Zero-Trust Mindset
This core phrase represents the absolute baseline of Zero Trust architecture, replacing the old IT rule of "Trust, but verify."
"Never trust, always verify"?
This historical, medieval defensive structure is the classic analogy for Defense in Depth, using moats, drawbridges, and high walls to delay attackers.
What is a castle?
When a panicked client calls saying they clicked a suspicious link, a Cyber Hero's first crucial directive to the client regarding their computer is this.
What is "Disconnect it from the network/Wi-Fi"? (Accept: Unplug it / Isolate it)
To ensure strict access control and organization when onboarding a new company department to 1Password, you should always utilize this feature rather than individual sharing.
What are Group Permissions? (Accept: Shared Vaults managed by Groups)
This core value means that by focusing on helping our team members, partners, and clients succeed first, we naturally create success for our own business.
What is Givers Gain?
Zero Trust assumes this scenario has already happened inside a client's network, forcing us to continuously validate every user and device.
What is a breach? (Accept: An infiltration / Compromise)
Defense in Depth teaches us that this common perimeter security hardware device is never enough on its own to protect a network.
What is a firewall?
When explaining a complex security threat like ransomware to a non-technical business owner, a Cyber Hero must strictly avoid this confusing 6-letter IT industry term.
What is jargon? (Accept: Acronyms)
When configuring a client firewall, this specific brand of security appliance is our standard for gateway protection and remote workplace connectivity.
What is SonicWALL?
Technology changes daily, which is why a tech must commit to this core value to keep their skills sharp, earn certifications, and never settle for outdated knowledge.
What is Lifelong Learning?
This security principle dictates that users and applications are only given the absolute minimum access necessary to complete their specific job tasks.
What is Least Privilege? (Accept: Principle of Least Privilege / POLP)
To protect the "Data" layer at the very center of our security onion, we use this process to make files unreadable to unauthorized eyes, both at rest and in transit.
What is encryption?
It's not just about fixing the issue; it's about the paper trail. A Cyber Hero ensures this internal step is completed thoroughly so the next tech has a full history of the incident.
What is documentation? (Accept: Ticketing / Logging notes)
Rather than relying on traditional signature-based antivirus, our endpoint security strategy utilizes this advanced AI-driven software to detect and roll back malicious behavior.
What is SentinelOne?
Being a Cyber Hero means owning your mistakes just as much as your wins, embodying this core value of standing behind your work and your team.
What is Accountability?
Rather than relying on a static login, a Zero Trust framework uses this type of continuous authentication, checking variables like device health and location before granting access.
What is Contextual (or Dynamic) Authentication? (Accept: Conditional Access)
Because humans are often the weakest link in the security chain, this administrative control is used to train client employees to spot phishing attempts.
What is Security Awareness Training? (Accept: Phishing simulation)
Instead of waiting around for a client to tell us something is broken, a Cyber Hero relies on this style of IT management to spot and mitigate threats before the client even knows they exist.
What is Proactive Monitoring? (Accept: Managed Detection and Response / MDR / RMM)
To block unauthorized software from executing entirely, we use this Zero Trust endpoint tool to implement robust application whitelisting and ringfencing.
What is ThreatLocker?
We don't just protect businesses; we protect the community. We honor this by volunteering our time and IT expertise to teach cybersecurity safety to this specific group of vulnerable local citizens.
What are senior citizens? (Accept: The elderly / Seniors at the community center)
To stop a hacker from moving laterally through a network if they compromise one machine, a tech must implement this strategy of dividing the network into smaller, isolated security zones.
What is Micro-segmentation? (Accept: Network segmentation)
To prevent a single compromised user account from jeopardizing an entire client tenant, we implement this policy where actions require multiple independent approvals or distinct validation steps.
What is Separation of Duties? (Accept: Dual authorization / Split administrative roles)
When a critical vulnerability is disclosed globally, a Cyber Hero doesn't wait for the next scheduled maintenance window; they execute this emergency process to secure all client endpoints immediately.
What is out-of-band patching? (Accept: Emergency patch deployment)
When securing a client's cloud email environment against data leaks and phishing, a tech uses this admin center to configure anti-spam policies, safe attachments, and mail flow rules.
What is the Microsoft 365 Defender (or Security) Admin Center? (Accept: Exchange Admin Center / EAC or Hornet)
This core value reminds us to respect the proven frameworks that got us here while actively driving the business forward with cutting-edge, zero-trust tools.
What is Tradition + Innovation?