No Trust Podcast: Untangling Wi-Fi, NAC, and Zero Trust with Jennifer Minella

n this episode of No Trust, part of the Zero Trust Forum, hosts Jaye Tillson and John Spiegel welcome Jennifer Minella— security architect, industry veteran, and passionate educator. Known for her decades of hands-on experience across networking, wireless, NAC, and security architecture, Jennifer brings a rare, grounded perspective to the conversation.

From the realities of WPA3 and the messy state of NAC, to the promise (and gaps) in universal ZTNA, this episode digs into the often-overlooked infrastructure layer that underpins Zero Trust — and the hard truths about why it’s still so complicated.

Highlights from the Conversation

From Graphic Design to Network Architecture

Jennifer didn’t start in tech — her early career was in graphic design and the arts. But a twist of fate led her to networking, where she learned the IEEE standards inside and out and earned multiple master-level certifications. That foundational knowledge still shapes how she approaches segmentation, Zero Trust, and infrastructure security.

The State of Wi-Fi Security

We’ve been using the same Wi-Fi security suite for over 20 years — which, as Jennifer bluntly points out, is “borderline embarrassing.” WPA3 and the new 6 GHz spectrum bring change, but adoption is slow. Enterprise and consumer markets pull in different directions, and IoT/OT realities make simple “check the box” upgrades impossible.

Why NAC is Still a Mess

Most NAC deployments struggle or fail — not because the idea is bad, but because implementation is complex, inconsistent, and often forced into restrictive enforcement models. Jennifer has worked with about a dozen NAC products and has never seen a customer succeed without external help. NAC’s fundamental limitations in a hybrid, cloud-first world make it ripe for rethinking.

ZTNA, SSE, and the Push for Universal Policy

The dream: one policy for all — users, devices, IoT, OT, APIs — regardless of location or network. Jennifer sees progress in ZTNA/SSE for human endpoints but highlights big identity and enforcement gaps for headless devices. Until we solve unique device identity (preferably with certificates, not MAC addresses), IoT/OT security will lag.

The Spaghetti Problem

Without architecture oversight, networks become tangled webs of siloed tools, inconsistent policies, and vendor-specific quirks. Jennifer’s advice: untangle the spaghetti by understanding it first — then tackle Zero Trust incrementally, starting with what you can control.

Looking Ahead

She predicts that better enforcement capabilities in network infrastructure could arrive in the next 18 months, but solving the identity problem for headless devices will take longer. Models like the Connectivity Standards Alliance’s Matterstandard offer a blueprint — but enterprise adoption is still far off.

Why You Should Listen

If you care about Zero Trust beyond the marketing decks — at the gritty intersection of infrastructure, wireless, NAC, and policy — this episode delivers. Jennifer blends hard-earned technical insight with pragmatic advice for making real progress, even in messy, hybrid environments.

🎧 Listen to the full episode here: No Trust Podcast – Jennifer Minella Episode

Full Transcript (Cleaned & Readable)

Jaye Tillson: Welcome to another episode of No Trust. Today we have a brand-new guest — Jennifer Minella. We first met at RSA (in a bar, actually), and I’m pretty sure you filmed a funny video of me about my English accent. But enough about that. Jennifer, tell our listeners who you are and how you got here — preferably without any more videos.

Jennifer Minella: Thanks, Jay. Well, after that intro, everyone probably knows what to expect from this conversation. I’ve spent over 30 years in tech, mostly in infrastructure, security architecture, and engineering. I’ve touched everything that passes packets: switches, routers, firewalls, remote access, Wi-Fi back before it was even a standard, network authentication, NAC, and now the “new hotness” — Zero Trust on infrastructure.

John Spiegel: This is the first time on this podcast we’ve covered wireless and NAC. Let’s start with wireless — what are the key security challenges?

Jennifer Minella: We’ve been using the same Wi-Fi security suite for 20+ years. That’s borderline embarrassing for security pros. WPA3 is here — required in 6 GHz spectrum and with Wi-Fi 7 — but adoption is slow. Enterprise and consumer Wi-Fi have different objectives, so change is messy. Add IoT and OT, and it’s not as simple as ticking a box. Standards noncompliance, sprawling complexity, and vendor-specific quirks make it hard.

Jaye Tillson: And all the training needed just to get packets from point A to point B is staggering now.

Jennifer Minella: Exactly. When I started, you could master end-to-end networking. Now each subdomain demands weeks of training. And while we have more learning resources today, we’ve lost some foundational teaching — like the difference between Layer 2 and Layer 3 communications. Without that, advanced segmentation and Zero Trust are impossible to implement correctly.

John Spiegel: And in most big orgs, you’ll have multi-vendor complexity — Aruba wireless, Cisco networking, Palo Alto firewalls. Applying consistent policy is hard.

Jennifer Minella: Which is why architecture matters. Too often, we just buy products and configure them, without planning or integrating fully.

Jaye Tillson: Let’s shift to Zero Trust and NAC. I’ve tried implementing NAC — it was clunky, broke things, and ended up off more than on.

Jennifer Minella: That’s common. I’ve worked with a dozen NAC products; I’ve never seen a self-implementation succeed. NAC is fundamentally challenging — inconsistent enforcement, restrictive models, RADIUS/802.1X dependencies, and hardware limits. In hybrid/cloud-first environments, NAC alone isn’t enough.

Jaye Tillson: So where does ZTNA fit?

Jennifer Minella: For anything with a human user, ZTNA/SSE is easier, less disruptive, and more granular. It should deliver the same experience whether you’re at home, in Starbucks, or in the office. But for headless devices, the mess remains. You need some NAC-like capability, but modernized — with better enforcement in switching infrastructure and unique device identity. MAC randomization is making that harder, not easier.

Jaye Tillson: Gartner talks about “universal ZTNA” — one policy for everyone and everything.

Jennifer Minella: We’re getting closer, but I haven’t seen many that bring NAC-level control into ZTNA. Vendors like illicity are interesting, but there’s still a gap — especially for IoT/OT. Without strong identity and enforcement for headless devices, you can’t have one truly universal policy.

Jaye Tillson: And attackers are already pivoting to target IoT/OT because we protect the other stuff better now.

Jennifer Minella: Exactly. Until we solve identity (certificates, not MAC addresses) and enforce effectively in the network, this will remain a gap. Enforcement improvements may come in 18 months; identity will take longer. The Matter standard in consumer IoT offers a model we could adapt for enterprise.

Jaye Tillson: Before we wrap — let’s talk about your whiskey preferences.

Jennifer Minella: I’m a rye whiskey fan — I like the bite and spice. Some Japanese whiskies are good, and I’ve learned to appreciate certain scotches (Lagavulin 16, Laphroaig, Famous Grouse). I’d love to tour Scotland’s distilleries someday. I’m not into drinking to get drunk — I enjoy tasting and savoring.

Jaye Tillson: We’ll hold you to that Scotland trip. Thanks for joining us — we’d love to have you back.

Jennifer Minella: Thanks for having me. And I’ll have to get you on my podcast, Packet Protector, sometime too.