← All writing
Security21 Aug 202511 min read
Zero-trust security for the impatient
Mira Kahn
Principal · Engineering
How we collapsed a flat corporate VPN into an identity-aware mesh across 2,400 endpoints in nine weeks.
Zero-trust isn't a product, it's a posture. The shortest path is to identify every trust boundary, place an identity-aware proxy at each one, and remove every implicit trust your network currently grants.
You don't need to boil the ocean. Start with the riskiest boundary — usually contractor laptops or third-party SaaS — and harden it end to end before moving on.
Tooling matters less than discipline. SPIFFE, Tailscale, Envoy, and Cloudflare Access can all get you there. Pick one and commit.
Read next