In the ever-changing world of cybersecurity, Richard William Bird’s voice stands out with clarity when it comes to understanding Zero Trust in global cybersecurity. Over his decades in the field, Bird has become a leading authority in cybersecurity challenges and brings his insights on misconceptions, challenges, and necessary strategies for cybersecurity.
What Is Zero Trust?
Zero Trust has become one of the most misunderstood cybersecurity frameworks in recent years. “The real challenge with Zero Trust is the emotional response to either the naming of it or the contentious back and forth in the industry about what it really means,” Bird explains. Many executives hear the term and assume it means that the system itself isn’t trustworthy. Instead, the concept is about continuously verifying and validating everything within a digital environment.
According to Bird one of the biggest challenges in implementing Zero Trust is the reliance on outdated security models. “We’re so tied up in a very old model for security architecture, which is the OSI seven-layer model created by members of the Department of Defense in 1983,” he notes. Unfortunately, strict adherence to this outdated approach leads many organizations to believe that Zero Trust is impossible to implement. There are simple pathways to achieve Zero Trust outcomes,” Bird asserts.
The Three Pillars of Zero Trust Implementation
Bird outlines three fundamental steps for an organization to implement Zero Trust for their cybersecurity needs. This starts with observability and visibility “Everything in security starts with observability and visibility,” Bird asserts. Organizations must have a clear understanding of their digital assets, security solutions, and vulnerabilities. “While that seems kind of weird that people would have to be reminded of that, the truth is that most large enterprises have very poor visibility in their security landscape.”
The next step is prioritizing identity “Zero Trust is more about identity than any security strategy or framework,” Bird emphasized. Many assume identity security refers only to human users, but he points out that machine accounts and functional accounts far outnumber human users in most organizations. “Understanding your identity landscape is absolutely necessary to begin a Zero Trust journey.”
From there Bird recommends starting small, as many organizations feel overwhelmed by the idea of overhauling their entire security infrastructure. “Orient your Zero Trust program to attack the riskiest assets first, then spread wide and far within your organization.”
AI and the Future of Cybersecurity
Bird also sees artificial intelligence as both an opportunity and a significant security challenge. “When I get asked by CISOs and CIOs about AI deployment strategies, I always ask the same question: how good are you at data security?” The answer, he notes, is usually underwhelming. “If you’re not good at data security and identity security, don’t do AI,” he warns.
Bird explains that AI is particularly vulnerable because it interacts with identity systems and data security frameworks in ways that many organizations simply aren’t prepared for. “AI agents maneuver through data stores just like hackers do,” he cautions. With AI services increasingly being integrated into businesses through third-party providers, the risks only go up. “For most companies, 90% of the AI agent and service exposure they have is outside of their company. That means they don’t own those assets and can’t influence their security behaviors.”
This lack of control over AI security highlights the need for companies to be vigilant when adopting new technologies. “Security is not even a secondary or tertiary thought for most AI developers,” Bird notes. Yet it often opens doors for major security risks. “You can see this happening all the time in the news—oops, we exposed these API keys, oops, we exposed this data.”
A Call for Change
Bird believes Zero Trust is about changing the way organizations think about security. “Change generates fear, and that’s what causes people to struggle with Zero Trust in today’s market,” he says. But as cyber threats evolve, embracing Zero Trust is no longer optional. it’s a necessity. If you’d like to know more about Zero Trust and staying on the cutting edge of cybersecurity, follow Richard Bird on LinkedIn.
