Zero Trust is often implemented through network segmentation and centralized identity systems, yet most breaches succeed after an attacker compromises a Linux host. This session shifts the Zero Trust conversation to where enforcement truly matters the operating system itself. Attendees will learn how to apply host-based Zero Trust principles using native Linux controls, and why host enforcement is more effective than network segmentation alone at preventing lateral movement. The talk explores practical use of mTLS, host firewalling, and workload identity to secure service-to-service communication without relying on implicit trust. Finally, it addresses how organizations can apply Zero Trust to legacy Linux workloads without application rewrites, enabling incremental security improvements while maintaining operational stability. This session delivers actionable strategies for securing Linux systems in modern and hybrid environments.

Key points:
Host-based Zero Trust principles
Network segmentation vs. host enforcement
mTLS, firewalling, and workload identity
Applying Zero Trust to legacy Linux workloads