Why Cybersecurity Policies Fail And How to Fix Them

Why Cybersecurity Policies Fail And How to Fix Them

From The Security Strategist by EM360Tech

May 12, 2026 · 29 min · Season 1 · Episode 119

About this episode

The episode discusses the failures of cybersecurity policies and how to improve them with insights from industry experts.

Policy is the backbone of every effective cybersecurity framework. It defines how an organisation protects its data, governs access to critical resources, and dictates the rules that every firewall, endpoint, and identity system must enforce. Yet for most organisations, policy management is the one discipline they consistently get wrong. In this episode of  The Security Strategist , Chief Research Analyst  Richard Stiennon  sits down with  Jody Brazil , CEO of  FireMon , and  John Kindervag , Chief Evangelist at  Illumio  and the father of Zero Trust, to dissect why cybersecurity policies fail, where the rot begins, and what it genuinely takes to build a security posture that holds. Policy as the foundation of security architecture Every discussion of cybersecurity eventually circles back to one uncomfortable truth, which is that technical controls are only as good as the policies that drive them. Firewalls, intrusion detection systems, and endpoint agents all execute instructions someone wrote down. If those instructions are incorrect, outdated, or in conflict, the tools become liabilities rather than defences. Stiennon opened the…

People in this episode

Host: Richard Stiennon

Guests: Jody Brazil, John Kindervag

Topics covered

  • cybersecurity
  • policy management
  • Zero Trust
  • data protection
  • security architecture

Keywords

  • cybersecurity policies
  • policy management
  • Zero Trust
  • data protection
  • firewall rules

Mentioned in this episode

Organizations: FireMon, Illumio

More episodes of The Security Strategist

Explore listener stats, chart rankings, contacts and more on the The Security Strategist podcast page.