The CyberTheory Institute drives change through dialogue, leadership and action to help solve the greatest cybersecurity challenges of our time.
These challenges present themselves across a variety of channels, each dealing with issues that can have a major impact on the world of cybersecurity. Issues include Zero Trust as a strategy and framework for the advancement of a different way to organize data, access, application and services in our computing environments and raise the bar for defense against cyber attacks.
Zero Trust is becoming both the security model of choice for enterprises looking to up their game and change the relationship dynamic between the attackers and defenders and a pure marketing movement at the same time.
Far too valuable and a necessary concept and operational model to be abused by hype, some Zero Trust advocates have actively formed a volunteer team of the willing to promote and advance the Zero Trust agenda throughout our community of senior security practitioners by demonstrating all of the ways in which Zero Trust can and should be implemented and for all of the right reasons.
Our goal is to change the shape of cybersecurity’s defense agenda so that it fits around the Zero Trust strategy and forever rearranges the attacker/defender dynamic.
Meet the Leaders of our Zero Trust Initiative
These experts are highly regarded and widely recognized proponents and/or originators of Zero Trust principles dating back to the early days of cybersecurity research and product development, and they all share a passion for getting it right.
John Kindervag is the ‘Father of Zero Trust’, who as an analyst at Forrester, invented the term and defined the reference architecture for a network whose five basic principles defined the notion of Zero Trust. John is also the co-founder of the CyberTheory Institute and an executive fellow. John went on to become the CTO of Palo Alto Networks, influencing the design of their network product suite whose policies now determine who can transit the micro perimeter at any point in time, preventing access to what John has coined the “protect surface” by unauthorized users and preventing the exfiltration of sensitive data.
Brian Barnier is a co-founder of the CyberTheory Institute. He is the director of decision science and analytics at ValueBridge Advisors. He also co-founded Think.Design.Cyber. to pioneer critical, systems and design thinking in the cybersecurity discipline. Barnier is also a guest professor of decision science at the City University of New York. Previously, he taught operations and finance at the graduate level across several U.S. universities; he has been a guest lecturer in Russia and Mexico and served on the faculty of the Wharton ABA Stonier Graduate School of Banking. Additionally, Barnier wrote The Operational Handbook for Financial Companies and has been a contributing author to other books on Risk Management. Prior to his work at ValueBridge Advisors, Brian led teams to nine U.S. patents in technology with AT&T, Nokia and IBM. In 2021, Barnier earned the coveted Joseph J. Wasserman award presented by ISACA for outstanding achievement in information technology risk, governance and security.
Dr. Chase Cunningham, aka the Doctor of Zero Trust, is a recipient of Security magazine’s Most Influential People in Security and is currently Ericom’s Chief Strategy Officer. In this role, Chase shapes the company’s strategic vision, roadmap and key partnerships. Dr. Cunningham previously served as vice president and principal analyst at Forrester Research, providing strategic guidance on Zero Trust, artificial intelligence, machine learning and security architecture design for security leaders around the globe. And prior to Forrester, as Chief of Cryptologic Technologies, NSA, Chase directed all research and development of cyber entities to assess threat vectors, network forensics and methodologies of nefarious cyber actors across the intelligence enterprise.
Richard Bird is an internationally recognized identity-centric security expert who has been a CIO and CISO and the global head of identity management for JP Morgan Chase. Now, he is Chief Product Officer at SecZetta. Richard religiously believes that Zero trust is wholly dependent upon identity-centric security in order to achieve the data-centric security that Zero Trust models need to embrace. An executive board member of IDSA along with 26 member cybersecurity vendor firms, Richard’s passion is uninfluenced by a specific product or service.
Eve Maler is the original XMLgrrl and is ForgeRock’s CTO. She is a globally recognized strategist, innovator and communicator on digital identity, security, privacy and consent, with a passion for fostering successful ecosystems and individual empowerment. She has been at the forefront of almost every innovation in identity in the Internet age, including co-creating such landmark technologies as XML and innovating and leading standards such as SAML and User-Managed Access (UMA), and has also served as a Forrester Research security and risk analyst with John. A strong advocate of Zero Trust Identity, Eve is tireless in her support of our goals.
Jeremy Grant is a member of Venable’s Cybersecurity Risk Management Group, where he advises clients on policy impacts across the IT, cybersecurity, identity and payments sectors. Jeremy joined Venable after serving as a managing director at The Chertoff Group. Before that, he established and led the National Program Office for the National Strategy for Trusted Identities in Cyberspace (NSTIC) for NIST and also served as NIST’s senior executive advisor for identity management, leading efforts to improve identity and authentication for individuals and devices in the NIST Roadmap. A strong advocate for Zero Trust Identity, Jeremy travels and presents globally on the criticality of getting it right.
Tom Kellermann is the senior vice president of cyber strategy at Contrast Security. Previously, Kellermann held the position of head of cybersecurity strategy for VMware Inc. and before that he was the chief cybersecurity officer for Carbon Black Inc. In 2020, he was appointed to the Cyber Investigations Advisory Board for the United States Secret Service, and in 2017, Kellermann was appointed the Wilson Center’s Global Fellow for Cyber Policy. Kellermann previously held the positions of chief cybersecurity officer for Trend Micro; VP of Security for Core Security and Deputy CISO for the World Bank Treasury. In 2008 Kellermann was appointed a commissioner on the Commission on Cyber Security for the 44th President of the United States.
Sam Curry is the CSO at Cybereason. Curry was also CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at Microstrategy in addition to senior security roles at McAfee and CA. He spent seven years at RSA variously as CSO, CTO and SVP of Product and as Head of RSA Labs. Curry also has over 25 patents in security from his time as a Security Architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs (in the IoT security space) in addition to a number of advisorships across the security spectrum. Curry is also a visiting fellow at the National Security Institute and a very early advocate for Zero Trust.
Tony Scott is the CEO of the Tony Scott Group and a senior advisor for Cybersecurity and Privacy at Squire Patton Boggs, a prominent international law firm. Until January 2017, he served in the Obama administration as the 3rd federal chief information officer for the U.S. Government, and in that capacity, he created the government-wide response plan after the OPM cybersecurity hacking incident, including the Cybersecurity Sprint and Implementation Plan (CSIP), which dramatically improved the information systems security posture of the Federal Government. His numerous appearances before Congress, providing CXO level public and private sector insight on matters such as digital workplace transformation, cybersecurity, governance, open data and workforce diversity have been widely recognized. An early proponent of Zero Trust principles, in prior roles, Tony was the CIO at Vmware, the CIO at Microsoft, CIO at the Walt Disney Company and CTO at General Motors Information Systems & Services.
Greg Touhill is director of the SEI’s world-renowned CERT Division where he leads researchers, software engineers, security analysts and digital intelligence specialists working together to research security vulnerabilities in software products, contribute to long-term changes in networked systems and develop cutting-edge information and training to improve the practice of cybersecurity. Greg was appointed by former President Barack Obama to be the first chief information security officer (CISO) of the United States government. Previously, he served in the Department of Homeland Security (DHS) as deputy assistant secretary in the Office of Cybersecurity and Communications. Greg is a 30-year veteran of the U.S. Air Force where he was an operational commander at the squadron, group and wing levels. He retired from the Air Force with the rank of brigadier general.
They also include Design and Systems Thinking, a completely different way to approach the pre-architectural design processes that lead us to our current cybersecurity product mix, a mix that has demonstrated for a variety of reasons, that it cannot withstand the imagination and sophistication of the modern breach. Our goal is to change the way we approach Design Thinking so that we don’t keep inventing solutions based on the thinking that we used to get us here in the first place.
Our founding executive fellows include Brian Barnier and Prachee Kale, along with a remarkably astute support team of folks who have been practicing out-of-the-box thinking for years.
Events will include educational coursework and bespoke curriculum designed to elevate the science and art of creative thinking and delivered through the CyberEd.io portal, dinners and fireside chats with distinguished and widely known guests who have made significant contributions to the global intellectual body of work around CyberTheory.
Our goal is to challenge and reform cybersecurity’s architectural influences so that future systems and products will reflect the design principles of Zero Trust and beyond, and to move the needle in the direction of advantage for the good actors trying to gain a foothold in the constant battle for superiority in defense of innovative cyber attacks, both near-term and future varieties.
It is well known that one of the major contributors to our failure to build complete defenses and to maintain our existing protective solutions is the cybersecurity skills gap that keeps widening every year. The reasons behind this gap are myriad and complex. They range from a lack of exposure for high school and college-aged students to the world of cybersecurity contrasted with say, the STEM movement of the last 20 years, to the inadequacy of public, private and online educational offerings and processes for enhanced learning.
Our goal is to participate directly in the online learning markets through the development of a comprehensive offering curated by cybersecurity leaders widely acknowledged and well-known in the security practitioner space.
This offering is known as CyberEd.io and is planned to launch in early 2022.
The platform objectives are to make cybersecurity learning fun and accessible and to assist enterprises in the implementation and customization of learning paths and curricula that match their individual requirements. The content will be a mix of coursework available from other 3rd party sources with coursework custom-designed by our advisory team to address topics that aren’t available elsewhere and supplemented by our guest lecture series sourced from our International Summits.
We will cover Critical Design and Systems Thinking, Zero Trust, Identity Authentication, Proofing and Access Management, MFA, Digital Transformation, Ransomware, Cloud Computing Complexities, Operational Technology, IoT and IIoT, Cryptocurrency, AI/ML, Social Engineering, Mobile and Remote Computing Management, as well as other coursework not presently addressed by commercial offerings in the space.
As we strongly believe modern cybersecurity marketing continues to repeat the mistakes of the past by relying on conventional campaigns and marketing programs that may have been appropriate in a different era, we know that we cannot continue this path into a future so top-heavy with competitive offerings.
So, our intent is to tap into the creative competencies of leading-edge marketers to explore and develop new programs and campaigns that will connect with buyers in today’s highly competitive marketplace, characterized by 5,000 competitors and do so in ways that have not need regularly attempted in traditional B2B marketing scenarios.
We are convinced that the era of D2H marketing has arrived in cybersecurity and we have some defined approaches to “direct to human” messaging and positioning that rely on the brand story and the way it is told that we want to share with the marketing community.
Our goal is to improve the authenticity of our clients’ messaging, to relieve the level of noise that conventional campaigns have created with which our CISO community must deal and develop new and entertaining narrative approaches that capture the attention and engage targeted personas on their buyer journeys in an extended era of remote work.
Our events and programs will resemble our approach to Zero Trust in that we will conduct fireside chats with folks who have been willing to push the envelope of creativity and out-of-box thinking to attack crowded markets in ultra-noisy sectors.
We want to contribute to changing the nature of cybersecurity marketing and improve its efficacy while removing the irritations found in fantastic and inauthentic messaging.