Zero Trust Falls Short Without Network Identity: Lessons from Salt Typhoon

Salt Typhoon proved that attackers are exploiting identity blind spots in the network layer to bypass controls and move laterally. This session explores how traditional PAM and NAC tools leave routers, switches, and firewalls exposed, and why identity-first security must extend beyond IT systems. We’ll break down the attack path, highlight key lessons from Salt Typhoon, and show how applying Zero Trust principles at the network layer can stop similar breaches before they start.

What Attendees Will Learn:

Unpack how the Salt Typhoon attack leveraged identity blind spots in network infrastructure to bypass detection
Understand why identity programs often exclude critical devices like routers, switches, and firewalls — and the risks that creates
Explore the limitations of traditional PAM and NAC tools in enforcing identity controls beyond IT systems
Learn how the absence of user-level accountability on network devices undermines Zero Trust and audit readiness
Examine how shared accounts and lack of session visibility contribute to compliance and operational gaps

Who Should Attend:

This session is designed for identity and security professionals across technical, executive, compliance, and audit roles. Whether you manage IAM programs, oversee Zero Trust initiatives, or evaluate controls for regulatory readiness, this webinar will help you understand the overlooked risks in the network layer and why identity must extend beyond users and applications to include infrastructure itself.

The Panelists

Craig Riddell

VP of Technology, Kron

Craig Riddell is the Vice President of Technology at Kron, where he leads North American strategy for KronPAM, a next-generation Privileged Access Management platform purpose-built for securing routers, switches, firewalls, and other critical network infrastructure. He is the driving force behind NetworkPAM.com, a thought leadership initiative focused on closing the identity gap in network environments where traditional PAM and NAC tools fall short. With over 15 years of hands-on cybersecurity experience, Craig works closely with global service providers, security teams, and telecom operators to extend identity-first security principles across hybrid and legacy infrastructure. His mission is to help organizations move beyond perimeter-based controls by embedding identity, policy, and accountability into every session, starting at the network layer.