---
title: "Don’t Trust, Verify: How John Kindervag Shifted Our Approach to Security - Blogs on IT Support and Cybersecurity for Small Business"
description: "Let’s examine how the zero-trust paradigm was initially developed and designed to provide businesses with the maximum protection they need."
url: "https://colemantechnologies.com/blog/don-t-trust-verify-how-john-kindervag-shifted-our-approach-to-security"
date: "2026-06-07T07:13:33+00:00"
language: "en-GB"
---

## Blogs on IT Support and Cybersecurity for Small Business

Insights on cybersecurity, AI, and IT strategy to help business leaders reduce risk, improve performance, and make better technology decisions.

 [ Categories ](https://colemantechnologies.com/blog/categories "Categories")

 [ Tags ](https://colemantechnologies.com/blog/tags "Tags")

 [ Categories:  All Categories ](https://colemantechnologies.com/javascript:void(0); "Categories")

 Search...Suggested keywords

 [  x ](https://colemantechnologies.com/javascript:void(0);)

 <a class="eb-image-viewport"></a>

#  Don’t Trust, Verify: How John Kindervag Shifted Our Approach to Security

  [Coleman Technologies Blog](https://colemantechnologies.com/blog/categories/blog)   [Security](https://colemantechnologies.com/blog/categories/security)

  [Coleman Technologies Admin](https://colemantechnologies.com/blog/blogger/darren-coleman)

  Friday, 22 November 2024

 [ ![ZeroTrust_1026923417_400](//colemantechnologies.com/images/easyblog_articles/1224/b2ap3_large_ZeroTrust_1026923417_400.jpg) ](//colemantechnologies.com/images/easyblog_articles/1224/ZeroTrust_1026923417_400.jpg "ZeroTrust_1026923417_400")

Businesses of every size need to prioritize their security. This fact has not changed and will not change anytime soon. What has changed, however, are the recommended ways to approach this security.

Today, we wanted to review the history of today’s predominant cybersecurity advice and explore how the zero-trust security model applies.

## Meet John Kindervag, the Godfather of Zero Trust

Once an apprentice to be a typewriter repair specialist before transitioning into the role of broadcast engineer and then diving into the world of computer animation (and building his own high-end computers in his spare time), Kindervag ultimately credits the video game *Doom* for his interest in networking.

### How a Game Inspired Today’s Most Effective Network Security Strategy

Under the pretense of using it to transfer animated files (which were too large to be shared in this way at the time), Kindervag convinced his bosses to allow him to build an ethernet network to more effectively support the after-hours multiplayer LAN (local area network) parties that were held in the office.

He wasn’t the only one, by the way… many advancements in computing and networking were initially made in the interest of playing *Doom* (no word on whether they were primarily using it to play the cooperative multiplayer campaign or the player versus player deathmatch mode).

However, as he worked on these networks, Kindervag realized they were inherently insecure, with little attention paid to their security in favor of routing and switching. With the only protection being a firewall to keep threats out, there was little stopping users from removing data from the network. The trusted, internal network that the business maintained could easily allow data to be shared to an untrusted, external network… like the Internet.

John saw this as “insane”—his word for it—and concluded that all interfaces should have zero inherent trust. Hence, the zero-trust framework.

## How Zero-Trust Works

To create a zero-trust system, there are five critical steps that an organization must take:

**Step One: Defining the Protect Surface**
As Kindervag puts it, “Zero Trust inverts the traditional problems of cybersecurity. Instead of focusing on what's attacking you, it focuses on what I call the Protect Surface. What do I need to protect?”

In other words, you need to identify all the data you have that needs to be protected, whatever form that data takes. Only then will you know the scope of your data protection needs and be able to cover them adequately.

**Step Two: Mapping Your Data**
So, once you know what data you possess, you need to fully understand how the rest of your business and its IT infrastructure interact with it. Which users need access to what, which applications regularly access this data, and how is your infrastructure set up to store and transfer it? This information is critical to the next step.

**Step Three: Designing an Architectural Framework**
With all these insights in mind, you must then create a framework that meets all of the above needs and requirements, explicitly considering your IT infrastructure and its construction. While some frameworks may ultimately look similar, any zero-trust strategy needs to be customized to the individual business—hence, all the audits and mapping.

**Step Four: Creating Your Zero-Trust Policies**
With your network designed to be more security-focused, you need to identify and dictate who can access what, how and when they can, from where, and for which purpose. This goes for every user, role, device, and network, as any of these could be used to access information without authorization.

**Step Five: Monitoring and Enforcing Compliance**
Finally, you’ll want to actively monitor your network to identify any oversights or loopholes in your zero-trust implementation. This will allow you to make corrections that resolve security issues and potentially optimize your business network's performance.

## Some Pieces of Advice from Kindervag

First and foremost, Kindervag reminds us all that security issues like ransomware and other attacks—the kind that zero-trust actively helps mitigate—are not prejudiced against any kind or size of business. As a result, everyone is a target, and the impacts of a cyberattack can easily have severe real-world repercussions in our highly digitized society… and not always the kind you might expect.

Kindervag refers to a ransomware attack targeting a Swiss Alps dairy farmer and his milking machines. While the farmer could still manually collect milk from his livestock, he couldn’t access the telemetric health data that may have prevented one of his cows from dying.

Emotional losses from losing an animal aside, that’s potentially a few hundred dollars of profit each year, just gone.

Kindervag also points out that many large businesses are still about as prepared as this farmer was to deal with ransomware, even though computer systems and their processes directly impact a modern business’ success. Therefore, according to Kindervag, the most intelligent and cost-effective approach is to be proactive in fighting cybersecurity threats.

### We Agree, and We Can Help

If you’d like advice and assistance in keeping your business secure and productive in the face of modern cybersecurity issues, call COMPANYNAME at PHONENUMBER to find out what needs to be done to implement a zero-trust approach.

 [  ](https://colemantechnologies.com/javascript:void(0);) [  ](https://colemantechnologies.com/javascript:void(0);) [  ](https://colemantechnologies.com/javascript:void(0);)

Tags:

  [Security](https://colemantechnologies.com/blog/tags/security)   [Best Practices](https://colemantechnologies.com/blog/tags/best-practices)   [Innovation](https://colemantechnologies.com/blog/tags/innovation)

 [×](https://colemantechnologies.com/javascript:void(0);)

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 Your Name

 E-mail Address

 [  An Up-to-Date Operating System is a Mandatory Piec... ](https://colemantechnologies.com/newsletter-content/an-up-to-date-operating-system-is-a-mandatory-piece-of-software)

 [  How to Secure Your File-Sharing Practices for Impr... ](https://colemantechnologies.com/blog/how-to-secure-your-file-sharing-practices-for-improved-operations)

 About the author

 [ ![Coleman Technologies Admin](https://colemantechnologies.com/media/com_easyblog/images/avatars/author.png) ](https://colemantechnologies.com/blog/blogger/darren-coleman)

 [Coleman Technologies Admin](https://colemantechnologies.com/blog/blogger/darren-coleman)

  [  ](https://colemantechnologies.com/blog/blogger/darren-coleman)

Author's recent posts

  [More posts from author](https://colemantechnologies.com/blog/blogger/darren-coleman)

 [ Tuesday, 05 May 2026  Darren Coleman Featured in Boss Today on AI Literacy and Human Judgment ](https://colemantechnologies.com/blog/darren-coleman-bosstoday-ai-literacy)

 [ Monday, 06 April 2026  How Cloud IT Services Are Transforming Business Continuity ](https://colemantechnologies.com/blog/how-cloud-it-services-are-transforming-business-continuity)

 [ Monday, 06 April 2026  Darren Coleman Featured in USAWire on Why Businesses Need an AI Strategy ](https://colemantechnologies.com/news-a-events/darren-coleman-usawire-ai-strategy)

## Schema

```json
{
    "@context": "https://schema.org",
    "@type": "BreadcrumbList",
    "itemListElement": [
        {
            "@type": "ListItem",
            "position": 1,
            "name": "Home",
            "item": "https://colemantechnologies.com"
        },
        {
            "@type": "ListItem",
            "position": 2,
            "name": "Blog",
            "item": "https://colemantechnologies.com/blog"
        },
        {
            "@type": "ListItem",
            "position": 3,
            "name": "Coleman Technologies Admin",
            "item": "https://colemantechnologies.com/blog/blogger/darren-coleman"
        },
        {
            "@type": "ListItem",
            "position": 4,
            "name": "Don’t Trust, Verify: How John Kindervag Shifted Our Approach to Security",
            "item": "https://colemantechnologies.com/blog/don-t-trust-verify-how-john-kindervag-shifted-our-approach-to-security"
        }
    ]
}
```