Turning Zero Trust Skeptics into Stakeholders: Practical Strategies from Our Recent Debate

Even among the most forward-thinking organizations, Zero Trust skeptics are everywhere. Some question whether it’s worth the investment. Others worry about complexity, user friction, or ROI. And a few simply dismiss it as marketing hype.

Believe it or not, at Numberline we welcome those skeptics. Because behind every objection is an opportunity to educate, clarify, and build stronger organizational alignment.

In our latest webinar, Zero Trust and Business Value: A Skeptic’s Debate, Founder and CEO Jason Garbis and Founder and CTO Jerry Chapman took a lighthearted but practical approach, donning “skeptic’s hats” and role-playing three familiar personas you’ll encounter on any Zero Trust journey: the IT skeptic, the business skeptic, and the finance skeptic. The result was a candid and engaging conversation about the real-world challenges of turning Zero Trust from theory into practice.

The IT Skeptic: “Isn’t Zero Trust Just Another Vendor Pitch?”

Many IT leaders are understandably wary of buzzwords. After years of “silver bullet” products, it’s easy to view Zero Trust as another marketing repackaging of what they already do. The truth, however, is that Zero Trust is not a technology, it’s a strategy.

Organizations can begin aligning with Zero Trust principles before purchasing new tools by focusing first on architecture, governance and process. Technology becomes valuable only when applied thoughtfully within that strategy.

A strong takeaway from this part of the discussion is that Zero Trust success depends on how technology is implemented, not which vendor’s name appears on the product. Even the best platform will fail if deployed without a clear policy framework and cross-functional alignment.

The Business Skeptic: “Security Slows Us Down”

Business leaders are focused on growth, revenue and customer experience, and security often feels like an obstacle to those goals. Yet Zero Trust, when done right, does the opposite. It enables speed, flexibility, and resilience by modernizing identity and access practices.

Approaches like passwordless authentication, adaptive access, and device posture verification streamline the user experience while protecting sensitive systems. Reducing friction doesn’t mean reducing security; it means integrating it seamlessly into daily workflows.

When resistance arises, it helps to meet business leaders where they are. Focus the conversation on risk reduction, compliance confidence, and the ability to innovate safely. Piloting Zero Trust principles in new business initiatives—like a product launch or regional expansion—can demonstrate value far more effectively than security jargon ever will.

The Finance Skeptic: “Show Me the ROI”

Zero Trust is an investment in resilience, and that investment can absolutely produce measurable returns. While not every benefit appears immediately on a balance sheet, organizations see both direct and indirect financial value, including:

• Reduced operational costs through fewer password resets and manual access requests
• Stronger positioning for cybersecurity insurance and streamlined audit readiness
• Faster recovery and reduced downtime from breaches or ransomware
• Higher utilization of existing security tools once they’re integrated under a unified access framework

Framing Zero Trust in financial terms requires understanding what your CFO values most: measurable outcomes, efficiency gains, and reduced risk exposure. Start small, track metrics, and expand once you’ve proven tangible savings or time reductions. Even modest pilot results, such as fewer help desk tickets or faster onboarding, build credibility for larger investments.

Turning Resistance into Momentum

Every Zero Trust initiative will encounter some degree of skepticism. The key is to listen first, identify the underlying concern, and respond with specific value statements that connect security outcomes to business goals.

Three universal strategies emerged from the discussion:

1. Expect and plan for skepticism. Map the common objections by personas—technical, business, and financial—and prepare clear, evidence-based responses.
2. Translate, don’t preach. Speak the language of each audience. Executives want risk reduction and ROI; IT teams want simplicity and interoperability; users want ease of access.
3. Start small, prove success, and expand. Quick wins, such as replacing VPN access for a limited group, demonstrate progress and create advocates who can influence others.

Ultimately, Zero Trust is complex only when viewed as a single massive project. Taken incrementally, e.g., protecting one asset, one user group, or one workflow at a time, it becomes an achievable, measurable framework for long-term security maturity.

To explore these perspectives in depth and hear how each skeptic’s argument was addressed in real time, watch the full webinar on-demand.