loader from loading.io

Episode 69: Junaid Islam on Zero Trust Architecture

OODAcast

Release Date: 06/04/2021

Episode 99: David Greenberg on Decision-making in Volatile Markets show art Episode 99: David Greenberg on Decision-making in Volatile Markets

OODAcast

While the OODA Loop was been heralded in the domain of conflict, we often find the concept in business and there is no greater business analogy to dogfighting that David Greenberg's experience as a trader on the floor of the world's largest physical commodities exchange. David's job required rapid decision making based on constantly changing information and the mental fortitude to move onto the next decision and rapidly learn from both successes and mistakes. In addition to his work as a trader, David also guided the New York Mercantile Exchange (NYMEX) through its largest period of growth and...

info_outline
Episode 98:  John Spencer on Connected Soldiers and the Future of Conflict show art Episode 98: John Spencer on Connected Soldiers and the Future of Conflict

OODAcast

John Spencer is a writer, thinker, speaker scholar who currently serves as the Chair of Urban Warfare Studies at the US Military Academy. He brings the experience of a veteran who has led in combat to his work, and in his latest book, Connected Soldiers, also provides insights from his time as a stay at home parent as his wife deployed. His analysis of connectivity and ints impact from multiple angles makes his book a very well rounded examination of how the Internet age is transforming how nations go to war. In this OODAcast we discuss the book as well as John's career and insights he has for...

info_outline
Episode 97: Duyane Norman on Disrupting the CIA to Deal with Emerging Threats show art Episode 97: Duyane Norman on Disrupting the CIA to Deal with Emerging Threats

OODAcast

Duyane Norman spent nearly 30 years in the CIA with three Chief of Station and multiple other tours in a variety of interesting geographies and also had a focus on technology issues serving as Deputy Director of the Office of Technical Service within CIA’s Directorate of Science and Technology, and as a member of the CIA Counterterrorism Center’s Incident Response Team. Duyane established a reputation as an innovator and a disruptor looking for ways for the intelligence services to flourish given the fast pace of technological change and the dynamic threats emerging on the global...

info_outline
Episode 96: First Federal CISO Greg Touhill on Advanced Cybersecurity by Design show art Episode 96: First Federal CISO Greg Touhill on Advanced Cybersecurity by Design

OODAcast

Greg Touhill is one of the nation’s premier cybersecurity, information technology and risk management leaders. As an Air Force officer he led technology efforts in some of our nation's most demanding organizations including combatant commands during time of war. He is an accomplished speaker and author and business executive and also served as our nation's first Chief Information Security Officer (CISO). Touhill is currently the director of the Carnegie Mellon University Software Engineering Institute's CERT Division. In this capacity he leads one of the most highly regarded organizations in...

info_outline
Episode 95: Former Tenable CEO Ron Gula Applies a Hacker Mindset to Investing, Public Awareness, and Philanthropy show art Episode 95: Former Tenable CEO Ron Gula Applies a Hacker Mindset to Investing, Public Awareness, and Philanthropy

OODAcast

In this OODAcast, we interview Ron Gula, co-founder and CEO of the highly successful Tenable Security(NASDAQ:TENB) and currently President of Gula Tech Adventures. Ron has a long history in the cybersecurity field that includes starting his career as an NSA hacker and then transitioning into an entrepreneur responsible for multiple innovations in the market and several successful companies. Ron remains a hacker at heart, and currently focuses his energy on investing in and mentoring emerging companies, improving public awareness on cybersecurity, and engaging in philanthropic efforts. In our...

info_outline
Episode 94: Jim Lawler on the Art of Espionage and the Perfect Intelligence Operation show art Episode 94: Jim Lawler on the Art of Espionage and the Perfect Intelligence Operation

OODAcast

In this OODAcast, we talk with Jim Lawler who is a Senior Partner at MDO Group, which provides HUMINT training to the Intelligence Community and the commercial sector focused on WMD, CI, technical and cyber issues. Mr. Lawler is a noted speaker on the Insider Threat in government and industry. Prior to this, Mr. Lawler served for 25 years as a CIA operations officer in various international posts and as Chief of the Counterproliferation Division's Special Activities Unit.  We talk with Jim about his career in intelligence and national security, his views on the current threats including...

info_outline
Episode 93: Lifelong Hacker and Experienced Security Executive Alyssa Miller, Author of Cybersecurity Career Guide show art Episode 93: Lifelong Hacker and Experienced Security Executive Alyssa Miller, Author of Cybersecurity Career Guide

OODAcast

Alyssa Miller is a life-long hacker and highly experienced security executive who has a passion for security and the security community. She is an excellent advocate for continuous improvement in the community and a frequent speaker to audiences of both fellow business leaders and security community audiences. This combined with her deep experience in the industry makes her the perfect person to research and write the Cybersecurity Career Guide. The guide is a much needed  resource  for our community. In this OODAcast we ask Alyssa for context of use to cybersecurity professionals,...

info_outline
Episode 92: Dr. Scott Shumate Profiles Russian President Vladimir Putin show art Episode 92: Dr. Scott Shumate Profiles Russian President Vladimir Putin

OODAcast

This OODAcast is a special edition focused on profiling Russian President Vladimir Putin with Dr. Scott Shumate, who has over 30 years of experience evaluating national leaders, terrorists, spies, and insiders.  Scott shares his unique perspective's on Putin informed by his extensive experience and insight.  During this session we explore: Is Putin suicidal? Is Putin a rational actor? How would Putin feel about an escalatory use of cyber attacks? What is Putin's primary motivation in attacking the Ukraine? How does Putin value propaganda? Should we expect more nuclear bravado from...

info_outline
Episode 91: Chris Butler on the Value of Adversarial Thinking in Product Design and Management show art Episode 91: Chris Butler on the Value of Adversarial Thinking in Product Design and Management

OODAcast

In this OODACast, Matt talks with Chris Butler about how concepts like adversarial thinking can be applied to product design and management.  Chris is an exemplar of someone who has excelled in his field but also looks to study and bring disruptive ideas like randomness and future framing from other disciplines to determine their value and applicability in product management.   As it turns out, he's a big fan of John Boyd's OODA Loop and even made a trip to the Boyd archives where he discovered that Boyd was a fan of a certain science fiction book.   Chris Butler is a...

info_outline
Episode 90:  John Chambers on Risk and Opportunity in the Modern Age show art Episode 90: John Chambers on Risk and Opportunity in the Modern Age

OODAcast

John Chambers is the legendary former CEO of Cisco, a company he helped grow from $70 million in revenue per year when he joined in 1991 to $1.2 billion a year the year he became CEO to over $48 billion a year by the time he retired in 2015. As a leader John was always known for far more than just revenue growth, he was skilled at building an organization that treated people well, including employees, customers and the community. In this OODAcast we discuss John's book, , which shares his insights into leadership including leadership of organizations that need to disrupt themselves. The...

info_outline
 
More Episodes

In this OODAcast we provide insights into Zero Trust architectures from an experienced practitioner, Junaid Islam.

Junaid is a senior partner at OODA. He has over 30 years of experience in secure communications and the design and operations of highly functional enterprise architectures. He founded Bivio Networks, maker of the first gigabyte speed general purpose networking device in history, and Vidder, a pioneer in the concept of Software Defined Networking. Vidder was acquired by Verizon to provide Zero Trust capability for their 5G network. Junaid has supported many US national security missions from Operation Desert Shield to investigating state-sponsored cyberattacks. He has also led the development of many network protocols including Multi-Level Precedence and Preemption (MLPP), MPLS priority queuing, Mobile IPv6 for Network Centric Warfare and Software Defined Perimeter for Zero Trust. Recently Junaid developed the first interference-aware routing algorithm for NASA’s upcoming Lunar mission. He writes frequently on national security topics for OODAloop.com.

We discuss Junaid's approaches to zero trust networking. His approach is to always start with the needs of the business. From there he works with organizations to ensure a comprehensive assessment of the existing architecture is done, since every organization already has some elements of a zero trust approach in play. Junaid highlights that one of the biggest mistakes he sees organizations make is skipping this gap analysis and moving right to purchase of products or services. This frequently ends up being a negative to the project.

Today's global businesses operate with many partners, providers and suppliers and zero trust designs must be established with this unique mix in mind to optimize the use of technology in support of core business needs.

Junaid provides insights into many of the products he encounters in zero trust architecture work.

 

Related Reading:

Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking

The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: OODA Cybersecurity Sensemaking

From Solar Sunrise to Solar Winds: The Questionable Value of Two Decades of Cybersecurity Advice

While the Ware Report of 1970 codified the foundations of the computer security discipline, it was the President’s Commission on Critical Infrastructure Protection report of 1997 that expanded those requirements into recommendations for both discrete entities as well as the nascent communities that were growing in and around the Internet. Subsequent events that were the result of ignoring that advice in turn led to the creation of more reports, assessments, and studies that reiterate what was said before. If everyone agrees on what we should do, why do we seem incapable of doing it? Alternately, if we are doing what we have been told to do, and have not reduced the risks we face, are we asking people to do the wrong things?  See: From Solar Sunrise to Solar Winds: The Questionable Value of Two Decades of Cybersecurity Advice

If SolarWinds Is a Wake-Up Call, Who’s Really Listening?

As the U.S. government parses through the Solar Winds software supply chain breach, many questions still remain as to the motive, the entities targeted, and length of time suspected nation state attackers remained intrenched unseen by the victims.  The attack stands at the apex of similar breaches in not only the breadth of organizations compromised (~18,000), but how the attack was executed. See: If SolarWinds Is a Wake-Up Call, Who’s Really Listening?

Executive Level Action In Response to Ongoing Massive Attacks Leveraging Microsoft Vulnerabilities

This post provides executive level context and some recommendations regarding a large attack exploiting Microsoft Exchange, a system many enterprises use for mail, contact management, calendar/scheduling and some basic identity management functions. This attack is so large and damaging it is almost pushing the recent Solar Winds attacks off the headlines. Keep in mind that till this point, the Solar Winds attack was being called the biggest hack in history. So this is a signal that the damage from this one will also be huge. See: Executive Level Action In Response to Ongoing Massive Attacks Leveraging Microsoft Vulnerabilities