Everyone was already inside
A CISO spent a decade building a taller wall. Then a contractor's laptop walked straight through it — and she realized she'd been defending the wrong thing the whole time.
We sat with Nadia, a CISO who spent a decade perfecting a perimeter — and the week a single compromised laptop made her rethink the whole shape of the problem.
It was a magnificent wall, honestly. Redundant firewall, hardened VPN, perimeter monitored from three time zones. Most days, if you'd asked me whether we were secure, I'd have pointed at the wall and you'd have believed me. Then a contractor's laptop got compromised, and the wall did exactly what walls do — nothing — because the laptop was already inside it.
The attacker didn't break in. He logged in, on a valid VPN credential, on a machine we'd decided to trust the moment it crossed the threshold. And once inside, he could move. The file shares didn't ask who he was. The internal tools assumed anyone on the network belonged there. He spent nineteen days wandering a castle that checked his ID once, at the gate, and never again.
The model I'd been defending is medieval — a moat, a wall, a single guarded gate. Inside, friends; outside, enemies. It's intuitive because it's how humans have thought about safety forever. It's also been obsolete since about 2015, and the strange thing is everyone knew that and kept building walls anyway. Me included.
The perimeter didn't fall to an attacker. It dissolved on its own, the day the work moved outside the wall and we kept guarding the gate from habit.
Because look at who was actually inside my castle.
— Strangers, every one of them, made "safe" by nothing but their location. The wall was guarding a border that no longer matched where the company lived.
That's the part that took me longest, and it wasn't technical — it was grief, almost. I had to give up the idea that "inside" meant "safe," an idea I'd organized a decade of my career around. There is no inside anymore. There's just a sprawl of people and machines, some trustworthy and some not, none of them made trustworthy by where they're standing.
It's a terrible name for a simple idea: stop trusting the network, start verifying the identity behind every single request. Not once, at the gate — every time, at every door. The contractor's laptop proves nothing by being "on the VPN," because there is no VPN and there is no "on." Each request answers the question fresh: who are you, on what device, and are you allowed to do this specific thing right now? That's where Cloudflare came in. The elegance was that I didn't lower the drawbridge for the whole castle. I put a guard at every door.
She retired the flat VPN and put identity-aware access at the edge: every request to every internal app authenticated against identity and device posture, before it reached anything. No implicit trust from being "on the network," because there was no network to be on. The contractor's next compromised laptop got exactly as far as the first door — and no further.
An engineer hitting an internal dashboard from a healthy, known device got in instantly and never felt the guard. The same engineer on an unpatched personal laptop got asked harder questions, or got nothing. Location stopped meaning anything. Identity meant everything. When we ran the next red-team exercise, the attacker did what attackers do — got a credential, got a foothold — and then stopped. There was no "inside" to spill into. Every door asked who he was and what device he was on, and the answers didn't hold up. Nineteen days of wandering became nineteen minutes of getting nowhere.
The technology was the easy part. The hard part was the unlearning. My whole career, "secure" had been a place — a thing you were, if you stood in the right spot behind the right wall. Zero trust asks you to believe security isn't a location at all. It's a verb. Something you prove, freshly, every time you reach for something, and the proof expires the instant you're done.
That's harder to accept than it sounds, because it means there's no finish line — no wall you can finally finish building and rest behind. But it's the only model that survives contact with a world where half the things logging into your company aren't people, and none of them care how tall your wall is. The castle was always empty. The work now is to stop guarding the gate, and start guarding the doors.