In 2021, it’s not hard to argue that zero trust is the hottest topic in federal cybersecurity. And at the Department of Defense, it all started with a penetration test.
In a new episode of FedScoop’s Let’s Talk About IT podcast, Daniel Bardenstein, a cybersecurity expert with the Defense Digital Service, points to a penetration test on sensitive Pentagon networks the team did a few years back as a direct precursor to the fashionable zero-trust cybersecurity model.
“You can draw a direct line from the findings of that report [from the penetration test] to DOD leadership to the beginnings of what now is the zero-trust working group and zero-trust architecture DOD has put out,” Bardenstein says in the latest episode.
“We found the sort of things that you’d find in a traditional perimeter-heavy network,” he said. “Once you break in the perimeter, it’s very easy to move around the inside with impunity.”
In a wide-ranging interview, Bardenstein also discusses the evolution of DDS’s Hack the Pentagon program, the importance of recruiting talented cybersecurity specialists to the department and what’s ahead for his team.
Fortinet’s Jim Richberg also joins the podcast to discuss federal progress to meet the recent cybersecurity executive order and what remains to be done across government.
“I’ve actually been pleasantly surprised by the amount of activity and the level of engagement in the implementation of this EO on cybersecurity because the EO identifies a lot of serious needs for federal cybersecurity in particular,” Richberg said.
And while the EO sets out a long list of requirements for agencies to meet, Richberg said good progress is being made, pointing to President Biden’s recent cybersecurity summit as a highlight of that.
If you want to hear more from the top leaders in the federal IT community, subscribe to Let’s Talk About IT on iTunes, Spotify, Google Play, Sticher and SoundCloud. And if you like what you hear, please let us know in the comments on those platforms.