10 Lessons On How a Shipyard Does Zero Trust

Описание: What does zero trust implementation look like when you’re building warships, superyachts, and operating global shipyards?

Lieuwe Jan Koning (Co-founder and CTO, ON2IT Cybersecurity) and Hans Quivooij (CISO at Damen Shipyards) share 10 hard-earned lessons from a decade in the trenches.

Damen Shipyards is a Dutch, family-owned, multi-billion shipbuilder operating across IT + OT, global yards, legacy constraints, and heavy regulation - classic industrial cybersecurity pressure.

Damen Shipyards is a Dutch, family-owned, multi-billion shipbuilder running complex IT + OT environments across global yards - legacy systems, regulatory pressure, supply chain exposure. Real industrial cybersecurity stakes.

This talk was presented at the International Zero Trust Symposium 2024 by the Cloud Security Alliance Zero Trust Circle.

Timestamps
00:00 – 04:05 Intro
04:06 – 09:00 Why Zero Trust stalls + shipyard reality (IT/OT, supply chain, regulation)
09:01 – 13:43 What works: business language + crown jewels + dashboards
13:44 – 19:28 Start small + use crises to unlock change (“don’t waste a crisis”)
19:29 – 26:19 Scaling via “tidal waves”: ERP-first, platform shifts, cloud momentum
26:20 – 34:02 What fails: over-engineering + wrong inspection scope + people/process gaps
34:03 – 48:49 SaaS, legacy & stepping stones + tool-myths
48:50 - 57:12 The cost of not doing zero trust & wrap-up

Key Topics Covered
• How Damen Shipyards moved from reactive security to preemptive containment (reduced lateral movement)
• Why Zero Trust needs business stakeholders to define crown jewels + priorities
• What goes wrong in practice and how they corrected it
• SaaS and procurement realities: vendor risk management becomes a negotiation + contract timing game

For CISOs and security architects building industrial cybersecurity resilience: subscribe for real-world Zero Trust patterns, not theory.