A zero-trust design principle, sized to your context.
One principle, three zones (data, identity, network), one position the organisation can carry. Sharp enough to design against, modest enough to operationalise.
STRATEGY SESSION·ZERO-TRUST STRATEGY
Want a zero-trust that holds in architecture and governance alike?
DurationHalf-day or full day
FormatWorking session on-site
ParticipantsCISO, Security Manager, Security Architect
§ 01 · The question
Why this question is hard
Three scenarios we encounter at organisations approaching zero-trust.
Scenario 01
Zero-trust starts as identity work and stalls there.
IAM gets sharper, ZTNA replaces VPN, the data and network sides stay where they were. The principle becomes inconsistent, the gain partial.
Scenario 02
The vendor sells zero-trust as a platform, not a principle.
A platform delivers part of the picture. Without the design principle holding across the rest, the platform investment doesn't deliver what the slides promised.
Scenario 03
The team designs maximalist and the organisation stops carrying it.
Microsegmentation everywhere, every flow inspected, every identity continuously verified. Beautiful on paper, unsustainable in practice. The middle ground is missing.
§ 02 · Outcome
What the session delivers
A working principle, not a platform list.
A first sequence of moves.
Where to start, what to leave for later. Per move an indication of effort, duration and ownership. Sized to the team.
A shared understanding between architecture, security and operations.
After the session, the three speak one language about zero-trust. That is the basis for any platform decision that follows.
§ 03 · How it works
The approach
Four steps, half a day or full day plus preparation and summary.
- 01
Preparation.
Existing architecture overview, current IAM and network setup, three scenarios to test the principle on. A first call to align on assumptions.
Beforehand - 02
Half a day or full day, on your location.
A structured working session in which we design the principle across data, identity and network with your team. We test it on the three scenarios you provided.
The session - 03
Synthesis.
Within one working week, a written summary with the design principle, the three test scenarios and a first sequence of moves.
After - 04
Follow-up engagement.
If you want architecture support during execution, we can stay involved. In a clear role, with a defined endpoint.
Optional
§ 04 · Participants
Who's involved
The session asks for the right people at the table, not the most.
On your side
CISO and security architect host.
One central contact, usually the CISO or Security Architect. Network and identity leads at the table for the parts where their input matters.
On our side
One senior architect facilitates.
No team, no junior. The architect who runs the session writes the summary and presents it.
Hans Raaijmakers
Senior architect and founder. A quarter of a century in security governance, finance, and public sector.
§ 05 · Investment
Scope and duration
What this costs depends on your context and scale. We are upfront about effort and duration, so you know what you're asking for.
DurationHalf-day or full day
Plus preparation and a written summary within one working week.
Our effortSenior architect, plus preparation and summary
Hans Raaijmakers facilitates the session. Preparation and synthesis are part of the engagement.
RateOn request
A fixed amount per session, after the orienting conversation. No hourly billing.
§ 06 · Scope limits
What this is not
For clarity, what this is not.
Not a platform implementation.
We design the principle. Platform implementation follows in a separate engagement with the right partners.
Not a vendor selection.
We don't score products. The session is about the principle, not the platform.
Not a maximalist zero-trust rollout.
Maximalist designs look good on slides and stall in practice. The session is about the middle ground that holds.
BACK·PLAN A SESSION