Zero Trust People to Follow

People to Know / Follow

● John Kindervag – Creator of Zero Trust; Chief Evangelist at Illumio. Kindervag is the originator of “Zero Trust” (coined during his time as a Forrester Research analyst in 2010). He evangelizes Zero Trust globally – formerly Field CTO at Palo Alto Networks, now at Illumio leading Zero Trust advocacy. Current Role: Chief Evangelist at Illumio (a Zero Trust segmentation company). Follow: LinkedIn (very active with articles), Twitter/X: @Kindervag. Why relevant: John’s philosophy “never trust, verify everything” forms the bedrock of Zero Trust. He continues to advise governments (worked on U.S. federal ZT strategy) and enterprises. If you want to understand Zero Trust’s intent and latest developments (e.g. extending Zero Trust to OT networks), John’s insights are invaluable.

● Jaye Tillson – Author, CTO Security & Distinguished Technologist at HPE Aruba Networking. Tillson has 25+ years experience and has been a pioneer of Zero Trust, SASE, and SSE solutions in the enterprise. He co-founded the Zero Trust Forum and co-hosts the No Trust podcast. Follow:LinkedIn (frequently posts about Zero Trust and network transformation), and check out Zero Trust Forum blogs. Why relevant: Jaye bridges technical and business realms – he’s led global infrastructure teams and now helps develop HPE’s SSE platform (having come via the Axis Security acquisition). He often speaks at conferences (e.g. RSA, Black Hat) on implementing Zero Trust “on the ground” in complex environments, and is known for candidly addressing real-world obstacles. Jaye is the co-author of Zero Trust Done Right

● John Spiegel – Author, CTO Security & Distinguished Technologist at HPE Aruba Networking. Spiegel was an early adopter of SD-WAN and Zero Trust at a Fortune 500 company and also co-founded the Zero Trust Forum. Follow: LinkedIn and blog at - https://jspiegel.tech Why relevant: With 25+ years running global networks, John offers a pragmatic view: he’s lived the journey of moving from legacy network security to Zero Trust. He advises startups and works on HPE’s edge-to-cloud security strategy. His thought leadership often focuses on network transformation and how to implement Zero Trust in phased, non-disruptive ways. John’s perspective is especially valuable for network engineers transitioning to cloud-based Zero Trust models. John is the co-author of Zero Trust Done Right

● Jennifer Minella (JJ) – Founder & CTO of Viszen Security; Network Security Expert. Jennifer is a respected author (wrote “Wireless Security Architecture”) and a hands-on practitioner of Zero Trust in network and wireless domains. She is on the board of (ISC)² and faculty at IANS. Follow: Twitter/X @jjx[64], LinkedIn. Why relevant: Jennifer brings an operational lens – she talks about implementing Zero Trust in existing enterprise networks, including tricky areas like NAC (Network Access Control), IoT security, and wireless networks. As co-host of Packet Protector, she stays on the pulse of current threats and solutions. Her guidance often helps translate Zero Trust into specific controls (e.g., microsegmentation on WLANs or identity-based policy for contractors). Plus, she’s an engaging speaker who can break down complex security for executives and engineers alike.

● Chase Cunningham – “Dr. Zero Trust”; cybersecurity strategist. Chase developed the Zero Trust eXtended (ZTX) framework at Forrester, broadening Zero Trust beyond networks to a comprehensive strategy. He has served as Chief Strategy Officer at Ericom (Zero Trust cloud security) and Vice President of Security Research at G2. Follow: Twitter/X @DrZeroTrust, where he’s very active, and his blog DrZeroTrust.com. Why relevant: Few can claim the moniker “Dr. Zero Trust” – Chase earned it by deeply researching and operationalizing Zero Trust for both government and enterprise. He frequently briefs the military and enterprises on modernizing with Zero Trust. His content (podcasts, YouTube, books like “Cyber Warfare – Truth, Tactics, and Strategies”) is direct and pragmatic, often emphasizing cyber offense insights to inform Zero Trust defense. For a no-BS perspective on Zero Trust trends (and pitfalls to avoid), Chase is a must-follow.

● Paul Simmonds – CEO, Global Identity Foundation; former Jericho Forum co-founder. Paul (often spelled Simmonds) has a long history as a CISO (AstraZeneca, ICI) and was a visionary voice in de-perimeterization (Jericho Forum). Follow: LinkedIn. Why relevant: Paul’s work anticipated Zero Trust; he essentially advocated for it before it had a name. Now he leads the Global Identity Foundation, focusing on decentralized identity – a key enabler of Zero Trust. He continues to influence European security standards and speaks about identity in Zero Trust (e.g. at CSA and ISF events). For historical context and future direction (like identity-centric security models), Paul’s insights connect the dots. He often reminds the community that Zero Trust is not one product but an enterprise-wide paradigm shift.

● George Finney – CISO of Southern Methodist University; Author. George is known for taking an innovative approach to security leadership, including writing Project Zero Trust as a narrative and a follow up called Rise of the Machines which covers AI security. Follow:LinkedIn (he shares blog posts and media appearances). Why relevant: As a sitting CISO, George provides a practitioner’s view of building Zero Trust in a real organization (a university environment with openness and research needs). He emphasizes aligning security strategy with business – hence his book’s focus. He’s also engaged in broader security education (e.g., his previous book “Well Aware” on security habits). If you’re a security leader, George’s thoughts on change management, culture, and storytelling in security can be inspiring for your Zero Trust journey.

● Jason Garbis – Founder & CEO, Numberline Security; Zero Trust Working Group Co-Chair (CSA). Jason is a former product leader (Appgate) turned consultant/author focusing exclusively on Zero Trust. Follow: LinkedIn, Mastodon @jason.garbis@infosec.exchange. Why relevant: He literally wrote the book on Zero Trust (co-author of Zero Trust Security: An Enterprise Guide). Jason is deeply involved in community research – as co-chair of CSA’s Zero Trust group, he helps craft vendor-neutral guidance and the CCZT certification. His posts often analyze new government guidelines or bust myths (like “Zero Trust = VPN replacement only”). He’s an excellent source for frameworks, such as explaining CISA’s maturity model plus his own enhancements (ZTMM+ on Numberline). For anyone building a Zero Trust program, Jason’s content offers clarity and structure.

● Jerry Chapman – CTO at Numberline Security. Jerry has 20+ years in identity and access management and co-authored the Zero Trust Enterprise Guide with Jason Garbis. Follow: LinkedIn. Why relevant: Jerry specializes in the identity pillar of Zero Trust – he can dive into how to do identity federation, conditional access, and passwordless in a Zero Trust world. He’s also very outcomes-focused, often speaking about measuring the effectiveness of Zero Trust controls. Having worked with many clients at Optiv, Jerry brings a breadth of cross-industry experience, advising how to tailor Zero Trust to different environments (financial, healthcare, etc.). For practical steps on IAM and microsegmentation, Jerry is a go-to expert.

● Richard Bird – Chief Security Officer at Singulr AI and cybersecurity leader focused on identity, APIs, and Zero Trust. Follow: LinkedIn (shares commentary on digital identity, API security, and security leadership). Follow - LinkedIn Why relevant: Bird is a strong advocate for identity-first security, arguing that verifying users, devices, and services is the foundation of effective Zero Trust. He frequently highlights how APIs and application identity are overlooked attack surfaces in modern architectures. Through his writing and speaking, Bird helps security leaders understand how to secure digital identity and API ecosystems as organizations move toward Zero Trust and cloud-native architectures.

● PJ Kirner – Co-founder & CTO of Illumio. PJ is a technologist who helped create one of the first commercial Zero Trust platforms (Illumio’s microsegmentation). Follow: LinkedIn (shares articles on segmentation and breach containment). Why relevant: He’s at the forefront of implementing Zero Trust at the network and workload level. PJ often discusses the concept of “Zero Trust Segmentation” – ensuring that even if an attacker gets in, they can’t move laterally beyond a single compartment. He contributed to understanding how to practically achieve granular segmentation without breaking applications. For those more on the network/security engineering side, PJ’s work and talks (e.g. Black Hat presentations) provide a blueprint for how to think about and deploy Zero Trust in complex data center and cloud networks.

● Christopher Krebs – Former CISA Director; Co-founder, Krebs Stamos Group. Chris Krebs (not to be confused with journalist Brian Krebs) was the first director of U.S. CISA and championed Zero Trust in federal policy. Follow: Twitter/X @C_C_Krebs, where he comments on cybersecurity policy and disinformation. Why relevant: Under his leadership, CISA released the initial Zero Trust maturity model and pushed agencies toward Zero Trust adoption after the 2020 SolarWinds breach. Now as a consultant, Chris advises companies and appears in media advocating for modern cyber defense (often highlighting Zero Trust as key to resilience). He provides a high-level and policy-oriented viewpoint – useful for understanding the why behind mandates and gaining executive buy-in. His commentary ties Zero Trust to national security and business continuity, elevating the conversation beyond IT.

● Gram Ludlow – Author and CTO for Security at HPE. Gram is a seasoned infosec executive known for leading large-scale Zero Trust deployments. Follow:Conference talks (he’s spoken at Black Hat MEA, Gartner Security and Risk and ISC2 events). Why relevant: Gram’s experience securing a soft drink company based in Atlanta and then a hospitality enterprise gives him practical credibility. He has discussed how to successfully deploy Zero Trust architecture in complex, distributed environments – focusing on user experience and business alignment. He often emphasizes that Zero Trust is a journey (“guide to successfully deploying” was literally in a talk title) and shares lessons learned, like handling legacy systems or phased rollouts. For a candid view from the CISO seat, Gram’s insights are gold. Gram is the co-author of Zero Trust Done Right

● Evgeniy Kharam – Founder of the Security Architecture Podcast; Zero Trust Architect at Herjavec Group (formerly). Evgeniy is a practitioner-turned-educator who co-hosts the Secure Architecture Podcast the Cyber Inspiration podcasts. Follow: LinkedIn and Podcast Why relevant: Evgeniy specializes in helping organizations understand the vendor landscape and architectural patterns of Zero Trust. He often reviews technology (like secure enterprise browsers, SDP solutions) in the context of Zero Trust. With experience as a security architect in both enterprise and MSSP contexts, he gives very actionable design tips – e.g., how to segment by user role, or how to integrate Zero Trust with SIEM/SOAR. He’s also well-connected, often featuring other experts. For those who want a community learning approach (he does roundtables and panels on Zero Trust adoption), Evgeniy is a key person to follow.

● Rick Howard – President of the Cybersecurity Canon Project and longtime cybersecurity executive (former CSO at Palo Alto Networks and host at The CyberWire). Follow: LinkedIn (shares commentary on cybersecurity strategy, risk, and leadership). Why relevat: Howard is known for promoting a “first principles” approach to cybersecurity strategy, focusing on reducing the probability of material cyber risk rather than chasing individual threats or tools. He has held senior roles across the industry—including CISO at TASC, GM of iDefense, and leader of the U.S. Army’s CERT—and helped found initiatives like the Cyber Threat Alliance and the Cybersecurity Canon Project, which curates influential security books. His work helps security leaders think more strategically about cyber defense, resilience, and long-term risk reduction rather than purely tactical security operations.

● Den Jones – Founder & CEO of 909Cyber and former Chief Security Officer at Banyan Security, with prior enterprise security leadership roles at Cisco and Adobe. Follow: LinkedIn (shares insights on cybersecurity leadership, Zero Trust, and building modern security teams). Why relevant: Jones is a veteran cybersecurity leader with more than 30 years of experience implementing enterprise security programs at global organizations. He helped drive Zero Trust and identity-centric security strategies at Adobe and Cisco, protecting hundreds of thousands of users and devices. His commentary often focuses on practical security leadership—simplifying complex security architectures, managing large security teams, and aligning security with business operations. Through speaking, podcasts, and advisory roles, he offers pragmatic guidance for CISOs navigating large-scale enterprise security transformations.

● Bruce Davie – Computer networking pioneer, former Cisco Fellow and VMware CTO (APJ), and co-author of Computer Networks: A Systems Approach. Follow: LinkedIn (shares insights on networking architecture, systems design, and networking education). Why relevant: Davie is a foundational figure in modern networking architecture, helping lead the development of Multiprotocol Label Switching (MPLS) at Cisco and contributing extensively to Internet standards through the IETF. His work spans decades of innovation in networking, SDN, and Internet architecture, and today he focuses on teaching and writing about networking using a “systems approach”—helping engineers understand complex networked systems through underlying principles rather than just protocols or layers.

Notable Zero Trust Analysts

● John Watts (Gartner) – VP Analyst at Gartner, Security and Risk Management. Specialty: network security strategies, including Zero Trust Network Access (ZTNA) and SASE. John co-authors Gartner’s Zero Trust architecture research and advises CISOs on roadmap development. Notable work: Gartner’s “Top Trends in Cybersecurity” and Zero Trust hype clarification in 2023. He also contributed to Gartner’s definition of CARTA (continuous adaptive trust). Follow - LinkedIn Why notable: His reports help cut through buzzwords – e.g., explaining the differences between ZTNA 1.0 vs 2.0 capabilities, or how to integrate Zero Trust principles into existing SOC operations.

● Neil MacDonald (Gartner) – Distinguished VP Analyst at Gartner. Specialty: Cloud security and Zero Trust architectures. Neil has been with Gartner for decades and often sets the strategic vision (he was highlighting concepts akin to Zero Trust before the term exploded). He writes on topics like “architecting for resiliency with Zero Trust” and secure access service edge. Follow - LinkedIn Why notable: Neil is known for coining or promoting key ideas (he helped define the term “SASE” alongside colleagues). His insights connect Zero Trust to emerging tech (like container security, ML in security). He’s an authority whose words often influence Gartner’s top recommendations to security leaders.

● Andrew Lerner (Gartner) – Analyst focusing on Networking and Zero Trust Network Access. Andrew’s background is in enterprise networking; he provides guidance on how networking teams can implement Zero Trust without sacrificing performance. He’s written on SD-WAN integration with Zero Trust and frequently presents at Gartner summits on Networking and Zero Trust (he's a must see if you are at a Gartner show. Follow - LinkedIn Why notable: Andrew bridges the network and security worlds – crucial for Zero Trust which often involves networking overhaul. He is also straightforward in identifying vendor differentiation (e.g., he might summarize the ZTNA market leaders and their pros/cons). His research helps technical teams choose the right approach and technologies for Zero Trust from a networking perspective. Andrew is the EF Hutton of the networking industry.

● Carlos Rivera (Forrester) – Senior Analyst at Forrester, Security & Risk. Specialty: Zero Trust strategies and technology market. Carlos co-authored the Forrester Wave: Zero Trust Platforms, 2025 and writes guidance for refocusing security programs around Zero Trust during challenging times. Follow - LinkedIn Why notable: He is effectively one of Forrester’s new torch-bearers for Zero Trust (continuing after Kindervag and Chase Cunningham). Carlos provides practical recommendations – e.g., how to leverage Zero Trust to defend against specific attack trends, or how to incrementally implement Zero Trust in brownfield environments. Forrester clients often seek his advice on vendor selections and program benchmarks for Zero Trust.

● Paddy Harrington (Forrester) – Senior Analyst at Forrester. Specialty: Zero Trust architecture and identity. Paddy has a technical background and has focused on Zero Trust threat prevention and microsegmentation (he was involved in the Forrester Tech Tide on Zero Trust Threat Prevention). Follow - LinkedIn .Why notable: He explores the intersection of Zero Trust and emerging areas like IoT and cloud-native apps. Paddy also looks at organizational aspects, such as the rise of Zero Trust Portfolio Management Office in large enterprises or government (he wrote about DoD’s creation of a Zero Trust PMO). His research often informs both technical implementation and structural changes needed to sustain Zero Trust (like having dedicated leadership roles).

● James Plouffe (Forrester) – Principal Analyst at Forrester. Specialty: Expanding Zero Trust principles into new domains (e.g., DevSecOps, emerging tech). James joined Forrester after years in industry (including advising TV’s “Mr. Robot” on hacking storylines!). Follow - LinkedIn Why notable: He writes about applying Zero Trust in brownfield environments and in the Department of Defense context. He’s also interested in the future – how Zero Trust intersects with things like quantum-resistant security or AI. James provides a fresh perspective bridging hands-on experience with forward-looking analysis. If you’re interested in how to apply Zero Trust beyond the “traditional” IT environment (say, OT networks, vehicles, etc.), James likely has or will have research on it.

● Roy Chua – Founder & Principal at AvidThink, an independent technology research and advisory firm covering cloud, networking, and security infrastructure. Follow: LinkedIn (shares analysis on cloud networking, SASE, edge computing, and infrastructure security). Why notable: Chua is a well-known industry analyst focused on next-generation infrastructure, including SASE, edge computing, 5G, and cloud networking. With more than 20 years of experience in telecom and enterprise computing, he helps organizations understand how networking and security architectures are evolving as infrastructure becomes software-defined and cloud-native. His research and commentary often bridge the gap between emerging technologies (like edge, private wireless, and SASE) and practical enterprise adoption, making him a valuable voice for understanding where infrastructure security and networking are headed.

● Frank Dickson (IDC) – Group VP, Security & Trust at IDC. Specialty: Broad cybersecurity market including Zero Trust adoption trends. Frank oversees IDC’s security research, which includes surveys and MarketScape reports on Zero Trust. In 2022, he published IDC’s perspective on implementing Zero Trust as a core of digital trust programs. Follow - LinkedIn Why notable: Frank’s analysis is data-driven – IDC often surveys hundreds of organizations. He can tell you what percentage of enterprises are at what stage of Zero Trust maturity, or how spending on Zero Trust solutions is growing. This macro-level insight helps justify business cases. He also advises tech vendors on messaging, so he has a pulse on how solutions are evolving in response to customer needs.

● Fernando Montenegro – Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. Follow: LinkedIn (shares analysis on cybersecurity markets, AI in security, and evolving security architectures). Why relevant: Montenegro is a cybersecurity industry analyst and technologist who focuses on how security architectures evolve across cloud, AI, and expanding attack surfaces. He is known for analyzing security trends through both technical and economic lenses, helping organizations understand how vendor platforms, XDR, and integrated security architectures shape real-world security strategies. Through his research and commentary, Montenegro provides practical insight into where the cybersecurity market is heading—particularly around AI’s role in security operations, platform consolidation, and modern enterprise security architectures.