Zero Trust World 2025: Strengthening Cybersecurity Through Zero Trust Zero Trust World 2025 has come to a close, leaving behind a series of thought-provoking discussions on what it truly means to build a culture of security. Hosted by ThreatLocker, the event brought together security professionals, IT leaders, and decision-makers to explore the complexities of Zero Trust—not just as a concept but as an operational mindset.
Zero Trust World 2025 has come to a close, leaving behind a series of thought-provoking discussions on what it truly means to build a culture of security. Hosted by ThreatLocker, the event brought together security professionals, IT leaders, and decision-makers to explore the complexities of Zero Trust—not just as a concept but as an operational mindset.
A Deep Dive into Windows Security and Zero Trust
🔹Guest: Adam Fuller, Special Projects at ThreatLocker
In an era where cyber threats are more relentless than ever, organizations can no longer afford to rely on outdated security models. This urgency drove the conversations at Zero Trust World 2025, where experts shared insights on modern security strategies and the future of cyber defense.
As part of ITSPmagazine’s On Location coverage, host Sean Martin sat down with Adam Fuller, Special Projects at ThreatLocker, to discuss the critical role of Windows security, Zero Trust principles, and the evolving challenges of cyber risk management.
With Windows environments remaining a prime target for cyber threats, Fuller shared practical strategies for hardening systems using built-in tools and best practices.
“It’s not just about blocking threats,” Fuller explained. “It’s about having visibility—knowing what’s changing in your system, locking down registry settings, and implementing effective event logging. These steps are crucial for proactive security.”
A key takeaway from the discussion was the importance of collaboration between IT administrators and security teamsto enforce strong security policies without disrupting productivity. Many organizations struggle with balancing security and usability, but Fuller emphasized that Zero Trust security can be implemented without compromising efficiency when approached with the right policies.
Beyond Compliance: Cyber Insurance and Real-World Security
Another emerging theme from Zero Trust World 2025 was the increasing influence of cyber insurance in shaping security practices. While compliance standards often drive security implementations, Fuller pointed out that cyber insurance requirements are becoming just as important—if not more so.
“Many companies don’t realize that a denied cyber insurance claim can be devastating,” Fuller said. “It’s not just about checking boxes for compliance; it’s about proving you’ve taken the right security steps to protect your organization.”
The conversation also touched on phishing-resistant MFA, token protection policies, and real-time auditing. As cybercriminals continue evolving their tactics, organizations must stay ahead by adopting modern security controls that go beyond traditional MFA and perimeter defenses.
Why These Conversations Matter
This episode is a must-listen for IT administrators, security professionals, and MSPs looking to build a stronger Zero Trust strategy. As Sean and Adam break down the key takeaways from the event, one thing is clear—security is no longer just an IT issue; it’s a business imperative.
Stay tuned for more expert insights from Zero Trust World 2025, as ITSPmagazine’s On Location with Sean and Marco continues to explore the future of cybersecurity.
🔹 Sean Martin – Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast[@RedefiningCyber]
🎙 ITSPmagazine Profile: https://www.itspmagazine.com/sean-martin
🔹 Marco Ciappelli – Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast
🎙 ITSPmagazine Profile: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
✅ ThreatLocker: https://itspm.ag/threatlocker-r974
🔗 Full ZTW 2025 Coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida
🔗 ITSPmagazine’s Event Coverage Hub: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
🎧 More Redefining CyberSecurity Content: https://www.itspmagazine.com/redefining-cybersecurity-podcast
🎧 More Redefining Society Stories: https://www.itspmagazine.com/redefining-society-podcast
📢 Want to share your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
📢 Want Sean and Marco at your event? Let Us Know 👉 https://www.itspmagazine.com/contact-us
Sean Martin: [00:00:00] All right. Cool. We have, uh, another technical session. So Marco ran away. He didn't want to get technical. So here we are. We're at Zero Trust World 2025 in Orlando. Hosted by the amazing ThreatLocker. Uh, they've pulled together an incredible community of folks here to learn.
Three days of learning and labs and all kinds of sessions. And some good Good technical stuff, too. I just did a chat on Metasploit and Nmap. Yeah, very interesting stuff. Good stuff there, and you have two sessions. What are they?
Adam Fuller: Uh, I am doing a Windows security review tomorrow, um, which is kind of just going over some basic concepts of what you can do, um, that are native to Windows to secure your system, that branches to workstations, servers.
We kind of go into a little bit of registry hardening techniques, and we kind of go over some group policies, useful group policies. Kind of stuff you can do in that. Um, and a bit of event logging. A lot of event logging, [00:01:00] um, they'll use to ingest these logs into their SIM systems. So, they want to make sure they have that information.
Got it.
Sean Martin: Alright, so everybody, I'm here with Adam Fullery's special projects at ThreatLocker. Uh, doing these presentations and we're going to dig in and get a little deeper insight into what those are and what people can learn. So let's start with the Windows, uh, security. Uh, back in my day we called that hardening.
Yeah. Still the same concept. Still the same thing. Yeah. A lot of people kind of use what's, what's different these days?
Adam Fuller: Uh, there's not too much. I mean, the, the word is kind of used interchangeably. Um, but hardening techniques could simply be walking down your registry from editing, uh, auditing. A lot of it is auditing based.
to kind of like having that visibility of what's going on, what's changing in your system, especially when you talk about some of the most powerful machines in a Windows infrastructure, which we're talking Active Directory. It could be a terminal server, file server, it could be a DNS server, [00:02:00] so on, so. SQL server.
Yeah, yeah, you name it, so.
Sean Martin: All the servers. Yep. Um, and of course the users sitting behind the end, the desktops and the laptops. Yes, sir. Mobile stuff as well. Yep. Um, Types of things are you, are you actually showing the settings for, Yeah, so, Protecting the registry and the direction, Yeah, so
Adam Fuller: we kind of like break into some of the, Some of it is more surface level I'd say, Um, some of it kind of breaks into, um, the concepts of it, So I, I guess an example of that would be useful group policies, Um, kind of getting back to auditing, Um, We go over basic auditing, advanced level auditing, and some of this could be, um, if you're making directory changes, um, users logging in, logging off, um, and you can also set, like, success or failure rates on this.
So, assume you set a failure rate, um, and you can kind of see brute force attacks occurring in real time. A lot of [00:03:00] these logs will then ingest into a system, we'll say Splunk, for example, so then You know, your SOC engineers can kind of review everything that's happening. Okay.
Sean Martin: So one thing I found, and maybe, maybe you can speak to this as well, is that I've seen a lot of IT folks here.
Not just security people. People who are responsible for desktop management, and help desk, and passwords, and onboarding, offboarding people. Yep. Which a lot of this, they're responsible for. Most definitely. And often times told by security, go do this stuff. Yep. So how. How do you see the interaction with what you're providing and I.
T. and security all coming together? Do you see it come a tighter? Yeah, I would
Adam Fuller: say It's not just valuable to security administrators, you know, I actually come from a networking and system administration background. So having that Overall generalized knowledge is just [00:04:00] it's good. You kind of understand the tools that you can implement in your environments What those tools do.
And then from there, you, it just makes you a better technician overall. So,
Sean Martin: and then so you talk about auditing. So, I mean, I heard a lot of events and logging type stuff. You also look at state in terms of auditing, like what's our current state? Is it? Is it a good policy given what we want to achieve?
Yeah, I mean, you can more event driven.
Adam Fuller: You can kind of I would say it's more event driven, but ultimately, um, just based on what's happening, you could argue that, okay, this is causing too much noise, it's not valuable to my organization, um, there might be certain compliance implications associated with some of these events, so compliance might more or less say, and it could come from your security engineers as well, that hey, we need to log these events, um, most of the time I would argue that it's insurance driven.[00:05:00]
Cyber insurance. Yeah, people, people do not want to get denied claims, so they make sure that they are checking all those boxes, and sometimes it matters to them, sometimes it doesn't, they just want to check the box, but ultimately, um, the configuration is what matters and the security is what matters, so.
Sean Martin: Yeah, it's interesting, I've, I've heard cyber insurance a few times now, in the last couple days. Yeah. That, uh, more so than compliance. They're both check boxes. Um, the other session you're doing, the, the tenant, 365 tenant, Yeah. So what's, uh, is that more of the networking in the cloud? Yeah, some of it,
Adam Fuller: um Even in security review, we kind of touch on some of the networking roles that would be associated with a, um Like segmentation?
Yeah, so DHCP, it could be a DNS server, things like that. Um, and then we talk a little bit about micro segmentation. It's more of something you would configure on your firewalls and switching. But in terms of, um, 365, that's really just tenant security. [00:06:00] So, when you're talking tenant security, um, you know, these things are identity and access management tools.
So, they really act as a front door to access your resources and access your data. So, this could be an application, it could be a service principle built out in, um, Azure. It could be just simply a user login. So, you kind of treat it as the front door and then Ultimately what we're doing is going over some configuration where you could lock down access via policy, conditional access in this case.
Um, you can also go into some of the productivity app security settings that you can implement to, to help improve security of your environment, so.
Sean Martin: So, two part question. How, are there any assumptions for people coming in? to say we, we think we have things right or are they using the defaults and they're looking for guidance.
Adam Fuller: Some of these [00:07:00] guys might be okay with security defaults. Um, so what security defaults is in Microsoft 365, it's just a, a baseline set of policies. Um, this goes over blocking legacy authentication, um, enforcing, uh, multi factor authentication on your admins and your user accounts, and also enforcing Or requiring a certain amount of MFA prompts when accessing your Azure management portal.
So, most people in a smaller organization might set, um, security defaults and say, hey, we're okay. Ultimately, I don't think it's enough. Right. It's, it, it will help. I think you touched on that in your. Yeah, so it'll, it'll, it'll help, um, with, like, basic level of protection. But you can add far more restrictions with conditional access.
And
Sean Martin: then, do you start to touch on healthcare, small healthcare is different than a regional banks, different than a small manufacturer, or even a large [00:08:00] enterprise in many of those sectors. How much do you get involved in guiding or providing advice on fine tuning policies and controls and things like that?
Adam Fuller: So with 365, we kind of go over some of the more heavy hitting policies that you can implement. Something like this would be token protection policies. That's actually in preview right now, so it only applies to Windows machines. But most people are running a Windows shop. They might have some Macs and stuff, but it's not a bad thing to implement.
We also talk about phishing resistant MFA. That's something that's kind of trending quite a bit in the industry. So what's what's going on there? Basically, traditional MFA can be phished. Um, and it can be phished by someone calling, uh, you up, trying to get the code. Yeah, let's just assume that they already have your credentials.
Um, they call you up, uh, kind of introduced a sense of panic or a sense of urgency into your [00:09:00] users and say, Hey, we need the code that we just sent you. You give them the code. Now your, your MFA has just been phished. So phishing resistant MFA Kind of adds a proximity element to that, and it could be a certificate, it could be a FIDO2 key, think like YubiKeys, or like a hardware key you plug in.
It could also be Windows Hello for Business, so that's, that's biometric data or a pin that stores itself inside of a TPM chip that are pretty much Like embedded on the inside the actual device. So realistically, if you've bought a computer in the past five years, there's a good chance you already have a TPM chip.
You just need to utilize it. So, so I would say it's some of its surface level, but some of the policies kind of break into a little more in depth and like, hey, try to focus on these policies because one, this is what's trending in the industry right now, which is MFA being fished and cookie So, we try [00:10:00] to focus on those specifically.
So.
Sean Martin: Now, what, um, we'll wrap up here, but No problem. A lot of what you present sounds like end user or end organization, but I presume a lot of your MSPs Yeah. Like, jump at the bit for this kind of stuff, too, right? Most definitely.
Adam Fuller: Most definitely. And I think, um, MSP, I, I actually come from an MSP, so I kind of have a certain level of background in that area.
But, yeah, I mean Aside from user training, um, you know, your administrators will do their best to configure it, but user training is, you know, these are the guys getting their, their cookies stolen, these are the guys getting their MFA phished. So you kind of want to, one, train them, and two, implement policies to kind of stop that from happening in the first place, so.
Sean Martin: Perfect. That's all, uh, I love talking about risk management. Yeah. We're talking. Very focused risk management. Most definitely. At the end point. [00:11:00] Adam, it's a pleasure chatting with you. Yeah, thanks sir. Good luck with the sessions. Appreciate you. All that's going on this week. I know people are digging it and soaking it all up.
Oh yeah, a lot of information. Gotta raise that bar. So thanks everybody for listening, watching. Thanks Adam for joining me. Thanks for having me. And we'll see you all in the next one.