CyberTech Top Voice Interview: Eric Schwake, Director of Cybersecurity Strategy at Salt Security

Hello, CyberTech community. Welcome to part #21 episode of the CyberTech Top Voice interview series with Eric Schwake, Director of Cybersecurity Strategy at Salt Security.

Did you know 93% of external organizations conducted a formal data loss notification to a governing organization? Data loss could have been prevented if security teams had implemented a more stringent cybersecurity framework. Adopting Zero Trust investments would have been key in achieving this.

In this interview, Eric Schwake, Director of Cybersecurity Strategy at Salt Security, dives into the future of Zero Trust investments. With 2025 on the horizon, he explains how the cost of implementing Zero Trust security will vary based on factors like an organization’s size, complexity, and current infrastructure. Schwake emphasizes the importance of taking a phased approach to these investments, focusing on critical assets first and choosing solutions that fit seamlessly with existing systems. This strategy strengthens security right away and also helps guide smarter, more effective investments down the line.

Here’s the full conversation with Salt Sercurity’s Eric Schwake. 

Any tips on optimizing Zero Trust applications and their costs for better outcomes and security results?

In 2025, the cost of Zero Trust investments will differ widely depending on an organization’s size, complexity, and current infrastructure. Adopting a phased strategy is essential to enhance these costs for improved security outcomes. Emphasize vital assets and choose solutions that align seamlessly with existing systems. Beginning with robust identity and access management paired with micro-segmentation can establish a strong base and deliver immediate security enhancements, enabling more informed and effective future investments. 

Recommended CyberTech Interview: CyberTech Top Voice: Interview with ABBYY’s Max Vermeir

What are the top challenges when implementing a Zero Trust strategy, and how have you overcome them? 

The cultural change needed is a major challenge in adopting a Zero Trust strategy. Transitioning from a perimeter-based security model to a “never trust, always verify” mindset requires support from all stakeholders. Addressing this challenge involves effective communication, thorough training, and showcasing the concrete benefits of Zero Trust, including minimized risk and enhanced security posture.

Which technologies do you consider essential for building a successful Zero Trust framework, and why?

Key technologies for establishing a practical Zero Trust framework include robust identity and access management, micro-segmentation, and endpoint detection and response. Furthermore, as applications increasingly depend on APIs for functionality and data sharing, API security platforms that offer continuous discovery, posture governance, and runtime protection are essential in contemporary Zero Trust architectures. These technologies deliver the crucial visibility, control, and safeguards needed to implement the principles of Zero Trust across all potential attack surfaces, including APIs.

Recommended CyberTech Interview:  CyberTech Top Voice: Interview with Zimperium’s Krishna Vishnubhotla

 How do you ensure alignment between your Zero Trust strategy and broader business goals, especially when securing remote and hybrid work environments?

Ensuring alignment between a Zero Trust strategy and overall business objectives, particularly in securing remote and hybrid workspaces, relies on a risk-based methodology. By identifying vital assets and processes, including the APIs essential for core business operations and focusing on their protection, security investments can directly reflect business goals.

This method facilitates the secure implementation of remote and hybrid work—a crucial business factor—while safeguarding critical APIs.

What is your approach to Zero Trust investments—do you recommend a phased implementation or a full-scale overhaul, and why?

 For Zero Trust investments, a gradual implementation is usually advised. A complete redesign can be both disruptive and expensive, whereas a phased approach promotes incremental enhancements, provides improved cost control, and enables learning and adaptation during the rollout. This strategy helps organizations reduce business disturbances while steadily advancing toward a Zero Trust security framework.

Looking ahead to 2025, how do you see Zero Trust solutions evolving in terms of cost, complexity, and ROI for organizations, and how should businesses prepare for these changes?

As we look forward in 2025, Zero Trust solutions are expected to advance with more integration and automation, utilizing AI and machine learning to improve threat detection and response capabilities. Although costs might lower as the solutions mature and gain broader usage, complexity could rise as companies incorporate a wider range of technologies. To prepare, businesses should invest in essential technologies, create clear Zero Trust strategies, and nurture a culture of security awareness. This proactive stance will help organizations adapt to the changing Zero Trust environment and optimize their return on investment.

Thank you so much, Eric, for your delightful insights. We look forward to having you again at the CyberTech Top Voice engagements.

Recommended CyberTech Interview: CyberTech Top Voice: Interview with Oasis Security’s Danny Brickman

To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com