Threat Vector by Palo Alto Networks

Episode: "Zero Trust Without the Hype"

Date: March 5, 2026
Guests: Leanne (A), Brandon (C)
Host: David (B)

Overview

This episode dives deep into what Zero Trust really means in cybersecurity—stripping away the industry hype and focusing on the practical realities and evolving best practices. Leanne and Brandon, experienced Zero Trust practitioners, share candid insights on common challenges, real-world implementation stories, measurable outcomes, and how organizations can move from stalling initiatives to true security transformation. The conversation emphasizes Zero Trust as an ongoing journey, not a product or a box to check.

Key Discussion Points & Insights

1. Zero Trust: A Journey, Not a Destination

Timestamps: [00:02], [03:32], [23:57]

Zero Trust is a systematic approach and a framework, not a single product you buy and deploy.
Organizations often stall due to the misconception that Zero Trust is an all-or-nothing transformation.
Implementation must happen incrementally, adapted to each organization’s culture and risk landscape.

"You gotta think about zero trust as a journey, something that you build into your organizational DNA over several years. You can't just rip and replace, you can't just snap your fingers."
—Leanne [03:32]

"Zero Trust is not a destination, it's really, it's a journey."
—Leanne [23:57]

2. Common Implementation Challenges

Timestamps: [02:30], [03:19], [06:08], [16:00], [20:46]

Biggest stalls: treating Zero Trust like a product, complexity, “analysis paralysis” when facing legacy systems and technical debt.
Many believe they need to "boil the ocean" or overhaul their entire architecture at once, which leads to frustration and failure.
Tool sprawl and lack of integration are common—most organizations already have many workable components if they leverage them correctly.
Visibility gaps are the Achilles’ heel—most organizations don’t truly know what assets, data, or flows exist in their environment.

"Most orgs try to treat zero trust like a product you buy rather than a way you operate. And it may sound overly simplistic, but the biggest stall factor that I see is actually analysis paralysis caused by complexity."
—Leanne [03:32]

"They don't really know what's in their environment. So they don't have a clear asset inventory... that's the hardest part."
—Brandon [06:08]

3. Focus on Measurable, Outcome-Driven Wins

Timestamps: [07:34], [19:29], [20:46]

Start with small, high-impact objectives that address specific business risks.
Example: For a global logistics firm, rather than a total network overhaul, focus was placed on securing contractor access to apps using isolated, managed browser windows—which significantly reduced risk, improved onboarding, and required fewer resources.

"What's one specific risk that keeps you up at 2am?... And for this client, it was the contractor with a laptop scenario... Instead of that massive overhaul... we pivoted to focusing on securing the point of the spear, if you will. The point of work, the browser."
—Leanne [07:34]

"We solved it, we proved the value, and now we can move to the next thing, right? So zero trust really works best when it's a series of strategic, smart business, LED wins."
—Leanne [10:52]

4. The Power of Visibility & Dynamic Access

Timestamps: [06:08], [11:18], [16:00], [18:10], [22:15]

Accurate asset and data inventories are foundational for Zero Trust.
Dynamic access control must take into account identity, user role, device health, location, and other telemetry—not just static, perimeter-based policies.
Real-world example: Employees on managed devices can download from Google Drive; on personal devices, they can only view, not download.

"You want to make sure that you are dynamically changing your access based off of where you are, what type of user you are, and what type of access you should have."
—Brandon [11:18]

5. Breaking Down Silos for Sustainable Progress

Timestamps: [14:41], [16:00], [18:10]

Cross-functional collaboration is necessary—aligning identity, network, cloud, endpoint, and security teams under shared outcomes.
Continual communication and shared definitions of "good" are how Zero Trust practices become part of organizational DNA.

"When Teams can agree what good looks like for a specific application or workflow... that becomes the common language that really unites everyone."
—Leanne [14:41]

6. Leveraging Tools Like the Unit 42 Maturity Heat Map

Timestamps: [17:55], [18:10]

The Unit 42 heat map helps organizations visualize current maturity by domain (identity, network, endpoint, etc.) and identify quick wins versus long-term strategic efforts.
This enables pragmatic, business-aligned prioritization rather than overwhelming, all-at-once initiatives.

"We try to look at your quick wins for the organization and then your long-term strategic wins. And so we base that off of security impact, and we also do it on labor of effort."
—Brandon [18:10]

7. How Technology & AI Are Rewriting the Zero Trust Playbook

Timestamps: [10:55], [22:15]

The rise of automation, AI, and adaptive access is making Zero Trust more dynamic.
Future Zero Trust architectures will depend on real-time telemetry, AI/ML-powered policy decisions, and continuous authentication, moving away from static rules.

"We need to be able to leverage [AI/ML] and use that... in order to dictate policy. And I think you're just going to be seeing a lot more dynamic policy and... AI in the mix to help make those different access decisions rather than relying on static policies or on human intervention."
—Brandon [22:15]

8. Practical Advice: Early Wins & What Sets Successful Orgs Apart

Timestamps: [20:46], [23:57]

Early wins often come from clarity around identity and device posture—make sure you can verify users and device health.
Start with the biggest, most pressing risks—especially where business units are already hungry for improved controls.
Don't wait for the "perfect moment" or architecture—make incremental improvements wherever possible.

"If you can make one more access decision today based on real-time data and telemetry instead of an old assumption, you're already going to be 10 times better than your peers."
—Leanne [23:57]

Notable Quotes & Memorable Moments

Eating the Elephant One Bite at a Time

"You eat an elephant one bite at a time, right? ... Zero Trust is the same way. A systematic approach. It's a framework. You just got to get started."
—Leanne [00:02]
Approach Overhaul: From ‘Rip and Replace’ to Strategic Focus

"You might as well be climbing Mount Everest... So instead Brandon and I sat down and we said, all right, look... What's one specific risk that keeps you up at 2am what are you losing sleep about?"
—Leanne [07:34]
Dynamic, Not Static Security

"Just that perimeter isn't, isn't the only area where you should be making sure that someone's authenticated. You want to factor in all these different attributes as well."
—Brandon [13:15]
Zero Trust Is a Way You Operate, Not a Product

"If you're thinking like this, you're already setting yourself up for failure.... you're not just changing the branding on your tech stack, you're really trying to change the DNA of security within your organization."
—Leanne [03:32]

Timestamps for Important Segments

Zero Trust Philosophy & Getting Started: [00:02] – [01:31]
Implementation Challenges & Culture: [03:19] – [06:08]
Visibility & Inventory Issues: [06:08] – [07:01]
Real-world Win—Logistics Firm Example: [07:34] – [10:52]
Impact of AI/Tech Evolution: [10:55] – [13:56], [22:15]
Breaking Down Silos & Collaboration: [14:27] – [15:47]
Common Pitfalls and Maturity Mapping: [16:00] – [18:10]
Early Wins—Where to Start: [19:29] – [20:46]
Sustaining Progress—Mindset & Tips: [23:48] – [25:31]

Conclusion

This episode offers a refreshingly pragmatic, experience-based look at Zero Trust—demystifying the framework and providing actionable recommendations. Listeners gain a better understanding of how Zero Trust can drive both business and technical wins when organizations:

Focus on gradual, meaningful improvements,
Prioritize visibility and collaboration,
Embrace flexibility and dynamic policy enabled by new technologies,
Remember that Zero Trust is, above all, a long-term organizational philosophy, not just a product to be implemented.

Connect with Leanne and Brandon on LinkedIn or through Palo Alto Networks’ Unit 42 for follow-up Zero Trust conversations or assessments.

Threat Vector by Palo Alto Networks

Episode: "Zero Trust Without the Hype"

Date: March 5, 2026
Guests: Leanne (A), Brandon (C)
Host: David (B)

Overview

Key Discussion Points & Insights

1. Zero Trust: A Journey, Not a Destination

Timestamps: [00:02], [03:32], [23:57]

Zero Trust is a systematic approach and a framework, not a single product you buy and deploy.
Organizations often stall due to the misconception that Zero Trust is an all-or-nothing transformation.
Implementation must happen incrementally, adapted to each organization’s culture and risk landscape.

"You gotta think about zero trust as a journey, something that you build into your organizational DNA over several years. You can't just rip and replace, you can't just snap your fingers."
—Leanne [03:32]

"Zero Trust is not a destination, it's really, it's a journey."
—Leanne [23:57]

2. Common Implementation Challenges

Timestamps: [02:30], [03:19], [06:08], [16:00], [20:46]

Biggest stalls: treating Zero Trust like a product, complexity, “analysis paralysis” when facing legacy systems and technical debt.
Many believe they need to "boil the ocean" or overhaul their entire architecture at once, which leads to frustration and failure.
Tool sprawl and lack of integration are common—most organizations already have many workable components if they leverage them correctly.
Visibility gaps are the Achilles’ heel—most organizations don’t truly know what assets, data, or flows exist in their environment.

"Most orgs try to treat zero trust like a product you buy rather than a way you operate. And it may sound overly simplistic, but the biggest stall factor that I see is actually analysis paralysis caused by complexity."
—Leanne [03:32]

"They don't really know what's in their environment. So they don't have a clear asset inventory... that's the hardest part."
—Brandon [06:08]

3. Focus on Measurable, Outcome-Driven Wins

Timestamps: [07:34], [19:29], [20:46]

Start with small, high-impact objectives that address specific business risks.
Example: For a global logistics firm, rather than a total network overhaul, focus was placed on securing contractor access to apps using isolated, managed browser windows—which significantly reduced risk, improved onboarding, and required fewer resources.

"What's one specific risk that keeps you up at 2am?... And for this client, it was the contractor with a laptop scenario... Instead of that massive overhaul... we pivoted to focusing on securing the point of the spear, if you will. The point of work, the browser."
—Leanne [07:34]

"We solved it, we proved the value, and now we can move to the next thing, right? So zero trust really works best when it's a series of strategic, smart business, LED wins."
—Leanne [10:52]

4. The Power of Visibility & Dynamic Access

Timestamps: [06:08], [11:18], [16:00], [18:10], [22:15]

Accurate asset and data inventories are foundational for Zero Trust.
Dynamic access control must take into account identity, user role, device health, location, and other telemetry—not just static, perimeter-based policies.
Real-world example: Employees on managed devices can download from Google Drive; on personal devices, they can only view, not download.

"You want to make sure that you are dynamically changing your access based off of where you are, what type of user you are, and what type of access you should have."
—Brandon [11:18]

5. Breaking Down Silos for Sustainable Progress

Timestamps: [14:41], [16:00], [18:10]

Cross-functional collaboration is necessary—aligning identity, network, cloud, endpoint, and security teams under shared outcomes.
Continual communication and shared definitions of "good" are how Zero Trust practices become part of organizational DNA.

"When Teams can agree what good looks like for a specific application or workflow... that becomes the common language that really unites everyone."
—Leanne [14:41]

6. Leveraging Tools Like the Unit 42 Maturity Heat Map

Timestamps: [17:55], [18:10]

The Unit 42 heat map helps organizations visualize current maturity by domain (identity, network, endpoint, etc.) and identify quick wins versus long-term strategic efforts.
This enables pragmatic, business-aligned prioritization rather than overwhelming, all-at-once initiatives.

"We try to look at your quick wins for the organization and then your long-term strategic wins. And so we base that off of security impact, and we also do it on labor of effort."
—Brandon [18:10]

7. How Technology & AI Are Rewriting the Zero Trust Playbook

Timestamps: [10:55], [22:15]

The rise of automation, AI, and adaptive access is making Zero Trust more dynamic.
Future Zero Trust architectures will depend on real-time telemetry, AI/ML-powered policy decisions, and continuous authentication, moving away from static rules.

"We need to be able to leverage [AI/ML] and use that... in order to dictate policy. And I think you're just going to be seeing a lot more dynamic policy and... AI in the mix to help make those different access decisions rather than relying on static policies or on human intervention."
—Brandon [22:15]

8. Practical Advice: Early Wins & What Sets Successful Orgs Apart

Timestamps: [20:46], [23:57]

Early wins often come from clarity around identity and device posture—make sure you can verify users and device health.
Start with the biggest, most pressing risks—especially where business units are already hungry for improved controls.
Don't wait for the "perfect moment" or architecture—make incremental improvements wherever possible.

"If you can make one more access decision today based on real-time data and telemetry instead of an old assumption, you're already going to be 10 times better than your peers."
—Leanne [23:57]

Notable Quotes & Memorable Moments

Eating the Elephant One Bite at a Time

"You eat an elephant one bite at a time, right? ... Zero Trust is the same way. A systematic approach. It's a framework. You just got to get started."
—Leanne [00:02]
Approach Overhaul: From ‘Rip and Replace’ to Strategic Focus

"You might as well be climbing Mount Everest... So instead Brandon and I sat down and we said, all right, look... What's one specific risk that keeps you up at 2am what are you losing sleep about?"
—Leanne [07:34]
Dynamic, Not Static Security

"Just that perimeter isn't, isn't the only area where you should be making sure that someone's authenticated. You want to factor in all these different attributes as well."
—Brandon [13:15]
Zero Trust Is a Way You Operate, Not a Product

"If you're thinking like this, you're already setting yourself up for failure.... you're not just changing the branding on your tech stack, you're really trying to change the DNA of security within your organization."
—Leanne [03:32]

Timestamps for Important Segments

Zero Trust Philosophy & Getting Started: [00:02] – [01:31]
Implementation Challenges & Culture: [03:19] – [06:08]
Visibility & Inventory Issues: [06:08] – [07:01]
Real-world Win—Logistics Firm Example: [07:34] – [10:52]
Impact of AI/Tech Evolution: [10:55] – [13:56], [22:15]
Breaking Down Silos & Collaboration: [14:27] – [15:47]
Common Pitfalls and Maturity Mapping: [16:00] – [18:10]
Early Wins—Where to Start: [19:29] – [20:46]
Sustaining Progress—Mindset & Tips: [23:48] – [25:31]

Conclusion

Focus on gradual, meaningful improvements,
Prioritize visibility and collaboration,
Embrace flexibility and dynamic policy enabled by new technologies,
Remember that Zero Trust is, above all, a long-term organizational philosophy, not just a product to be implemented.

Connect with Leanne and Brandon on LinkedIn or through Palo Alto Networks’ Unit 42 for follow-up Zero Trust conversations or assessments.

wavePod

Zero Trust Without the Hype

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

Threat Vector by Palo Alto Networks

Episode: "Zero Trust Without the Hype"

Overview

Key Discussion Points & Insights

1. Zero Trust: A Journey, Not a Destination

2. Common Implementation Challenges

3. Focus on Measurable, Outcome-Driven Wins

4. The Power of Visibility & Dynamic Access

5. Breaking Down Silos for Sustainable Progress

6. Leveraging Tools Like the Unit 42 Maturity Heat Map

7. How Technology & AI Are Rewriting the Zero Trust Playbook

8. Practical Advice: Early Wins & What Sets Successful Orgs Apart

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Conclusion

Summary

Threat Vector by Palo Alto Networks

Episode: "Zero Trust Without the Hype"

Overview

Key Discussion Points & Insights

1. Zero Trust: A Journey, Not a Destination

2. Common Implementation Challenges

3. Focus on Measurable, Outcome-Driven Wins

4. The Power of Visibility & Dynamic Access

5. Breaking Down Silos for Sustainable Progress

6. Leveraging Tools Like the Unit 42 Maturity Heat Map

7. How Technology & AI Are Rewriting the Zero Trust Playbook

8. Practical Advice: Early Wins & What Sets Successful Orgs Apart

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Conclusion