Date: Mon, 06 Jun 2022 08:00:00 +0000
<p><span style="font-weight: 400;">Aaron is a DevOps engineer, solution architect, and all-around cybersecurity expert. He works for a global cybersecurity services company, is a member of the Cloud Security Alliance, and is a co-author of the up-and-coming Software Defined Perimeter Specification Version 2. Since last time (episode 18), Aaron was 1.5 years overseas supporting the Army and moved back to the U.S. last year to join Appgate as a Senior Solutions Architect.</span></p> <p> </p> <p><strong>Topics of Discussion:</strong></p> <p><span style="font-weight: 400;">[4:11] What types of things has Aaron observed that programmers don’t typically gravitate towards, but they need to give some attention to in just the overall IT and security space?</span></p> <p><span style="font-weight: 400;">[9:42] Should developers be thinking about zero trust just for their production environments, or should they be thinking about it for their own working environments, as well?</span></p> <p><span style="font-weight: 400;">[13:30] Is there a standard set of tags that someone could use from day one?</span></p> <p><span style="font-weight: 400;">[15:15] A core tenet of Zero Trust is Enterprise Identity Governance.</span></p> <p><span style="font-weight: 400;">[17:35] Do the cloud providers already have this mechanism of automatically discovering via tags and/or is there something that needs to be added to what they provide?</span></p> <p><span style="font-weight: 400;">[22:36] What are the pros and cons of working with smaller vs. bigger companies?</span></p> <p><span style="font-weight: 400;">[24:41] What does Aaron see for the future?</span></p> <p> </p> <p><strong>Mentioned in this Episode:</strong></p> <p><a href="http://architecttips.clearmeasure.com/"><em><span style="font-weight: 400;"> Architect Tips</span></em></a> <span style="font-weight: 400;">— New video podcast!</span></p> <p><a href="https://azure.microsoft.com/en-ca/services/devops/?&OCID=AID736756_SEM_7eul5uID"> <span style="font-weight: 400;">Azure DevOps</span></a></p> <p><a href="https://www.clear-measure.com/"><span style="font-weight: 400;">Clear Measure</span></a> <span style="font-weight: 400;">(Sponsor)</span></p> <p><a href="https://www.amazon.com/NET-DevOps-Azure-Developers-Architecture/dp/1484253426"> <em><span style="font-weight: 400;">.NET DevOps for Azure: A Developer’s Guide to DevOps Architecture the Right Way,</span></em> <span style="font-weight: 400;">by Jeffrey Palermo</span></a> <span style="font-weight: 400;">— Available on Amazon!</span></p> <p><a href="https://www.youtube.com/channel/UC-ROXy08zc-qTA0-3GAQDLw"><span style="font-weight: 400;"> Jeffrey Palermo’s YouTube</span></a></p> <p><a href="https://twitter.com/jeffreypalermo?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor"> <span style="font-weight: 400;">Jeffrey Palermo’s Twitter</span></a> <span style="font-weight: 400;">—</span> <span style="font-weight: 400;">Follow to stay informed about future events!</span></p> <ul> <li style="font-weight: 400;"><a href="https://www.appgate.com/"><span style="font-weight: 400;">Appgate — The leader in Zero Trust Network Access solutions</span></a></li> </ul> <p><a href="https://www.appgate.com/podcast"><span style="font-weight: 400;">Zero Trust Thirty</span></a></p> <ul> <li style="font-weight: 400;"><a href="https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/"> <span style="font-weight: 400;">EO 14028 — Executive Order on Improving the Nation’s Cybersecurity</span></a></li> <li style="font-weight: 400;"><a href="https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf"> <span style="font-weight: 400;">Presidential memo on Moving the U.S. Government Toward Zero Trust Cybersecurity Principles</span></a></li> <li style="font-weight: 400;"><a href="https://www.cisa.gov/search?g=zero%20trust"><span style="font-weight: 400;">CISA’s focus on Zero Trust — 508 search results</span></a></li> <li style="font-weight: 400;"><a href="https://www.cisa.gov/sites/default/files/publications/CISA%20Zero%20Trust%20Maturity%20Model_Draft.pdf"> <span style="font-weight: 400;">CISA’s Zero Trust Maturity Model document</span></a></li> <li style="font-weight: 400;"><a href="https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture"> <span style="font-weight: 400;">NIST — Implementing Zero Trust Architecture</span></a></li> <li style="font-weight: 400;"><a href="https://cloudsecurityalliance.org/research/working-groups/software-defined-perimeter-and-zero-trust/"> <span style="font-weight: 400;">Cloud Security Alliance — Software Defined Perimeter and Zero Trust</span></a></li> <li style="font-weight: 400;"><a href="https://software.af.mil/team/platformone/"><span style="font-weight: 400;">Platform One — “An official DoD DevSecOps Enterprise Services team for the DoD” leveraging CNAP for secure remote access to cloud resources.</span></a></li> <li style="font-weight: 400;"><a href="https://dodcio.defense.gov/Portals/0/Documents/Library/CNAP_RefDesign_v1.0.pdf"> <span style="font-weight: 400;">Department of Defense (DoD) Cloud Native Access Point (CNAP) Reference Design (RD)</span></a></li> </ul> <p> </p> <p><strong>Want to Learn More?</strong></p> <p><span style="font-weight: 400;">Visit</span> <a href="http://azuredevopspodcast.clear-measure.com/"><em><span style="font-weight: 400;">AzureDevOps.Show</span></em></a> <span style="font-weight: 400;">for show notes and additional episodes.</span></p>