Table of Contents
Guide
Pages
Project Zero Trust
A Story about a Strategy for Aligning Security and the Business
George Finney
Copyright 2023 by John Wiley & Sons, Inc. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada and the United Kingdom.
ISBN: 978-1-119-88484-2
ISBN: 978-1-119-88485-9 (ebk.)
ISBN: 978-1-119-88486-6 (ebk.)
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com
. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permission
.
Trademarks: WILEY and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
If you believe you've found a mistake in this book, please bring it to our attention by emailing our Reader Support team at with the subject line Possible Book Errata Submission.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com
.
Library of Congress Control Number: 2022938397
Cover images: Alhovik/Shutterstock; venimo/Shutterstock
Cover design: Wiley
More Wiley Books for Cybersecurity Leaders
Cyber Breach Response That Actually Works: Organizational Approach to Managing Residual Risk by Andrew Gorecki
Cybersecurity and Third-Party Risk: Third Party Threat Hunting by Gregory C. Rasner
How to Measure Anything in Cybersecurity Risk by Douglas W. Hubbard and Richard Seiersen
Navigating the Cybersecurity Career Path by Helen E. Patton
The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter and Kai Roer
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter
Tribe of Hackers Security Leaders: Tribal Knowledge from the Best in Cybersecurity Leadership by Marcus J. Carey and Jennifer Jin
You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions by Ira Winkler and Tracy Celaya Brown
To Amanda and Story
About the Author
George Finney is a Chief Information Security Officer who believes that people are the key to solving our cybersecurity challenges. George is the bestselling author of several cybersecurity books, including the award-winning book Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future (Greenleaf Book Group Press, 2020). George was recognized in 2021 as one of the top 100 CISOs in the world by CISOs Connect. He has worked in cybersecurity for over 20 years and has helped startups, global telecommunications firms, and nonprofits improve their security posture. George is also an attorney, but don't hold that against him.
Acknowledgments
I couldn't have written this book without the help of a huge number of people who were willing to take their time and share their expertise with me. I'd first like to thank my friend and mentor, John Kindervag, for his help throughout my career as I took my organization through our Zero Trust journey and as I developed this story.
I also owe a debt of gratitude to my publisher, Jim Minatel, who not only believed in the project, but that I could actually somehow pull it off. And I'd like to thank the team at Wiley and Sons, particularly John Sleeva, Pete Gaughan, and Melissa Burlock for their invaluable contributions to make this book what it is.
Cybersecurity is a team sport. We can't do what we do without sharing our experiences with one another. When I picked up my phone and began asking for help, the community came together and answered the call. I'd like to personally thank Zach Vinduska for being right there with me all the way through the creation of the book. I'd also like to thank Adam Shostack for his insights and helping make all of the details come to life.
I'd also like to give a huge shout out to my friends and colleagues Jason Fruge, Helen Patton, Eve Maler, Russ Kirby, Rob LaMagna-Reiter, Exodus Almasude, Chase Cunningham, Josh Danielson, Jordan Mauriello, Malcolm Harkins, and Steve King. I consider myself incredibly lucky to know all of you.
And, finally, I'd like to thank my wife Amanda and my daughter Story for their support, their inspiration, and their understanding while I pursued my dream of being a writer.
George Finney
Foreword
When my friend George Finney told me he was going to write a novel about Zero Trust, my initial response was, Why? The idea that anyone would want to read a novel about Zero Trust, let alone write one, was a bit of a head-scratcher. Gratifying, to be sure, but still bizarre. You see, when I first created the concept of Zero Trust, folks thought I was crazy. Not just quirky crazy, like so many of us in IT and cybersecurity, but genuinely insane crazy.
I have spent many years trying to convince people to be open-minded enough to consider building Zero Trust environments. The notion that someone wanted to write a book of fiction revolving around an idea I had created was mind-blowing. So that's how George ended up sitting on my living room sofa while I told him the story of how Zero Trust came to be.
Next page