7 key steps to Zero Trust

April 16, 2020 | Derrick Johnson
Derrick Johnson

Derrick Johnson

Derrick Johnson is the National Practice Director for Secure Infrastructure Services within AT&T Cybersecurity Consulting, responsible for its direction and overall business performance. Derrick's practice provides strategic and tactical cybersecurity consulting services around next-generation network and cloud security architectures, zero trust networking, logical and virtual network segmentation and micro-segmentation, security operations, orchestration and automation, and firewalling, among other initiatives. Derrick is a Certified Information Systems Security Professional (CISSP) who joined the AT&T Cybersecurity Consulting team through the acquisition of the VeriSign, Inc. Global Security Consulting business, which was completed in October of 2009. Prior to working for VeriSign, Derrick was the Global Information Security Officer for Stream International; a global business process outsource (BPO) service provider specializing in customer relationship management services. Prior to Stream, Derrick was a Senior Associate on KPMG’s Information Risk Management team, specializing in Information Security Services. Before becoming a consultant Derrick spent four years in systems and network engineering, with a role as a Senior Network Engineer with America OnLine, performing network engineering and administration for America OnLine’s Advanced Network Services (ANS) team. Derrick earned his BS in Computer Engineering from Syracuse University.

April 16, 2020 | Derrick Johnson

7 key steps to Zero Trust

This is part 3 of a 3 part blog series. You can also read part 1 and part 2. My last two blog entries provided some key elements of a Zero Trust Network (ZTN), which focused on the tenets of zero trust and how the confidence is gained for untrusted traffic and authorized on a continual basis.  The comprehensive nature of Zero…

April 8, 2020 | Derrick Johnson

The Zero Trust Authorization Core

This is part 2 of a 3 blog series. You can also read part 1 and part 3 The Foundation of a Zero Trust Architecture (ZTA) talked about the guiding principles, or tenets of Zero Trust.  One of the tenets mentions how all network flows are to be authenticated before being processed and access is determined by dynamic policy.   A network…

Get the latest security news in your inbox.

Subscribe via Email

April 1, 2020 | Derrick Johnson

The foundation of a Zero Trust architecture

Part 1 of a 3 blog series. You can also read part 2 and part 3. Organizations have placed a lot of time, effort and capital spend on security initiatives in an effort to prevent security breaches and data loss.  Even the most advanced “next generation” application layer firewalls filtering malicious traffic at the network perimeter has only revealed equal if…

July 15, 2019 | Derrick Johnson

Cloud Security and Risk Mitigation

The cloud certainly offers its advantages, yet as with any large-scale deployment, the cloud can offer some unforeseen challenges.  The concept of the cloud just being “someone else’s data center” has always been a cringe moment for me because this assumes release of security responsibility since ‘someone else will take care of it’.…