The CISO's Gambit

On this episode of the CISOs Gambit, Zscaler Federal CISO, Danny Connelly speaks with Sean Connelly, CISA TIC Program Manager about TIC 3.0 and the game-changing aspects that enable federal agencies to move away from legacy network security solutions and modernize cybersecurity.

Show Notes

CISA TIC Program Manager, Sean Connelly, speaks with our Federal CISO, Danny Connelly, about the game changing aspects of TIC 3.0 and what it means for the federal government.

The Office of Management and Budget (OMB) Memorandum M-19-26, “Update to the Trusted Internet Connection (TIC) Initiative”, provides agencies a modernized approach to implement the TIC initiative (TIC 3.0).

The initial implementation of Trusted Internet Connections (TIC), as mandated by OMB in 2007 required agencies to consolidate external connections and deploy common tools to enhance network security across the Federal Government. This required “agency traffic to flow through a physical TIC access point, which has proven to be an obstacle to the adoption of cloud-based infrastructure.”

On this episode of the CISOs Gambit, Zscaler Federal CISO, Danny Connelly speaks with Sean Connelly, CISA TIC Program Manager about TIC 3.0 and the game changing aspects that enable federal agencies to move away from legacy network security solutions and modernize cybersecurity.
  • What is TIC 3.0? 
  • What’s different from previous iterations of the TIC requirements and what are the benefits of leveraging the TIC 3.0 framework? 
  • What is the Cloud Log Aggregation Warehouse (CLAW)?
  • TIC 3.0 and NIST 800-207 (Zero Trust Architecture) go hand in hand, can you share some perspective on how those critically important standards and TIC 3.0 requirements were developed?
  •  The Presidential Executive Order highlighted significant cyber security enhancements needed across the federal government, what is your perspective on the EO and how does TIC 3.0 help agencies meet the intent of the EO.
  • Can you share some observations on use cases agencies have implemented and have proven to be successful? Basically who would you say has done it well and can you share any lessons learned that might help other agencies?
  • What’s the best way for agencies to get up to speed on TIC 3.0 and the various components of the framework like, PEPs and how to leverage the security capabilities matrix? Where can an agency start?

What is The CISO's Gambit?

The CISO's Gambit podcast is a pragmatic cyber risk dialogue between cyber security leaders from leading organizations, like Zscaler. Topics span technical and non-technical aspects of cyber risk, cybersecurity, privacy, transformational change management, and the evolving role of the CISO as a thought leader and change agent. The podcast covers current risks, what's on horizon, and how CISOs can help deliver business value that lowers risks, flattens the total cost of controls, and reduces security friction on user experience and business velocity.
You can subscribe to the podcast feed on Apple Podcasts and Spotify.