Is Defence in Depth still relevant now that the concept of Zero Trust has taken hold? That was the question a colleague asked me recently on a webinar and it got me thinking. If one has replaced the other and whether these strategies are mutually exclusive. It’s a complex question because there are pluses and minuses to both approaches. Defence in Depth (DiD) has been around for decades and there are those who argue the strategy has failed. They point to the bloated cyber security stack of up to 70 solutions now found. In the average enterprise and the seemingly…
Author: Phil Robinson
Phil Robinson
Phil Robinson has worked in information security for over 25 years and is the founder of Prism Infosec which offers cutting edge penetration testing, red teaming and security consultancy services of cloud and traditional on-prem architectures and enterprise applications. Phil has been instrumental in the development of numerous penetration testing standards and certifications. He was involved in the original formation of the Council for Registered Ethical Security Testers (CREST), chaired the management committee of the Tiger scheme and established key CESG Certified Professional (CCP) roles on behalf of the British Computer Society (BCS), and has also contributed toward the Open Source Testing and Security Manual (OSSTMM). An Associated Member of the ISSA, an (ISC)2 CISSP, ISACA CISA and a CHECK Team Leader, Phil has worked as a CLAS Consultant / Senior CCP Security and Information Risk Advisor and in this capacity has delivered cybersecurity advice and guidance to HMG departments and agencies. He regularly speaks about penetration testing and e-crime to help promote cybersecurity awareness and industry best practice.
Is Defence in Depth still relevant now that the concept of Zero Trust has taken hold? That was the question a colleague asked me recently on a webinar and it got me thinking if one has replaced the other and whether these strategies are mutually exclusive. It’s a complex question because there are pluses and minuses to both approaches. Defence in Depth (DiD) has been around for decades and there are those that argue the strategy has failed. They point to the bloated cyber security stack of up to 70 solutions now found in the average enterprise and the seemingly…
