← All writing
Security21 Aug 202511 min read

Zero-trust security for the impatient

Mira Kahn
Principal · Engineering
Zero-trust security for the impatient

How we collapsed a flat corporate VPN into an identity-aware mesh across 2,400 endpoints in nine weeks.

Zero-trust isn't a product, it's a posture. The shortest path is to identify every trust boundary, place an identity-aware proxy at each one, and remove every implicit trust your network currently grants.

You don't need to boil the ocean. Start with the riskiest boundary — usually contractor laptops or third-party SaaS — and harden it end to end before moving on.

Tooling matters less than discipline. SPIFFE, Tailscale, Envoy, and Cloudflare Access can all get you there. Pick one and commit.

Read next

The design systems trap (and how to avoid it)

Product