Top Gun and Zero Trust: Lessons in Cybersecurity for the CISO and CIO

By Jaye Tillson

By Jaye Tillson, Director of Strategy, Axis Security

The iconic 1986 film “Top Gun” is one of my favorite films. In the movie, a group of elite fighter pilots train to become the best of the best. The film depicts a world of intense competition and high stakes, where the pilots must constantly prove themselves in order to earn their place among the elite.

In many ways, this world is similar to our world of cybersecurity, where companies must constantly defend themselves against an array of threats to protect their assets and reputation from a range of attackers. One strategy that companies are increasingly turning to improve their cybersecurity posture is the concept of zero trust. In fact, close to 80% of organizations have a zero-trust strategy today. This adoption is driven by the fact that every user, device, and application is now connected over an external network, the Internet.

This creates significant challenges for businesses that must inspect all traffic before it is given access to critical business resources. This is no simple undertaking. It means that every individual must be validated based on identity and policy. This is where zero trust comes in.

Now that we know what’s driving zero trust adoption let’s shift to how zero trust can help the CISO and CIO of a company be more secure, which I will do by drawing on the lessons and characters of “Top Gun”!

At its core, zero trust is a security model that assumes all networks, devices, and users are potentially hostile. In a zero-trust environment, access to resources is granted on a “need-to-know” basis, and authentication and authorization are required for every interaction. This approach contrasts with the traditional network security model, which assumes that traffic inside the network is trustworthy and focuses on securing the perimeter. Zero trust is becoming increasingly popular as companies face an ever-evolving landscape of threats. Top examples include advanced persistent threats, insider threats, and supply chain attacks.

The character of Maverick in “Top Gun” embodies many of the qualities that are needed to succeed in a zero-trust environment. Maverick is a highly skilled pilot, and for those familiar with his character, he also has a rebellious streak that often puts him at odds with his superiors. These characteristics are vital in a zero-trust environment where security teams need to be both highly skilled and willing to challenge the assumptions of the past. They must also be willing to question whether traditional security measures are sufficient and, when necessary, adopt new approaches to stay ahead of the threat landscape.

Another important character in “Top Gun” is Goose, Maverick’s wingman, and friend. Goose is not only loyal and dependable, but he also plays a crucial role in helping Maverick overcome his self-doubt and become a better pilot. In a zero-trust environment, it is crucial to have a team of individuals who can work together and trust each other. Collaboration and communication are essential, as security teams must be able to identify and respond to threats quickly. ‘You don’t have time to think up there.’

Beyond the film’s main characters are some key themes that also relate to the world of zero trust. One example is the importance of constant training and improvement. The pilots in the film are regularly pushed to their limits in an effort to become better, and they are always looking for ways to improve their skills. In a zero-trust environment, this same mindset is critical. Security teams can never stand pat—quite the opposite. The cybersecurity world is in perpetual motion, and teams must constantly learn and adapt. This includes staying current with the latest threats and best practices to remain one or more steps ahead of the game.

When I first saw the original Top Gun, I never could have imagined that this action movie classic would provide some critical lessons for my future career. But that’s exactly what it has done. It has provided a valuable lens through which to view the concept of zero trust. The characters in the film embody many of the qualities needed to succeed in this new environment, including skill, adaptability, collaboration, and a willingness to challenge assumptions. By embracing the principles of zero trust, companies can better defend themselves against the wide array of threats they face, which will ultimately improve their security posture and protect their assets and reputation.


No posts to display