Zero Trust – Niel Harper

Is your biggest security risk already inside your castle?

March 23, 2026March 25, 2026nielharper

I recently sat down with Mary K. Pratt (always wonderful to speak with her) to discuss “insider threats” for her CSO Online article.

My message was that the definition of an “insider” has fundamentally changed. It’s no longer just about disgruntled employees; it’s about a complex web of social engineering, digital savviness, and agentic AI.

Below are three critical takeaways from our discussion on “new” face of insider threats:

>> Social Media as a Recruitment Tool: Threat actors are using OSINT on social platforms to find “mercenaries”. By identifying employees under economic or personal pressure, they can bribe or blackmail insiders to do their dirty work.

>> The Rise of the “High-Risk” Average User: You don’t need to be a developer to be a threat. With modern digital tools and GenAI, the average staffer now has the capability to become a high-impact threat actor, intentionally or otherwise.

>> AI as the New Insider: We must start viewing AI agents as insiders. If an agent has privileged access and goes rogue — or is manipulated — it can exfiltrate data at machine speed. Essentially, AI has changed the paradigm of what constitutes an insider threat!

But what’s the solution? It’s time to move beyond “set and forget” background checks. Security pros must insist on regular, tiered background reinvestigations (especially for high-access roles), integrating behavioral signals with technical telemetry, and extending risk frameworks to include non-human/AI identities. In a world of remote work and outsourced contractors, trust must be continuous, not just a one-time onboarding event.

How is your organization adapting its Insider Risk Management framework for the AI era?

Check out the article here: https://lnkd.in/dkwhGMNE

DNS is the first line of defense for security and resilience

March 21, 2026nielharper

On March 19, 2026, NIST finalized the SP 800-81r3 (Secure DNS Deployment Guide). This isn’t just a routine update; it is a fundamental shift in how we approach Internet resilience and organizational trust.

For years, DNS was the “quiet utility” in the background. In the modern threat landscape, NIST Revision 3 reimagines it as a proactive security control point.

Why does this matter for your 2026 security roadmap?

1️⃣ DNS as a Policy Enforcement Point (PEP): Moving beyond simple resolution, r3 integrates DNS into Zero Trust Architecture. By leveraging DNS as a PEP, organizations can neutralize threats such as malware, phishing, and command and control (C2) callbacks at the resolution stage, before a single packet of malicious data is exchanged.

2️⃣ Closing the Privacy Gap: For the first time, we have a definitive standard for deploying DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) at scale. This effectively encrypts the “digital breadcrumbs” of our network metadata, protecting against unauthorized surveillance and data harvesting.

3️⃣ Operational Resilience & Integrity: Through rigorous DNSSEC validation and the elimination of “dangling CNAME” exploits, r3 provides a fail-safe directory. In a world of automated attacks, your “Single Source of Truth” must be immutable.

NIST SP 800-81r3 ensures that DNS is no longer your weakest link, but your most resilient shield. Standardizing these protocols isn’t just about compliance, it’s about building an Internet that is secure by design.

Do you plan on auditing your DNS architecture against the new r3 standards?

Download the SP 800-81r3 (Secure DNS Deployment Guide) now!

Security leaders shed light on their zero trust journeys

April 23, 2025nielharper

Zero trust architecture (ZTA) implementations pose challenges due to the abundance of vendor and media hype surrounding this concept. Understanding the true essence of zero trust and its relevance to your specific company or IT environment is crucial.

Establishing trusted identities for devices is a foundational aspect of implementing a zero trust model. It is essential to navigate through decisions on scaling your zero trust ecosystem effectively, encompassing identity, authentication, network architecture, and endpoint detection and response technologies.

Transitioning to a “default/deny” architecture from the traditional “trust then verify” approach can introduce significant user friction and degrade their overall experience in utilizing enterprise systems. Hence, careful planning and constituent engagement is a necessity.

Moving towards a zero trust architecture is a progressive journey rather than a mere technological shift. Many enterprises will find themselves operating on a hybrid zero trust/perimeter-based model during this transition phase.

These insightful discussions with Mary K. Pratt from CSO Online and other security leaders provided valuable perspectives on the challenges and opportunities associated with implementing ZTA.

Explore the conversations and insights shared here: https://bit.ly/4cI2P2C

Ransomware has “changed the game” of cyber insurance

March 22, 2022May 6, 2022nielharper

I recently made a presentation on ransomware and cyber insurance at the Barbados Risk and Insurance Management (BRIM) conference.

Many thanks to the Captive Insurance Times’ reporter Rebecca Delaney for so excellently capturing my session. In the intro section, she wrote:

“Cyber insurance is not an exhaustive replacement for robust security capabilities, warns Niel Harper […] He explained that ransomware is so disruptive because of the extensive network of paid services it has spawned, such as access brokers, malware packing, phishing kits, hosting and infrastructure, anonymity and encryption, and hardware for sale… In addition, distribution networks include social network spam, instant messaging spam, exploit kit development, spam email distribution, and traffic distribution systems.”

The full article can be found at: https://bit.ly/3MMs71t