A Game Changer - TIC 3.0 with Sean Connelly
CISA TIC Program Manager, Sean Connelly, speaks with our Federal CISO, Danny Connelly, about the game changing aspects of TIC 3.0 and what it means for the federal government.The Office of Management and Budget (OMB) Memorandum M-19-26, “Update to the Trusted Internet Connection (TIC) Initiative”, provides agencies a modernized approach to implement the TIC initiative (TIC 3.0).The initial implementation of Trusted Internet Connections (TIC), as mandated by OMB in 2007 required agencies to consolidate external connections and deploy common tools to enhance network security across the Federal Government. This required “agency traffic to flow through a physical TIC access point, which has proven to be an obstacle to the adoption of cloud-based infrastructure.”On this episode of the CISOs Gambit, Zscaler Federal CISO, Danny Connelly speaks with Sean Connelly, CISA TIC Program Manager about TIC 3.0 and the game changing aspects that enable federal agencies to move away from legacy network security solutions and modernize cybersecurity. What is TIC 3.0? What’s different from previous iterations of the TIC requirements and what are the benefits of leveraging the TIC 3.0 framework? What is the Cloud Log Aggregation Warehouse (CLAW)? TIC 3.0 and NIST 800-207 (Zero Trust Architecture) go hand in hand, can you share some perspective on how those critically important standards and TIC 3.0 requirements were developed? The Presidential Executive Order highlighted significant cyber security enhancements needed across the federal government, what is your perspective on the EO and how does TIC 3.0 help agencies meet the intent of the EO. Can you share some observations on use cases agencies have implemented and have proven to be successful? Basically who would you say has done it well and can you share any lessons learned that might help other agencies? What’s the best way for agencies to get up to speed on TIC 3.0 and the various components of the framework like, PEPs and how to leverage the security capabilities matrix? Where can an agency start?
25 Jun 2021
SASE: Secure Access Service…Endpoint?
The Zscaler CISO team has been hearing the same question in their day-to-day interactions: should I deploy zero trust: at the edge or at the endpoint? In this podcast, they share their perspectives on why a layered defense is critically important to protect organizations from today's threats. SASE + EDR = “Better Together”, and the team clears up some uncertainties about things like: Is the endpoint a realistic option to base your security stack? What gaps are created if an organization focuses their security strategy exclusively around endpoints and Zero Trust? What is the ideal reference security architecture for the future given what we've seen with a company's digital transformation program?
11 Jun 2021
Would you like some business enablement with your cybersecurity?
The Zscaler CISO team looks at the inherent tension between business enablement and cyber security that plays out in many organizations. How do you balance the need for strong security AND still adopt cloud-and mobile-technologies that allow for business agility, resiliency, and user productivity? Why is user experience important to successful enterprise security? What are the common challenges for a CISO to simultaneously deliver risk reduction and employee productivity outcomes for the business? How do you bridge the gap between security concerns and business needs? Control Freak overview - Preventive, Detective and Response
28 May 2021
Ransomware, Critical Infrastructure, Executive Orders, Oh My…
The Zscaler CISO team delves into what happened at Colonial Pipeline, and the federal government’s response to the attack in the form of the Executive Order on Improving the Nation’s Cybersecurity. What the Colonial Pipeline attack was The nature of ransomware attacks The issues with Colonial Pipeline’s response Some details on how the the new EO addresses Colonial Pipeline reporting failures
21 May 2021
Most Popular Podcasts
The Zscaler CISO team looks at the 25-year-old technology of Virtual Private Networks (VPN), and recent VPN vulnerabilities that have hit the news. In this episode, they cover: DHS CISA’s Emergency Directive 21-03 VPN’s diminishing legacy Modernized remote access with Zero Trust
23 Apr 2021
Hey! You! Get Offa My Cloud!
The Cloud Act is a 2018 set of regulations that impact enterprise and network security. How is it important to CISOs, enterprises, and organizational security? The team looks at: What is the Cloud Act? CISO experiences with the Cloud Act How we are helping customers with Cloud Act challenges
23 Apr 2021
Don’t forget to inspect! SSL inspection and cyber threats
In this episode, Brad Moldenhauer, Marc Leuck, Nicolas Casimir, and Danny Connelly of the Zscaler CISO team cover the ins and outs of SSL inspection for enterprise cybersecurity posture. They review: The importance of SSL inspection The implementation challenges of SSL inspection Privacy and legal challenges associated with SSL inspection Encrypted traffic threat landscape
19 Apr 2021
Welcome to The CISO's Gambit!
The COVID-19 crisis was a massive shift for how enterprises looked at security, and more importantly, acceptance of risk. Brad and Danny discuss how the change impacted: Risk and threat exposure for cybersecurity postures Role of the CISO as a thought leader COVID-19 cybersecurity concerns Zero Trust as a remedy
19 Apr 2021