Chase Cunningham

I get asked two questions at least weekly, in some cases almost daily: Where do we start for Zero Trust? — Fix your IAM and user side of the equation. What is the difference between other frameworks and Zero Trust? — OK, now we can get down to the nuts and bolts on this one. Zero Trust turned 10 years […]

Last week was the annual RSA Conference. Estimates are that more than 45,000 security personnel, business professionals, and leaders attended the event, up from 35,000 last year. Regardless of the numbers, it was an epic display of how prevalent cybersecurity has become. As expected, a few buzzwords rang throughout the Moscone Center halls. Artificial intelligence, […]

It is high time for Forrester to demonstrate Zero Trust in a practical application scenario, our upcoming virtual reference architecture project aims to do just that.

We just wrapped up five months of in-depth research focused on providing some clarity into what technologies from which vendors actually enable Zero Trust (not just talk about it). It didn’t take long to discern those among the vendor community that really embraced the strategic benefits of Zero Trust — and those that seemed to just […]

Sending malicious payloads and packets is no longer the standard in threat operations. In today’s world of massive social media presence and influence, malicious actors can bring an organization to its knees — 280 characters at a time. This isn’t an attack on your infrastructure but an attack of computational propaganda aimed to shape a divisive […]

I have done a few exercises on implementing Zero Trust and Zero Trust eXtended (ZTX) in enterprises. The impetus behind these exercises from a strategy standpoint is that the participating organizations have leaders that are Forrester clients and had read, or at least breezed through, the research that has been published on the topic of […]

I have done a few exercises on implementing Zero Trust and Zero Trust eXtended (ZTX) in enterprises. The impetus behind these exercises from a strategy standpoint is that the participating organizations have leaders that are Forrester clients and had read, or at least breezed through, the research that has been published on the topic of […]

Historically, industry is more forward-leaning than government when it comes to innovation — at least at the unclassified level. But unlike most industries, the US government is driving the cybersecurity market and has been for almost the last decade. Federal fingerprints are everywhere: Where did cybercompliance start? Where did the first frameworks for cyber operations originate? […]

I recently saw another posting/photo from a friend in the industry that showed what amounts to “booth babes” at yet another conference; this time it wasn’t in Vegas, it was in Europe. This issue is one of importance in an industry rife with failure on lots of levels, a lack of available talent, and that […]

Over the past two weeks, I was at the annual shenanigan bonanza that is the RSA Conference and was also invited to sit on a “Shark Tank” panel for emerging technology startups in Miami. In the span of two weeks, I went from seeing big, well-established companies with massive marketing budgets and millions of dollars […]

A few years ago, the concepts of microsegmentation and microperimeters for Zero Trust were championed by former Forrester analyst John Kindervag. He showed us how those concepts and their technologies could enable a more secure enterprise. Once those concepts and their associated best practices hit the street, organizations from VMware to Cisco Systems to Palo […]

I have a good friend who has a small business (roughly 100 employees and two office locations; everything lives in the cloud, no real “network” to speak of) that is doing well. A few weeks ago, over barbecue and range time (some folks play golf, we shoot guns . . . it’s a Texas thing), […]

I am a huge fan of Zero Trust—the simplicity of the concept resonates with clients that read the research authored previously by John Kindervag and more recently myself. The framework’s intrinsic value to security and business processes is readily evident to those who explore how it benefits their security needs.  If we’re honest about Zero […]

After reading through some other blogs and strategy papers over the weekend (don’t judge me; to some of us, this activity constitutes a good time . . . yes, lame . . . I know), I saw what appeared to be an underlying theme across the narratives I’d read: Security tolerates failure. It’s understandable that […]

Every year at Black Hat, the buzzword factory is in full swing. Last year the word of the day was Artificial Intelligence or Machine Learning (or in the off chance you met with someone who knew what they were talking about, they would call it “AI or ML”).  The year before that, the word of […]

Like every other movie buff, geek, or nerd on the planet I am a Star Wars fan.  I think it’s a stellar series (minus the whole Jar Jar Binks thing, anything with that guy in it could be used as an alternative to waterboarding) that has spun a tale for the ages across the better […]

This last week I was fortunate enough to be invited out to Hollywood to participate in a large exercise for the entertainment industry focusing on cyber security planning and threat management.  There were folks in attendance from a variety of organizations, all of which were very interested in just how exposed they might be to […]

Before my last deployment (quite a while ago, thankfully) my unit was training on a variety of tactics to make us all more effective in an operational setting.  That’s the long way of saying we were all getting PT'd repeatedly and learning how terrible we were at stopping the bad guys, luckily we all got […]

Let me pose a question: “Is it a bad thing to give the average person a hand grenade with the pin pulled?” I think most of us would respond to that question with an emphatic “YES!”  No one in their right mind would think it's a good idea in any possible reality to allow anyone […]