
Embrace a Secure Access Service Edge (SASE) architecture

Netskope NewEdge is the world’s largest, highest-performing security private cloud and provides customers with unparalleled service coverage, performance and resilience.

Learn about NewEdge
NewEdge
Netskope Cloud Exchange

The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.

Learn about Cloud Exchange
Netskope video
The platform of the future is Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Next Gen SASE Branch is hybrid — connected, secured, and automated

Netskope Next Gen SASE Branch converges Context-Aware SASE Fabric, Zero-Trust Hybrid Security, and SkopeAI-powered Cloud Orchestrator into a unified cloud offering, ushering in a fully modernized branch experience for the borderless enterprise.

Learn about Next Gen SASE Branch
People at the open space office
Designing a SASE Architecture For Dummies

Get your complimentary copy of the only guide to SASE design you’ll ever need.

Get the eBook
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope achieves FedRAMP High Authorization

Choose Netskope GovCloud to accelerate your agency’s transformation.

Learn about Netskope GovCloud
Netskope GovCloud
  • Resources chevron

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog chevron

    Learn how Netskope enables security and networking transformation through secure access service edge (SASE)

  • Events and Workshops chevron

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined chevron

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

Data Lakes, Security, & Innovation
Max Havey sits down with guest Troy Wilkinson, CISO at Interpublic Group (IPG), for a deep dive into the world of data lakes.

Play the podcast Browse all podcasts
Data Lakes, Security, & Innovation
Latest Blogs

Read how Netskope can enable the Zero Trust and SASE journey through secure access service edge (SASE) capabilities.

Read the blog
Sunrise and cloudy sky
SASE Week 2024

Learn how to navigate the latest advancements in SASE and Zero Trust and explore how these frameworks are adapting to address cybersecurity and infrastructure challenges

Explore sessions
SASE Week 2024
What is SASE?

Learn about the future convergence of networking and security tools in today’s cloud dominant business model.

Learn about SASE
  • Company chevron

    We help you stay ahead of cloud, data, and network security challenges.

  • Customer Solutions chevron

    We are here for you and with you every step of the way, ensuring your success with Netskope.

  • Training and Accreditations chevron

    Netskope training will help you become a cloud security expert.

Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Netskope’s talented and experienced Professional Services team provides a prescriptive approach to your successful implementation.

Learn about Professional Services
Netskope Professional Services
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working
Post Thumbnail

On the latest episode of Security Visionaries, co-hosts Max Havey and Emily Wearmouth sit down for a conversation with guest Chase Cunningham (AKA Dr. Zero Trust) about zero trust and national security. Drawing from his vast experience in both the Navy and cyber forensics, Chase discusses the significance of national governments adopting a strategic approach to cybersecurity. Listen as he examines the evolving cyberattack landscape and whether a Geneva Convention for cyber would be effective. Chase doesn’t shy away from the tough issues, as he discusses the ethical challenges faced by democratic nations in a world where some adversaries play by different rules and he also shares interesting insights from his career journey both in the public and private sectors. Don’t miss this episode packed with invaluable insights into cybersecurity, national security, and the zero trust framework.

At the national level, really, what I think that folks have to remember is, this is about if you accept the digital living, if you will, is a kind of a human right now for most people on planet Earth, you have a right to also operate in a safe and secure manner as well. And how we do that is going to be via these strategic initiatives that will make the difference. So I think that it is a categorical shift in the approach overall. And it’s really good to see that there are governments aligning on this as well.

—Chase Cunningham, Vice President of Security Market Research at G2
Chase Cunningham

 

Timestamps

*00:01 - Introductions*10:26 - Democratic Nations and Ethical Standards in Cyber
*01:24 - Zero Trust Origins*11:55 - Military Background and Cybersecurity
*03:55 - National Government Adoption of Zero Trust*13:51 - Contested Space Concept
*07:37 - Evolving Cyber Attack and National Cyber Defense Landscape*19:06 - Skills Transfer between Public and Private Sector
*09:16 - Geneva Convention for Cyber*22:01 - Conclusion

 

Other ways to listen:

green plus

On this episode

Chase Cunningham
(AKA Dr. Zero Trust)
Vice President of Security Market Research at G2

chevron

Chase Cunningham

Known in the cybersecurity industry as “Dr. Zero Trust,” Chase Cunningham has extensive experience in all aspects of enterprise security. Before joining G2 as Vice President of Security Market Research, he was the former CSO at Ericom Software. He was also previously Vice President Principal Analyst at Forrester where he tracked and covered all aspects of enterprise security, including zero-trust trends, technologies, and frameworks. Creator of the Zero Trust eXtended framework and a cybersecurity expert, Chase has decades of operational experience working in various capacities supporting NSA, US Navy, FBI Cyber, and other government mission groups. Chase was also a Forrester analyst tasked with managing and developing their zero trust portfolio of accounts and leading the research in that channel.

Emily Wearmouth
Director of International Communications and Content at Netskope

chevron

Emily Wearmouth

Emily Wearmouth is a technology communicator who helps engineers, specialists and tech organisations to communicate more effectively. At Netskope, Emily runs the company’s international communications and content programmes, working with teams across EMEA, LATAM, and APJ. She spends her days unearthing stories and telling them in a way that helps a wide range of audiences to better understand technology options and benefits.

LinkedIn logo

Max Havey
Senior Content Specialist at Netskope

chevron

Max Havey

Max Havey is a Senior Content Specialist for Netskope’s corporate communications team. He is a graduate from the University of Missouri’s School of Journalism with both Bachelor’s and Master’s in Magazine Journalism. Max has worked as a content writer for startups in the software and life insurance industries, as well as edited ghostwriting from across multiple industries.

LinkedIn logo

Chase Cunningham

Known in the cybersecurity industry as “Dr. Zero Trust,” Chase Cunningham has extensive experience in all aspects of enterprise security. Before joining G2 as Vice President of Security Market Research, he was the former CSO at Ericom Software. He was also previously Vice President Principal Analyst at Forrester where he tracked and covered all aspects of enterprise security, including zero-trust trends, technologies, and frameworks. Creator of the Zero Trust eXtended framework and a cybersecurity expert, Chase has decades of operational experience working in various capacities supporting NSA, US Navy, FBI Cyber, and other government mission groups. Chase was also a Forrester analyst tasked with managing and developing their zero trust portfolio of accounts and leading the research in that channel.

Emily Wearmouth

Emily Wearmouth is a technology communicator who helps engineers, specialists and tech organisations to communicate more effectively. At Netskope, Emily runs the company’s international communications and content programmes, working with teams across EMEA, LATAM, and APJ. She spends her days unearthing stories and telling them in a way that helps a wide range of audiences to better understand technology options and benefits.

LinkedIn logo

Max Havey

Max Havey is a Senior Content Specialist for Netskope’s corporate communications team. He is a graduate from the University of Missouri’s School of Journalism with both Bachelor’s and Master’s in Magazine Journalism. Max has worked as a content writer for startups in the software and life insurance industries, as well as edited ghostwriting from across multiple industries.

LinkedIn logo

Episode transcript

Open for transcript

Max Havey Hello, and welcome to the Security Visionaries Podcast, a show where we invite cybersecurity leaders from across domains and industries to come and talk to us about interesting stuff. I'm your host, Max Havey, and today we're diving into the world of Zero Trust and national security with our guest, Chase Cunningham, better known as Dr. Zero Trust. I'll give a quick intro to Chase for those who don't already know him or perhaps didn't catch him parading around RSA dressed as Macho Man Randy Savage. Chase started his career as a Navy cryptologist and has 20 years experience in cyber forensics and analytic operations. Over the years, he's held roles as a technology market analyst, a CISO, and a strategic advisor. He's also published numerous books and runs his own podcast, also called Dr. Zero Trust. Welcome, Chase.

Chase Cunningham Hey, thanks for having me on. I appreciate you bringing up the Macho Man thing too. [laughter]

Max Havey Absolutely. That was a highlight of my RSA experience, for sure.

Chase Cunningham I'm trying to get over the trauma of doing that, but hey, when you lose a bet, you lose a bet.

Max Havey There are much worse ways to go about that. And also joining us today is my co-host, Emily Wearmouth, who I can see is eagerly brandishing a very long list of things she wants to talk to Chase about.

Emily Wearmouth Hi, Max. Good to have you on, meet you. Who's on whose podcast here? I'm not quite sure. [laughter]

Max Havey So Emily, do you wanna jump in with some questions for Chase here to start off?

Emily Wearmouth I would love to, if I can start. Brilliant. Well, Chase, we had John Kindervag on the podcast a couple of weeks back, and I don't wanna start any fights, but he happily goes by the name of the Godfather of Zero Trust. And obviously you're Dr. Zero Trust. I wondered if you could give us your side of the origin story of Zero Trust. Where were you when it came into existence? What was your involvement? And what was the initial reaction from the world?

Chase Cunningham Yeah. So John definitely deserves the "Godfather" 'cause this was his conceptual approach to things. And if you're talking about a security visionary, John's the one. I'm just a, I guess, you'd call like a "stepchild" in that whole framework. But for me, when I got to Forrester, John actually recruited me to Forrester. When I got there, John kind of said, "Look, you're probably gonna take over the Zero Trust thing." And to be perfectly honest, I was pretty irritated about it because I was like, "Look, I wanna start my own approach to the market. I don't wanna follow up on anybody's coattails." And then the more I looked at it from the perspective of "because I'd been on the offensive side of cyber in the national intelligence community," I looked at it and said, "You know what? This actually is pretty dang solid. And it would make a heck of a difference from the perspective of 'If Zero Trust was in place, I would be unable to be operationally capable as a red team or as a bad guy.'" So that to me was where it was like, "Okay, cool. How do we take this to a different formalized approach?" Because I had not been too far removed from finishing my doctorate, so I was really into taking concepts and putting them into applied frameworks. So it just wasn't anything super amazing on my part. It was really more of like, "I just happened to be in the right place at the right time and saw an opportunity."

Emily Wearmouth Perfect. Who wouldn't embrace an opportunity like that? What I really want to get into with you today, though, we talked about an organizational implementation of Zero Trust with John. I would like to talk with you a little bit more about national government adoption of Zero Trust. And we have seen, particularly in the last six months or so, governments around the world really embrace the concept and put out advisory notices to organizations within their territory, but also start to look at how they use Zero Trust to inform the way they build their national cybersecurity defense strategies. I wondered if you had any initial thoughts about, what does that mean when you're running Zero Trust into a national situation rather than an organizational? Are there any major differences between those two scenarios?

Chase Cunningham Well, the biggest one is that you have the heft of a federal government that can come behind something and actually say, "You have to do this." And that's what you're seeing in the US federal government, where they've allocated a couple of billion dollars. There's laws that are in draft stages. It is a really big thing for the US DoD. Fast forward, and Australia used to have this thing... Well, they still have it. It was called the "Essential Eight," and myself and a really awesome lady at Forrester named Jinan Budge wrote up a paper about adapting the Australian Essential Eight to ZT. And then now they've come up with a whole of government move towards Zero Trust. I think the UK government is doing that to a degree as well. But the reality of it is when you have these large mega organizations with lots and lots of money behind it and they're saying, "This is how we're going to do it all the way up in the US to the president of the United States," it's substantial and it's... John talks about changing the incentive structure. That's really what we're seeing here. We're moving away from all time stick to sort of carrot-and-stick, which is better. And we'll continue to get there.

Chase Cunningham And at the national level, really, what I think that folks have to remember is, this is about if you accept the digital living, if you will, is a kind of a human right now for most people on planet Earth, you have a right to also operate in a safe and secure manner as well. And how we do that is going to be via these strategic initiatives that will make the difference. So I think that it is a categorical shift in the approach overall. And it's really good to see that there are governments aligning on this as well. Because security is the only space that I've been able to find where industry follows government; usually it's the other way around, and we're seeing that in real time.

Emily Wearmouth On that point of who's following who and where you start, if you're looking at this from a national perspective, where do you start with Zero Trust? We talked about on an organizational level what you might select as your order in which you approach things. How do you order things on a national level? Where do you start?

Chase Cunningham Well, the first thing really at the national level is to have a directive that comes out from someone in the food chain that has teeth, right? That was the executive order from the president of the United States that said, "Thou shalt do ZT." I believe the US government has until September 30th of this year to show that they've actually formalized the process and put it in place. Doesn't mean they're done with Zero Trust. It just means they had 180 days to say, "This is what we're doing, how we're doing it, we have a plan and etc, etc." So that's the first thing that has to happen. The second thing that I really think has to happen is, you have to have some of these follow-on tactical capabilities to go off and actually ensure that what has been mandated is being done.

Chase Cunningham 'Cause that's been the biggest problem that we've had in cyber at the national level, is we've got lots of compliance initiatives and we got a lot of requirements, but they're not usually taken very seriously. It's a pencil whipping exercise. People figure out ways around it. Self-certification is one of the dumbest things I've ever heard of in the history of dumb. And, [chuckle] you know, we're just not pushing it forward enough. So that's where this is starting to go, is that it has to happen that way. You have strategy that's guided and led and required by leadership, and then you have tactical execution to do the things to make sure that that's actually in place.

Max Havey Do you have any thoughts on the evolving cyber attack or national cyber defense landscape? Are there any threats that are sort of a lead in that realm?

Chase Cunningham Well, we're... As a nation, the US is constantly... And the UK, too. We're like, we're constantly under attack from a variety of organizations. And I always think it's worth people understanding, too. There's no Geneva Convention in cyber. There is no agreement of terms. This is a space where every country on the planet is literally competing to get a leg up on the competition. So the US is doing things, the French are doing things, the Israelis. It doesn't really matter who you are. This is a space where you can gain competitive advantage. And the other interesting part of it, too, is cyber warfare has become the bridge between espionage and kinetic conflict. And that's what you're looking at, is you're seeing nation states that are trying to cause changes at the national level. And they don't have to do it anymore by putting boots on the ground. You can do this via social media, you can do it via electronic systems, you can take down critical infrastructure. That is the future of what it looks like to be a player in the digital space. And China and Russia a