CybersecurityCIO Pulse

How to Build and Sustain a Successful Zero Trust Project

Packet Pushers
Packet PushersMay 5, 2026

Why It Matters

Because Zero Trust adoption often stalls at the cultural and communication layer, applying these practical, people‑first tactics can accelerate deployment, lower risk, and protect critical assets, delivering measurable business value.

Key Takeaways

  • Zero Trust fails due to poor implementation, not strategy.
  • The “messy middle” requires change management and executive buy‑in.
  • Reframe Zero Trust as “smart trust” to reduce emotional resistance.
  • Start with quick wins and protect‑surface inventory to build momentum.
  • Storytelling and stakeholder‑specific language drive cross‑team alignment throughout projects.

Summary

In a recent episode of the Packet Protector podcast, hosts Jennifer Jabbush and Drew Conry‑Murray interview John Spiegel and Jay Tilson, co‑authors of “Zero Trust Done Right.” The conversation centers on how to build and sustain a Zero Trust program, emphasizing the often‑overlooked “messy middle” where frameworks meet real‑world enterprise dynamics.

The guests argue that Zero Trust projects fail not because the strategy is flawed, but because of poor implementation, sequencing, and change‑management. They stress that Zero Trust is a cultural shift requiring executive sponsorship, cross‑departmental collaboration, and early quick wins such as protect‑surface inventories to generate momentum.

John notes that the phrase “Zero Trust” triggers a visceral loss‑aversion response, recalling his own experience of being stripped of admin rights. Jay recounts a university that renamed the initiative to avoid the negative connotation, illustrating the power of reframing. Both recommend storytelling and tailoring language to each stakeholder—marketing, operations, or IT—to secure buy‑in.

For businesses, adopting this holistic approach means faster, less‑resisted deployments, reduced silo‑induced failures, and a security posture that aligns with business objectives. By treating Zero Trust as “smart trust” and focusing on protecting people and assets, organizations can achieve sustainable security transformation.

Original Description

In theory, a zero trust initiative seems straightforward: you just need the right tools and maybe some whiteboard sessions to work out the architecture. In practice, our guests note that zero trust "unfolds inside organizations filled with legacy systems, political friction, budget constraints, and competing priorities." Without accounting for those complications, a zero trust project is likely to go nowhere.
On today's Packet Protector we talk with two of the authors of the book Zero Trust Done Right. The book is a practical guide to enabling zero trust based on the authors' own experience with successful security projects---and some failures. They draw on their hard-won experiences to offer a strategic, workable approach to zero trust.
We discuss how to get a zero trust project off the ground, the difficult (but essential) work of gathering stakeholders and convincing them of the value of the effort, building an effective pilot program, where to look for quick wins (maybe start with privileged accounts or VPN replacement), the technological pillars of zero trust, and more.
Our guests are John Spiegel and Jaye Tillson. They are both executives at a major infrastructure vendor, but this book isn’t affiliated with their day jobs and this is not a sponsored episode.
Links:
Jaye Tillson on LinkedIn - https://www.linkedin.com/in/jaye-tillson
Zero Trust Forum - https://zerotrustforum.net/
Packet Protector is part of the Packet Pushers network. Visit our website to find more great networking and technology podcasts, along with tutorial videos, the Human Infrastructure newsletter, and loads more resources for building your IT career. https://packetpushers.net

Comments

Want to join the conversation?

Loading comments...