DrZeroTrust

Hosted by Dr. Chase Cunningham

TechnologyInterviews guests

Website RSS feed

Episodes

239

Latest episode

Jun 2026

Language

About the show

Unlock the future of cybersecurity with the "Dr. Zero Trust Podcast" on all podcasting platforms! Join me as we delve into Zero Trust Security, redefining how we protect data and networks. Explore frameworks, threat prevention, identity management, exclusive interviews, and emerging tech. Whether you're a pro or just curious, trust me– this podcast is where those who value honesty and real insights go for their cybersecurity insights! Tune in on Spotify, Google, or ITunes now. #DrZeroTrustPodcast #Cybersecurity #ZeroTrust

Listen to episodes

60 recent

June 10, 202626 min

The Unicorn Trap and how it is failing the cybersecurity industry.

Most venture-backed cybersecurity companies are doomed from the start. The math is rigged so only 5-10% of startups survive—and they have to return hundreds of millions, or even billions, to satisfy investors. The result? Exploding tools, premature scaling, vaporware, and a cybersecurity industry obsessed with quick exits rather than real defense. In this eye-opening episode, I pull back the curtain on how the VC funding model distorts cybersecurity innovation. You’ll discover how an industry designed to fail is fueling massive failures like IronNet’s $3 billion valuation crashing in just two years, Lacework’s $8 billion valuation shrinking to $200 million, and Cyber Reason’s 90% valuation collapse in 12 months. These aren’t coincidences—they’re the predictable consequences of a broken system that prizes scale over substance.I break down:* The real math behind “unicorn” valuations and their astronomical burn rates* Why premature scaling kills startups before they can build effective security* How VC incentives favor feature bloat, AI washing, and vaporware over genuine innovation* The ugly truth about the flood of tools that make SOCs worse, not better* Proven models like customer-funded R&D — exemplified by Palantir — that produce real, effective security products without sacrificing integrityIf you’re a security buyer tired of bloated tools and false promises, or a founder questioning the current VC-driven chaos, this episode is your wake-up call. The industry is at a crossroads: continue chasing mythical “unicorns” or build resilient, purpose-driven solutions that actually defend us against modern threats. The stakes couldn’t be higher. Because if we keep funding the same flawed cycle, our cybersecurity defenses will remain weak—and the threat actors will keep winning. But there’s hope. Some companies are bucking the trend, proving that profitability and genuine innovation are possible outside the VC model. This is essential listening for security professionals, founders, and investors ready to rethink what really works. Share if you’re fed up with the status quo—because the future of cybersecurity depends on it.

May 27, 202622 min

Ephemeral Endpoints and Biometrics in cybersecurity, what's new?

The conversation covers the introduction of Silos and SpyAlert, the concept of ephemeral endpoints, solving Windows 10 compatibility issues, biometric identity and network isolation, AI-enabled tools and vulnerability mitigation, expanding perimeter and endpoint security, impact on the endpoint security market, compliance and identity access management, frictionless security and user experience, continuous biometric authentication, integration with identity and access management, real-time security operations and analytics, endpoint security and biometric authentication, acquisition and technology integration, zero trust journey and implementation, statelessness and device management, and camera requirements and flexibility.TakeawaysEphemeral EndpointsZero Trust Operating SystemChapters00:00 Camera Requirements and Flexibility

May 13, 202628 min

The Uncomfortable Truth About How Digital Vulnerabilities Put Our Kids’ Future at Risk

Your kids’ education is under attack—and the damage goes far beyond data breaches. Schools have become prime targets for hackers, not just because of the valuable student information they hold, but because their interconnected digital systems make them vulnerable to ransomware, data theft, and operational shutdowns that threaten safety and learning at every level. If you think cyber threats are just an IT problem, think again—this is a crisis of safety, trust, and our collective future.In this eye-opening episode, I expose the alarming realities of cybersecurity in America's schools. From massive breaches of platforms like Canvas and PowerSchool to ransomware attacks disabling vital systems like emergency notifications, security cameras, and HVAC controls, the stakes couldn’t be higher. He reveals how adversaries exploit legacy tech, lax access controls, and vendor vulnerabilities, turning school networks into playgrounds for cybercriminals. The consequences? Loss of instruction time, compromised student identities, and even direct threats to safety—issues that can last for years.You'll discover:How cyber breaches in schools impact everything from classroom learning to emergency response systemsThe systemic risks created by centralized edtech platforms and third-party vendorsWhy traditional cybersecurity approaches fall short and what a true Zero Trust model for schools looks likePractical questions parents and school boards should be asking about MFA, data segmentation, vendor contracts, and incident responseThe urgent need to treat school cybersecurity as a matter of public safety and resilienceThis episode exposes the flawed assumptions and complacency that perpetuate one of the most critical vulnerabilities in our infrastructure—our children’s education system. With billions of records at stake, and long-lasting consequences for identity and safety, it’s clear: cybersecurity in schools isn’t optional, it’s essential.Whether you're a parent, educator, administrator, or concerned citizen, this conversation will radically change your perspective on what’s really at risk—and how we can safeguard the future. If we fail to act, the fallout could disrupt learning, safety, and trust for generations.Prepare to be informed, inspired, and compelled to demand change. Schools are more than just buildings—they’re the backbone of our society. Protecting them is protecting our future.

April 13, 202642 min

Building Secure Networks in 2026 with Engma

Most cybersecurity talks about infrastructure miss the real game-changer: ephemerality and programmatic network defense. A team of military veteran experts and I unveil how they’re turning traditional models inside out—a move that’s not just innovative but essential for modern security.Imagine a network that’s invisible, constantly moving, and virtually unbreakable—built on military-grade principles like active failover, dynamic segmentation, and ephemeral identities. This isn’t theoretical; it’s real technology tested in top US banks and critical OT environments, now available for everyday users and small businesses for as little as $10 a month. They’re redefining zero trust with a simple, scalable approach that slashes costs, reduces risk, and defeats threats before they even begin.You’ll discover:How the “dark architecture” creates a network that only exists during sessions—eliminating persistent attack surfaces.The revolutionary concept of automated moving target defense (AMTD) that keeps your data and identity shielded by constantly shifting network paths.The difference between VPN and ephemeral private networks (EPN): why ephemeral is the future for individual users and SMBs.How this approach simplifies integration with existing infrastructure using open standards, drastically cutting deployment times and costs—up to 50% below vendors like Zscaler.Why small businesses and consumers are the next frontier in cybersecurity, gaining enterprise-grade protection at a fraction of the price.In a world where hackers increasingly target the “easy wins,” missing out on this radical shift could leave your digital assets vulnerable. This episode is vital listening for anyone who’s tired of patchwork fixes, costly vendors, or slow-moving cybersecurity solutions. The future belongs to those who act now—embrace ephemerality, reduce your attack surface, and stay steps ahead of cyber adversaries with a network that defends itself.Perfect for security professionals, SMB owners, and tech enthusiasts eager to understand the next wave of cyber defense—this episode might just change how you think about protecting your digital life.

March 30, 202623 min

Balancing Hoodies and Suits in Cybersecurity

Most cybersecurity conferences have become echo chambers filled with repetitive buzzwords and the same problems dressed up in new clothes—until now. At RSA 2023, Chase Cunningham and industry insiders peel back the hype, revealing why much of what’s marketed as revolutionary is just a rehash of old issues with a shiny AI layer. They expose the industry's broken system, the deluge of vendors pushing features over real solutions, and the absurdity of AI washing across booths.You'll discover how the cybersecurity industry is fundamentally broken—sold and purchased like healthcare, with vendors cashing in on the chaos. Chase highlights what’s really valuable on the show floor, distinguishing between blind VC pump-and-dump tactics and genuine game-changing innovations. He breaks down why AI, despite the hype, is exposing long-standing vulnerabilities rather than creating new solutions, and how the race to be the loudest often masks the lack of substance.We break down the political landscape of cybersecurity conferences: RSA vs. Black Hat vs. DEF CON—what they reveal about the industry's focus, and why the most meaningful conversations happen in smaller, more intimate settings. Chase warns of the coming AI hype backlash and warns CISOs to resist being lured into buying solutions that won’t deliver. Instead, he advocates returning to fundamentals—doing the basics well with clarity and focus—while leveraging AI to enhance, not replace, core security practices.Why does this matter? Because the current cycle is setting organizations up for disappointment and missed opportunities. Yet, amid the noise, there’s genuine innovation, a shift in community dynamics, and a growing recognition that cybersecurity’s true future depends on embracing the basics again. This episode is essential listening for leaders tired of the hype and hungry for real strategy, honest conversations, and practical solutions in a rapidly evolving landscape.Want to understand what’s really happening behind the corporate curtain at RSA? Curious about why the AI frenzy might do more harm than good? Or looking for how to cut through the noise and get back to what works? Tap in now—this episode is your strategic reset.

March 10, 202617 min

What No One Tells You About America’s Cyber Strategy and Its Gap in Power

In this episode, I am pulling back the curtain on America's cybersecurity strategies. Too often, these strategies are just warm words that never translate into real action. I'm here to reveal why our current cyber policies are more talk than walk, and what needs to change before the next big breach hits. Whether you're a small business owner, government professional, or cybersecurity enthusiast, you'll want to hear the behind-the-scenes truth about why our lofty plans often fall flat in execution—and exactly what it takes to finally bring these policies to life.Join me as I dive into President Trump’s recent cybersecurity strategy and expose the gaps between lofty goals and real-world results. You'll discover why repeated national frameworks like Zero Trust and post-quantum cryptography are just bureaucratic RSVPs if they lack enforcement. I’ll break down the complex web of federal agencies—like CISA, NSA, and the National Cyber Director—and explain why fragmentation and legal limitations prevent any one agency from truly commanding the nation’s cyber defense. Spoiler: there’s no centralized authority, no unified command, and no teeth to enforce policies at scale.I’ll also break down the six key pillars of America’s cyber strategy—shaping adversary behavior, streamlining regulation, modernizing federal networks, securing critical infrastructure, protecting innovation, and building talent—and reveal why, despite their good intentions, most are recycled talking points lacking real follow-through. You'll learn why current federal initiatives are already years behind schedule, and what it really takes to turn strategy into execution—not just more memos, but actual authority, funding, and accountability.This episode underscores a harsh truth: without clear leadership, enforceable standards, and consequences for inaction, America’s cyber defenses remain a patchwork of good ideas but poor results. If you’re tired of empty policy paper promises and want to understand what must happen for real progress, this is essential listening. Navigate the truth behind the headlines with me and learn how we can finally move from planning to protection—before the next cyber crisis hits.Why listen? Because cybersecurity isn’t just a tech issue—it’s a national security challenge that depends on authority, accountability, and action. Whether you're a business owner or a policy wonk, get the inside scoop on why much of what’s been promised is just talk, and what it really takes to secure the digital frontier.

March 3, 202629 min

Beyond Perimeter Defenses: DLP, CASB, and the AI Agent Revolution

Unlock the future of cybersecurity where AI agents no longer just assist—they act autonomously, making decisions that could impact your entire organization. In this eye-opening episode, Vidit Arora, founder and CEO of Quillr AI, reveals how rapidly AI-powered agents are transforming the digital landscape—and why traditional security systems are already obsolete.As AI agents gain full control over data movement, system modifications, and even decision-making processes, security professionals face unprecedented challenges. Vidit uncovers why existing frameworks like DLP and CASB fall short in this new era, and how the lack of contextual understanding enables agents to bypass legacy controls. You'll discover how the speed at which AI agents evolve makes zero-day threats look slow—and the urgent need for inline reasoning and adaptive defenses to keep pace.We break down critical topics such as:The shift from AI assisting to AI acting with autonomy and intentWhy current security paradigms can’t catch or control fully autonomous agentsHow understanding agent context, intent, and ecosystem visibility is now a security imperativeThe role of a new decision layer that inlines reasons over agent actions in real timePractical strategies for achieving comprehensive AI footprint discovery and controlFailing to adapt to this new AI-driven environment risks data breaches, operational chaos, and the loss of control over your digital assets. But by embracing a proactive, context-aware security approach, you open the door to innovation—without risking your organization’s future.Perfect for security leaders, CTOs, and AI strategists, this episode will challenge everything you thought you knew about cyber defense. If you're serious about safeguarding your organization amid AI's explosive growth, you'll want to hear this now.Visit quiller.ai to explore cutting-edge AI visibility tools and learn how to future-proof your security stance. Don’t let autonomous agents catch you off guard—stay ahead of the curve before the next disruptive move takes you by surprise.

March 2, 202629 min

CrowdStrike's 2026 insights and the insanity of vendor nomenclature for threat actors.

Welcome to the AI-powered cyberpunk timeline.We’re ripping into CrowdStrike’s 2026 Threat Report and translating it from analyst-speak into what it actually means for anyone who has to defend real systems in the real world.Most threat reporting reads like a D&D campaign with spreadsheets: too many “groups,” too many names, and not enough “what do I do about it?” We’re doing the opposite. The headline is simple: AI is turning cybercrime into a high-speed manufacturing line—and your legacy defenses are out here trying to stop a Tesla with a traffic cone.In this episode, we break down how adversaries are using AI to:Scale social engineering into a nonstop persuasion engineSlip past signature-based controls like they’re not even thereRun cross-domain ransomware ops faster, cleaner, and more coordinated than most defenders can trackWe dig into the numbers (including the reported 89% spike in AI-enabled activity) and the bigger trend that matters even more: the shift toward interactive intrusions—human-led operations that blend into normal admin behavior, live off the land, and make your “alerts dashboard” look like a sad slot machine.You’ll also hear why the modern threat landscape is basically:Big Game Hunting crews targeting enterprises like it’s a sportSupply chain compromises that don’t need your permission to ruin your quarterAI-generated malware, personas, and pretexts built to beat humans, not just toolsAnd yes—we talk about the stuff everyone pretends isn’t the problem:Unmanaged edge devices (because “we’ll inventory later” is a strategy, apparently)VPN/firewall dependency, like it’s still 2012Cloud sprawl + identity chaos creating perfect lanes for lateral movement and quiet exfilThen we address the clown show: adversary naming chaos. CrowdStrike calls one thing X, another firm calls it Y, and by the time the briefing deck hits leadership, it’s basically: “We got hacked by… someone.” Russia, China, North Korea—aliases multiplying like gremlins after midnight. If we can’t speak clearly about who’s doing what, we can’t respond clearly either.This isn’t doom porn. It’s a call to action:Simplify how you understand threatsharden trust relationships and identity pathsdeploy proactive controls that assume the attacker is fast, adaptive, and increasingly automatedIf you’re in security ops, engineering, or executive strategy, this one’s your field manual for what’s next—because in the AI era, the defenders who “wait for confirmation” are the ones writing breach reports at 2AM.Rethink your model.AI is making attacks faster, smarter, and more aggressive. The only way to win is to understand the adversary’s blueprint—and build your defenses like you actually believe the internet is hostile (because it is).

February 24, 202631 min

The Hidden Architecture Secrets Making Real-Time Security Data Possible

Most organizations are drowning in data they can't process fast enough — leaving critical security gaps that adversaries exploit. Michael Cucchi, Chief Marketing Officer at Hydraulics, reveals how a groundbreaking new data architecture is transforming real-time security analytics, slashing processing costs by up to 40X while capturing every byte of telemetry across global networks.In this episode, you’ll discover why traditional Security Information and Event Management (SIEM) systems are no longer sufficient for today’s threat landscape. Michael breaks down the limitations of legacy data storage, ingestion bottlenecks, and costly rehydration issues that leave security teams blind during breaches. He shares how leading companies are adopting a new security data fabric designed for hyper-scalability, instant analysis, and unprecedented data retention — all at a fraction of the cost.We break down:The evolution and modern challenges of the SIM market, including why outdated architectures struggle with today’s data volumes.How security analytics are rapidly moving toward real-time, agentic automation driven by AI and large-scale data fabrics.The critical importance of low-latency querying, cost-effective storage, and flexible architectures that enable security teams to operate at machine speed.Why the next wave of security operations will depend on maintaining and rehydrating vast, granular data stores without breaking the bank.How innovative companies like Hydraulics are building the emerging data fabric that will underpin zero-trust, AI-driven security in the years ahead.This episode is essential listening for security professionals, CTOs, and data architects eager to stay ahead of the exponential growth in security signals, threats, and complexity. Miss out on these insights, and your organization risks falling behind—armed only with legacy systems that can’t keep up. A smarter, faster, cheaper future for security analytics is here.Plus, Michael shares exclusive research coming to RSA — including advances in AI-driven bots and zero trust frameworks. Whether you’re defending enterprise assets or building next-generation SOCs, this conversation is your gateway to the future of security data management.Timestamps: 00:00 – Introduction and episode overview02:24 – Michael's background and experience in data science and security04:52 – How infrastructure and SIEM technologies have evolved over the past decade08:15 – Limitations of current SIEM architectures and data retention challenges12:10 – Hydraulics' approach to scalable, cost-effective security data platforms15:24 – The importance of real-time analytics in security operations17:00 – AI and automation in breach detection and incident response19:34 – Scaling security telemetry across global networks and CDN signals22:10 – The object-oriented storage analogy in security data management25:05 – Crossing the chasm: from traditional SIEM to real-time data fabric28:13 – Future of AI in security automation and the next decade in security tech31:01 – Final insights and how to connect with HydraulicsResources & Links:https://hydrolix.ioAWS Object StorageUnderstanding Data Fabrics in Security (hypothetical link)

August 16, 2022Episode 3135 min

How to sell into the channel the right way.

Truths about selling into the channel market with a real expert. How should your organization go about selling to a channel? Is the market different? How can you use those partners smarter? Do you have to sell twice? What shouldn't you do to leverage that channel? How can you optimize your channel approach and force multiply your sales efforts? Those points and more on this episode!