Jeff Greene (Former CISA) on Zero Trust, EO 14028, and What’s Next in Cybersecurity

At RSAC 2026, Ginelle Osworth interviews Jeff Greene (former CISA cybersecurity division leader and White House NSC on Zero Trust implementation, Executive Order 14028, and practical guidance from NIST/NCCoE. They cover getting started despite funding and staffing constraints, securing non‑human identities and AI agents, preparing for post‑quantum cryptography (PQC), and why secure‑by‑design engineering is essential.  Key takeaways  1. Zero Trust still applies: EO 14028 and OMB/NIST guidance remain a strong baseline.  2. Start now: progress beats paralysis—adversaries don’t wait.  3. Use NIST NCCoE: proven, vendor‑informed reference builds you can follow.  4. Secure non‑human identities: service accounts and AI agents need visibility + least privilege.  5. Plan for PQC: migrating crypto takes years—begin inventory and roadmap work early.  6. Build secure‑by‑design: reduce systemic risk by engineering security into products from day one.  7. Don’t skip fundamentals: identity and access management (IAM) remains core to resilience.  Chapters  00:04 – Introductions at RSAC  00:24 – Jeff Greene’s cybersecurity background (CISA, White House, Symantec, policy)  01:53 – Executive Order 14028: lessons from SolarWinds and real impact in agencies  04:51 – Zero Trust Architecture: why it still stands and how agencies should proceed  08:00 – “Just get started”: overcoming inertia, staffing constraints, and rising risk  10:22 – Why NIST NCCoE matters for practical, implementable security guidance  12:46 – Non-human identities, AI agents, and access controls  13:20 – Post-quantum cryptography: preparing for the transition now  15:52 – Secure-by-design: building safer products from the ground up  17:58 – What Jeff is doing now (Seviera Partners) and threat-specific security  Want more federal cybersecurity insights? Discover more: https://delinea.com/solutions/fedramp #zerotrust #executiveorderexplanations #rsac