Reading List
Discover the Path to ZeroTrust
Eight-part field guide for replacing legacy VPNs with zero trust networking.
A curated progression that starts with the brittle perimeter mindset and walks all the way to identity-aware access, WireGuard tunnels, and continuous verification. Each post pairs philosophy with concrete tooling so you can modernise remote access without losing track of compliance or developer ergonomics.
Inside the series
-
Stage 1 · Why the perimeter is crumbling
Frame the business and compliance pressures forcing teams off castle-and-moat networks.
- Compliance-driven remote access redesign
- Consulting patterns from anywhere
-
Stage 2 · Rethinking the trust boundary
Trace the architectural shift from trusted wires to open internet assumptions.
- Treating the internet as the default network
- Segment-by-segment trust decisions
-
Stage 3 · Identity becomes the new perimeter
Use identity claims and device posture as primary enforcement controls.
- Policy planes driven by IdP signals
- Mapping identities to infrastructure access
-
Stage 4 · SSH and crypto hygiene
Tighten the tooling that already sits closest to production: sshd, keys, bastions.
- Hardening OpenSSH
- Rotating credentials without silencing teams
-
Stage 5 · Modern tunnels
Learn why lighter, declarative tunnels such as WireGuard win in zero trust rollouts.
- Evaluating WireGuard vs legacy VPN stacks
- Building tunnels for policy-driven routing
-
Stage 6 · Zero Trust Networking
Assemble the BeyondCorp mental model and the Cloudflare/Tailscale vendor landscape.
- Continuous verification at L7
- Designing policy, tunnel, and route planes
-
Stage 7 · Making the internet your WAN
Adopt platform-native services (Cloudflare Tunnel, AWS Verified Access, Tailscale) for managed zero trust.
- Comparing managed ZTNA options
- Hybrid access patterns
-
Stage 8 · Operating after rollout
Keep drilling, measuring, and closing the loop post-implementation.
- Incident drills and policy audits
- Cost and UX feedback loops