In this episode, John Martinez, Technical Evangelist at StrongDM, shares insights on Zero Trust and authorization from his travels across major security conferences. Drawing from real conversations in the field, he explores how perceptions of identity security are evolving beyond traditional network boundaries. Tune in for a grounded look at how organizations are approaching Zero Trust today.
Hey everybody.
Welcome to another episode of John Has Trust Issues, where I discuss issues relevant to the world of authorization and zero trust in just a short amount of time.
Thank you for joining me today.
My trust issue today comes from a lot of travel I did in May and June. I spent a lot of time going to conferences across the country, including the East Coast. As someone from California, I’m not used to that kind of weather. Between the delays, the airport chaos, and lost bags, my trust issue is definitely with travel and bad weather.
In all that travel, I had the chance to talk to a lot of people across cybersecurity - architects working on identity, security engineers, DevOps engineers, CISOs, and more.
One question I kept asking was simple: what does zero trust mean to you?
I got a lot of different answers. But one thing is clear - zero trust is top of mind across the industry. And not just in government organizations, where it’s often mandated, but also in private companies. It’s everywhere.
From all those conversations, I’ve come to one conclusion: we’re on the upswing of the zero trust hype cycle. We’ve gone through the peaks, the valleys, and the troughs. It’s felt like a roller coaster. But now, things are moving upward again.
A little background - zero trust has been around since about 2010. Early adoption focused heavily on the network side, especially by firewall vendors who positioned it as a perimeter solution.
But we now understand it’s much more than that.
Zero trust is fundamentally about identity security. It’s about controlling access to resources, devices, and systems - including cloud infrastructure and even network devices themselves.
It’s all part of the same umbrella.
We also have to recognize the role of government organizations like CISA, NSA, and the DoD in shaping the zero trust model. They’ve helped define key principles:
Assume you’re operating in a hostile environment.
Assume breach.
Never trust, always verify.
Verify explicitly.
When you layer identity security on top of those principles, you get close to full zero trust coverage in your environment.
And it’s not just about implementing MFA, although that’s a critical piece. It’s about continuous verification and continuous authorization - something I talk about often here and in my work at StrongDM.
So what did I hear from organizations actively working on zero trust?
First, they have funding. That means this is a real priority.
Second, they have active initiatives. CISOs are being tasked with implementing zero trust across their environments.
Third, they’re actually doing it. Technology has finally caught up to the point where zero trust can be implemented effectively, especially with modern identity and access management solutions.
Of course, I’m partial to StrongDM, where we focus on zero trust in the privileged access management space. But across the industry, identity solutions are helping bring zero trust all the way to the last mile.
That’s my assessment of where zero trust stands right now.
I’d love to hear from you. What does zero trust mean to you? How are you implementing it? And do you agree that we’re on the upswing of the hype cycle?
Let me know in the comments or on LinkedIn.
That’s another episode of John Has Trust Issues. This episode has been brought to you by StrongDM, the modern access management platform that enables continuous zero trust authorization for all of your sensitive and critical resources.
Thank you very much, and have a great day.
