The ground under cybersecurity is always moving, but the smartest teams aren’t chasing shiny tools—they’re changing how they think. We sit down with John Linford, Forum Director of the Security Portfolio at The Open Group, to revisit zero trust, quantitative risk, and the education efforts that turn strategy into daily behavior. What’s different since we first decoded zero trust? A lot: AI is now a core variable on both sides of the fight, boards demand cyber risk in dollars, and supply chain assurance has become the backbone of resilience.
We unpack zero trust as a mindset shift that rejects quick-fix products and leans into continuous verification, least privilege, and measurable progress. John explains how organizations are adopting CRQ and The Open FAIR™ Body of Knowledge to translate likelihood and loss into language the board already understands, making security decisions comparable to finance and operations. We also talk about the rise of role-based security education, with new standards for security roles and glossaries that help every employee—from engineering to procurement—know what “secure” looks like in their day-to-day work.
From AI governance and data protection to SBOMs, secure-by-design practices, and trustworthy technology providers, we explore how open standards and reference models guide real-world implementation. You’ll hear where The Open Group is headed next: evolving the Zero Trust Reference Model, integrating security risk into enterprise risk management, and expanding the dependability framework that ties architecture and assurance together. If you care about scaling security without the hype, this conversation offers clear patterns, practical language, and concrete next steps.
Listen to the previous episode with John Linford from Season 1 here.

Send us a text

Copyright © The Open Group 2023-2025. All rights reserved.