Episode 3: Validating Security Controls and Gaining Executive Buy-In for Zero Trust

In this episode of Zero Trust Journey, hosts Victor Monga and Zach Pugh sit down with Jose Barajas, Vice President of Global Sales Engineering at AttackIQ to explore what it truly takes to implement and sustain Zero Trust security beyond the buzzwords.

Jose shares first-hand insights from years of helping organizations validate their security controls, revealing the biggest misconceptions, common pitfalls, and the real challenges that teams face when moving Zero Trust from theory to practice. From breaking down resistance to change to securing executive buy-in, this episode delivers practical strategies for making Zero Trust work—no matter where you are in the journey.

What You’ll Learn in This Episode:

✔ The Validation Gap – Why 90% of organizations assume their Zero Trust controls work, but nearly half fail security testing.
✔ Beyond Compliance – How Zero Trust is a security strategy, not just a checkbox for regulations.
✔ Breaking Cultural Barriers – Overcoming resistance from teams who feel “Zero Trust means you don’t trust them.”
✔ Securing Executive Buy-In – “I've gotta find a way to position Zero Trust as a revenue driver or at least to offset the protection of assets in the business.”
✔ The Role of Continuous Testing – Why Zero Trust isn’t a one-and-done initiative, but an evolving process requiring ongoing validation.

Victor and Zach dive into real-world Zero Trust adoption stories, exposing the biggest roadblocks organizations face—including why many Zero Trust projects fail before they start. Jose shares actionable ways to validate security controls, iterate on implementations, and gain leadership support to drive Zero Trust forward.

Key Takeaways:

🔹 Zero Trust isn’t complicated—it’s just hard. Cultural shifts and executive mandates are critical for success.
🔹 Validation matters—if you don’t test security controls regularly, they likely aren’t working as intended.
🔹 Zero Trust isn’t about mistrust—it’s about verifying digital actions, not distrusting employees.
🔹 Align Zero Trust with business goals—position it as a risk-reducing, revenue-protecting strategy to gain leadership support.
🔹 Start small, iterate, and automate—Zero Trust isn’t all or nothing, it’s a process of continuous improvement.

Whether you’re a security leader or just beginning your Zero Trust journey, this episode provides practical insights to strengthen your strategy, reduce risk, and gain buy-in across your organization.

Stay connected with the Zero Trust Journey! Follow us on LinkedIn and subscribe to our YouTube for insights, discussions, and updates. Visit our website for exclusive content and to stay informed on the latest Zero Trust strategies.

Disclaimer: The views expressed are those of the speakers.