• Written for: Harold Rivas, Chief Information Security Officer, Trellix

    It’s been more than a decade since the term “Zero Trust” was thrust into the cybersecurity lexicon. The concept – perimeter-based defense is outdated, and network activity needs to be monitored outside “castle walls” – has become a goal-state for network security. But implementation remains a challenge and more than a decade in, Zero Trust has begun to join many other industry concepts on “to do, eventually” lists.

    So what needs to change for the industry to embrace Zero Trust? And why is it such a valuable concept when we think about how to keep the world more secure?

    What are we trying to protect?

    If we step back, there’s a problem with how we define the “home” network we aim to defend. The model for decades has been a perimeter set up and (ideally) everything within the perimeter is safe; everything outside of it needs to be kept at bay. Think of it like an M&M candy, hard shell on the outside, soft on the inside.

    As the landscape radically evolved over the last 15 or so years and with technologies and innovations such as cloud and software-as-a-service rose in prominence, critical assets now exist far outside company boundaries, meaning organizations must adjust their security strategy. Zero Trust has revealed itself as the best option to address this shift.

    But with any strategy shift comes the realities: cost, implementation timelines, efficacy, and a whole other host of challenges. It can take between two and three years for an organization to see the results from adopting Zero Trust, causing hesitation at the board level, members of which may be looking for solutions now. The tech world is also extremely fast paced, new or entrepreneurial-minded companies may be simply moving too quickly to wait for the fruits of adopting concepts such as Zero Trust.

    These challenges contribute to adoption remaining lower than what the industry needs.

    If we think of a security strategy like building a city, we gain insights into why this change has not been fully realized. Older cities in countries such as Europe have centuries-old blueprints for city planning: a central town square, surrounding dense areas of housing and businesses, grid-system roads. And this model served citizens well enough. But as society evolved, these models could use refreshing. But does every city leader have the time, desire, and resources to update these cities for the modern world? Not often. And a similar thinking applies to security decision-makers: I’ve already made the investment in one layout, or one way of doing security, and even though I may know something new will be better, I am not ready to commit.

    If we were to build a new, modern city, what would it look like? There may be a better way to build cities or perform network security, but the challenge is how do we do it?

    Zero Trust: A concept, not a product

    It’s important to remember Zero Trust is a framework or a concept, it’s not a product. There are products to help organizations achieve Zero Trust but there is no singular “plug and play” solution.

    A gap remains between knowing what Zero Trust is compared to older security mindsets. Going back to the M&M analogy, is it better to lock your candy in a safe where you can know it is always secure or to

    always be monitoring every possible threat as soon as they start looking a little too excitedly at the

    candy? The latter is the outdated model many still apply to security, the former is where we want to move toward.

    While traditional thinking has multiple controls in place able to rely on one another should one be compromised, it’s simply not enough. In a Zero Trust model, assets do not communicate with one another openly unless explicitly permitted to. This creates an environment where “cross contamination” of security incidents is reduced and damage can be isolated.

    To be clear, Zero Trust cannot prevent organizations from being compromised, that’s not possible in today’s threat landscape. But it can effectively reduce damage, address and identify threats earlier, and decrease remediation time when it comes to triaging incidents. Think of it like healthcare. You can never totally prevent getting sick or injured, but you can do things to help, such as exercise, eat better, and regularly visit the doctor to optimize your health and lower your chances of illness.

    CISO pressure

    When an organization hires a new head of legal, the expectation isn’t to never get sued or face legal actions. Instead, this person is expected to do everything they can to proactively and reactively prevent those outcomes. Chief information security officers seem to be held to a different standard, often facing job loss or other consequences when their organization deals with breaches or security incidents.

    Put simply, CISOs remain under an intense amount of pressure and adopting a new security framework may not be feasible under the other constraints of the role.

    What would help? A few things come to mind:

    • Government support in the form of encouraging adoption of Zero Trust could be an outside influence to drive change or create further rationale for CISOs with their boards.

    • We lose so much institutional knowledge when CISOs are fired after security incidents, so less pressure on them and more time to implement frameworks like Zero Trust would help greatly. Similarly, the CISO community desperately needs to be communicating with one another, talking strategy, swapping ideas, and helping each other grow.

    • Lastly, explaining concepts such as Zero Trust in ways resonant with boards and the non-security C-suite would go a long way to create wider adoption.

    The future

    If your organization is considering a Zero Trust model, a simple way to think about it is looking at the phrase itself. What if you didn’t trust any network activity? What if you put protections in place to prevent cross-contamination? What if assets were only available to those who need to use them, not everyone in your organization?

    Zero Trust isn’t a plug and play solution, it is an ongoing investment and journey. Its realization demands dedication, perseverance, and reframing of C-suite preconceptions. Over a decade since inception, Zero Trust is a CISO’s foremost ally to curb the rising wave of cyberattacks and keep critical assets safe from compromise. As we look ahead, it is imperative for cybersecurity MSPs to join in fostering a widespread, cross-sector adoption of Zero Trust principles.

  • From cyber bullying to obtaining personal and sensitive information through phishing campaigns, harm lurks in many corners of the Internet. With a few simple steps, anyone connected can improve their personal security, making their online activities safer.

    It’s important to practice good habits to protect your devices, personal information and Internet connections. October is National Cyber Security Awareness Month, and now is a great time to take these simple steps to help protect yourself and your family from becoming victims of criminal activity.

    Secure your devices. Viruses, malware and ransomware are tools of hackers and thieves designed to damage or disable computer systems and steal personal information. In order to protect from these threats, home users can take a few steps to harden their defenses.

    • Maintain updates to your security software, web browsers and computer’s operating software. Updates from manufacturers or service providers are designed to protect you from new threats, keeping criminals away from your connected devices and the data they store. Automatic updates should be enabled where available on all devices used to connect to the Internet, including computers, smart phones and tablets.

    • Scan devices connected to the network for viruses and malware (including portable storage devices). Don’t forget to include scanning of internet of things (IoT) devices, which are connected to support today’s home and office automation.

    • Lock your devices when you aren’t actively using them. Locking them with a strong passcode can prevent data theft and unauthorized access to your accounts if you lose the device.

    Secure your personal information. Your personal data is the ultimate target for online criminals. Protection of account login credentials, passwords and sensitive information is paramount to keeping you from being victimized. Because criminals and their tactics have become more sophisticated, using just a user name and password are no longer sufficient to protect you.

    • Use multi-factor authentication options offered by banks, commerce and social media websites to verify your identity during the login process. Multi-factor authentication may include inputting a unique code from a token or smart device, and should be used anytime it’s available to inhibit unauthorized access to your accounts.

    • Choose unique and complex passwords. An effective password should be at least 12 characters long and contain upper and lower case letters, numbers and symbols, and be easy for you to remember but difficult for others to guess. It is important to choose a different password for each website you visit so that if one website is compromised, the attacker will not be able to access your other accounts.

    • Periodically review and adjust privacy settings to protect your information from online targeting. Social media and commerce websites make it easy for us to stay connected or order our favorite items, but much of their revenue comes from advertising and sale of consumer data. Your information in the wrong hands could put you at risk.

    Secure your connections. Internet criminals are very tricky and use lots of tactics to get to your information. Online advertising, social media posts, tweets and email attachments are some of the most common ways they’ll try to compromise your data.

    • Never click on a link or attachment in a suspect email, particularly those coming from an unfamiliar source. This is known as “phishing” and it remains one of the easiest and favorite ways for criminals to gain access to your valuable information. Receiving an email from a trusted source often takes down our defenses. Knowing that, criminals try to make their phishing emails look like they’re coming from your bank or a known email contact. Instead of clicking a link or opening an attachment, it’s always best to type in the website address yourself or ask your friend or colleague if they sent you a document.

    • Avoid connecting to unsecured, public Wi-Fi networks. Our modern and mobile lifestyle allows us to connect to the internet in a variety of ways. Many businesses, hotels and coffee houses offer free Wi-Fi or mobile hot-spots as a matter of convenience to their customers. While it’s usually fine to use these connections for generic Internet surfing, never conduct banking, shopping or access sensitive online information on open networks. Public Wi-Fi networks are set up to enhance customer experience, but they usually don’t have the necessary security protocols to protect your most sensitive data.

    Secure yourself. Internet hacking, unauthorized access to data, and tricking users into sharing personal or sensitive information is an ever-evolving threat to our online safety. What we share and how we share it is a personal choice. The Internet isn’t private and information shared can never be completely deleted, so it’s important to follow common sense when putting information “out there.”

    • Only connect on social networks with people you know.

    • Be cautious about the information you reveal online. If sharing vacation pictures or business accomplishments, it’s always best to do so historically – don’t alert criminals of an easy, empty home or office to target.

    • Check your settings. Many apps, networks and devices now have default geo-tagging features, which make it easy to determine a user’s geographical location. You should periodically check and change your settings to disable these features.

    With these simple steps, you can enhance your online safety. Embracing a culture of security and keeping abreast of new ways criminals conduct their nefarious activities will help protect your devices, information and connections to the Internet.

  • Media Musings: An Ex-Editor’s Guide to Pitching: Founder of Opinioned Jake Meth

    In public relations, pitching journalists is what we spend much of our time on. It’s a delicate alchemical process, a mix of sales, storytelling, writing and psychology. However, there’s no one way to pitch a story, no magic formula. But there are things you can do to maximize your chances that your target opens and reads your pitch.

    Jake Meth – now the founder of Opinioned and former commentary editor at Fortune – works to help his clients place op-eds in top media. He recently spent time with The Hoffman Agency to talk about more meaningful pitching and shared some enlightening takeaways.

    A Successful Pitch Starts Long Before Hitting Send

    The ideation stage is where a pitch’s chances for success rise or fall.

    “We need to start by thinking about the idea itself before we strategize on how to sell it to media,” said

    Meth. “Let’s be honest, this is hard.”

    Meth further explained that PR agencies often don’t have full control over an idea or topic they are pitching due to client mandates, sometimes even only having a partial view of the topic.

    Meth recommends asking yourself a few questions early to smooth the process:

    Who’s “driving the bus?”

    o Is this idea from a client or did it come from the agency? If it’s from the client, there’s a chance it may need more work in the ideation process, since clients have their motivations and ideas on what’s media-worthy. If it came from the agency, there’s a higher chance it’s more “media-ready” and may need less time spent honing.

    Is this idea original?

    o A simple Google search can determine how unique an idea is. That’s not to say every idea needs to be 100% unique, but if it is a topic that is well covered, a unique angle or point of view will be needed. More on this later.

    Is the source qualified?

    o Sometimes, a source attached to a pitch may be an expert in an area of a topic, but not the whole thing. In an interview setting, this can get awkward if the topic and area of focus isn’t clear, so you’ll want to make sure the spokesperson is well suited for the topic at hand and for all the questions a journalist may ask.

    How to Generate a Compelling Idea

    We’ve established that idea generation is something PR people and thought leaders must spend time on. But how? What steps can we take to ensure that an idea is worth an editor spending valuable editorial space on?

    Watch the news. How can you expect news coverage if you don’t know the news landscape?

    Take notes, read what your target editors publish daily, think of unique angles that haven’t been covered in headlines thus far, etc. All this will help your PR efforts.

    Have a plan. An idea is great, but without a plan, it won’t go anywhere. So, discuss timing, prep experts, identify possible hurdles and do the homework to maximize chances of the desired result: op-ed coverage or securing a media briefing.

    Create space with SMEs. Prep calls with SMEs need to be longer than 30 minutes. “By the time pleasantries are done, half the call is over, and you didn’t get anywhere,” Meth said. He recommends an hour as that extra time allows the expert or executive to get comfortable and “go deeper” on the topic, leading to a better result.

    Act like an editor. This is where you need to be tough. Not all ideas are good ones and knowing when to say “no” is key. “Thinking like an editor” may mean saying, “No, but how about this instead?” If an idea is a total dud, rely on facts and evidence when pushing back to clients if possible.

    Invest in original ideas. Just as you shouldn’t spend too much time on low-quality ideas, you should spend more time on quality, original ideas. Packaging ideas that are unique and original is a better use of time than trying to get a bad idea to look better.

    To get more insights, check out Jake Meth’s tips on op-ed writing and browse the What’s Happening In The Agency Blog.

  • I know what it’s like to be a farmer. The long days and sleepless nights. The unpredictability of Mother Nature and her impact on our crops’ yields, leading to excitement and helplessness, knowing that it is out of our control. A farmer’s job isn’t easy, but we do it because we love it, it’s been in our blood for generations, and the world is depending on us.

    I have seen a lot of change over my 25 years in the ag industry and as an active partner on my family’s farm. But nothing has compared to the changes we’ve gone through in the past decade or so. From automated machinery to unpredictable weather, to a changing workforce to rapid evolutions in traits and technology, we’ve been going through a lot. 

    My involvement on our family farm informs my day-to-day at Truterra, LLC, the sustainability business of Land O'Lakes, Inc., where I leverage my experience and understanding of farming to encourage and enable farmers to adopt and maintain conservation practices on their farms. Everything we do is with the farmer at the center, backed by the network of ag retailers they trust most for their agronomic decisions on their farm.

    So how do we create a cohesive, environmentally conscious, prosperous future for the entire farming ecosystem? In honor of #NationalAgDay and #NationalAgWeek, I have some recommendations that can have year-round impact.

    Listen:

    Farmers are used to being practically “invisible” entities in our society. A recent survey conducted by Wakefield Research on behalf of Land O’Lakes showed that 39% of U.S. adults have never met a farmer, and nearly a quarter have no idea where they would meet one.

    If you’re an agriculture retailer working with farmers, you know the key to success is to listen to their concerns to find mutual understanding before you navigate challenges together. If you’re a government official passing laws that affect farmers, start a conversation. If you’re a business leader working on equipment or other goods and products, consider farmers’ needs as well as your own goals.

    Truterra sustainability services was recently created and many aspects of the program were inspired by our ongoing conversations with farmers. With these services, Truterra can support farmers at every stage of their sustainability journey with a comprehensive set of resources to support farmers agronomically and financially.

    Learn:

    One of my daily struggles as someone who farms but also works in the agriculture industry is how little people know about it. The agriculture industry only makes up 1% of the labor force, but feeds 100% of the population.

    This work is underpinned by everyday conversations between farmers—I’ve found that farmers talking to other farmers is also hugely helpful. Some farmers have been using no-till, cover crops and other regenerative farming measures for years. They are fonts of wisdom and can help ease those transitions for other farmers looking into conservation practices. At Land O’Lakes, we have a network of nearly 3,000 owners in our cooperative structure. That’s hundreds of years of knowledge, sage advice and encouragement. Spreading that knowledge like scattered seeds is one of my goals to help us all grow.

    Leverage Data:

    Data is today’s currency. Farms have reams of data points that can be used to achieve better outcomes. On my farm, we have been utilizing data since the late 1990s, and have records of every seed, crop, and nutrient we’ve applied.

    Data is power—and it pays. While the full results of our data-driven carbon program will be announced later this spring, I can share that Truterra expects to pay farmers over $4.5 million total in cash payments for nearly 237,000 tonnes of carbon stored in soil.

    That makes Truterra the market leader in the carbon program space, but we are not “box checkers” with carbon. We want to use this data to fully understand what drives progress as our program is centered in soil health, but extends to the farm businesses and communities they live in.

    You can’t fix what you don’t understand, and you can’t keep improving if you don’t know exactly what is working and why.

    Lead:

    If I know one thing about farming, it’s that change is risky, often so risky that farmers can be late adopters of new technologies or methods. I want to try to quell fears about change and adopting more sustainable farming practices.

    Adopting conservation practices can be a challenge, but having a willingness to learn, take calculated risks and a never give up attitude can yield new opportunities for farmers. I personally implement one or two changes—small or large, expensive or cheap—on our farm annually. That makes failures sting a little less and successes easier to build upon.

    Here’s one example: in 2022 we worked with a subset of Winfield United retailers that focused on the addition of a biostimulant and a high-quality adjuvant at pollination that resulted in an estimated 5.25M bushels of incremental yield for participating farmers.

    That is nearly $34 million in increased revenue for those farmers. How much of that money flows back into that community, how much enthusiasm do those farmers and retailers gain from a positive result? The beneficial ripples of that outcome are hard to wrap your head around because they’re so far-reaching. Agronomically and environmentally sound practices can bring that change to life. 

    There’s a broad misconception that “regenerative = more expensive.” What if the opposite were true, that regenerative practices actually lead to higher profits?

    What Does This All Mean?

    When I talk about the issues farmers are facing and how to solve those, I use the phrase “the industry has a connection problem.” There are so many disparate parties involved in agriculture that it can be challenging to get everyone singing from the same sheet music. But they all have one thing in common as they care about the work they do and want to improve, for the sake of consumers and the planet.

    At Truterra, we sit squarely between all parties and function as a convener through education, information sharing, and putting people in the same room to find mutual understanding. We need to learn and improve together to reach our sustainability goals.

    It won’t be easy, but I’ve never met anyone in this industry who’s afraid of a challenge.