Zero Trust as a Mindset: Identity, Governance, and Access | Interview with Andrew Gault
In this Secure and Simple Podcast episode, host Dejan Kosutic (CEO of Advisera) interviews Andrew Gault (CEO of ZeroTier) about Zero Trust as a strategy and mindset rather than a single technology, shifting away from perimeter-based security to “default deny” with continuous verification. Gault outlines core layers such as identity for users and devices, policy-based scoring, encryption, and ongoing monitoring to reduce lateral movement when breaches occur. They discuss extending zero trust principles to suppliers by issuing vendor identities managed centrally, governance needs like documented access policies, change management, and least privilege, and challenges such as shared credentials and the ongoing effort to keep permissions current. The conversation also covers non-human identities for AI agents, service accounts, ownership and lifecycle management, audit expectations under SOC 2 and ISO 27001, vendor lock-in tradeoffs, and using inventories and exception reduction as practical KPIs.
Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining
Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining
- (00:00) - Interview Andrew Gault
- (00:47) - Strategy Not Perimeter
- (02:40) - Core Layers Explained
- (03:53) - Vendors And Suppliers
- (07:37) - Risks Reduced And Limits
- (12:24) - Non-Human Identities
- (16:04) - Managing Machine Accounts
- (18:34) - Governance And Policies
- (23:35) - Who Owns Zero Trust
- (25:40) - Building Security Culture
- (27:20) - Measuring Zero Trust Impact
- (30:08) - Compliance vs Real Security
- (34:35) - Avoiding Vendor Lock In
- (38:33) - KPIs and Legacy Exceptions
- (44:25) - Resources for Consultants and Cybersecurity Professionals
Creators and Guests
