This one was inspired by a conversation with a friend who red teams for a well known consultancy… I have a vendor hat, I will remove said hat for this presentation. The purpose of this talk is to take a ""neutral"" look at Zero Trust in the wild and dissect what market analysts promise vs the realities of implementing it. This talk looks at:
* Technical debt that often gets inherited along the way
* Control gaps we lose as we dash headlong into the cloud and how we might replace them
* New weaknesses that Zero Trust implementations bring by virtue of how “Zero Trust” software sometimes works
I'll go into the catalogue of vulnerabilities and weaknesses that I've been building surrounding Zero Trust technologies and make some observations about where we might do better.