Bob’s House of Widgets: A Fictional Enterprise’s Zero Trust Journey (part 1)

Posted: Sunday May 21, 2023
Author: Jason Garbis

There is a lot of activity (and noise) in our industry around Zero Trust, but despite all the chaos there’s a clear need for enterprise guidance and examples of success. Getting real-world enterprises to tell their stories isn’t always easy, as security teams are often cautious about sharing too much information.

And sadly we don’t yet have a reality TV series about an enterprise infosec team, although this could make for a compelling show. (Episode 7: Patch Tuesday! Mark experiences a high degree of stress when the Chicago sales director is unable to update her laptop. Will they be able to solve the problem before she gets on the insecure WiFi at O’Hare airport? Side story; How trustworthy are their backups, really?).

In lieu of this, I partnered with colleague and frequent collaborator, Chris Steffen, to create a fictionalized enterprise Zero Trust story. We’re using Chris’ favorite imaginary business, Bob’s House of Widgets – a leading provider of enterprise widgets with a reasonable-but-imperfect IT and security infrastructure.

In this first episode, Chris and I set up the story, and talk a bit about how we’re going to be structuring the story, using the CISA Zero Trust Maturity Model pillars as our framework. So enjoy the first video and stay tuned for future episodes.