David Lacey Invites Your Feedback

“I welcome all observations, challenges (however critical) and recommendations.”

It’s not every day that you get to interact with a legend. But this explicit invitation comes from David Lacey, who is widely recognized as the grandfather of Zero Trust.

If you have been near the IT industry in the past 20 years, you know about the Zero Trust principle. Whether or not you know its name, its tenets have become the default in security philosophy.

• Never trust; always verify.
• Use least privilege access.
• Assume breach.

Now, Lacey, who was instrumental in getting this Zero Trust standard into practice, is here sharing a conversation-starter paper, The Art of Cyberspace Architecture:

“The idea for this paper arose from a series of talks I gave in the first half of 2025 on the subject of Zero Trust architecture. I expected pushback on my radical views from professional architects, but was pleasantly surprised to find encouragement for new concepts. I came away determined to set out my views and ideas in more detail for the stimulation of other IT cyberspace architects.”

In this thoughtful paper, Lacey recognizes the art (not just science) of IT architecture: disciplined design that makes complex systems usable and resilient over time.

He’s brilliant, and the paper reads like an academic work of art. I recommend you set aside a chunk of time to pore over it. Treat it like a lecture. Grapple with his ideas. Here are some of them (extremely simplified):

• Treat architecture as foundational, not optional—it’s essential for managing complexity across systems, data and security.
• Design for the long term—invest more time upfront to reduce technical debt, cost and risk later.
• Focus on simplicity and clarity—good architectures prioritize what matters and avoid unnecessary complexity.
• Manage complexity deliberately—through standardization, categorization and structured data models.
• Design architectures as evolving systems—accept that they will be incomplete, flexible and continuously changing.
• Prioritize high-quality data modeling—structure systems based on the true nature of objects and relationships, not just terminology.
• Anchor architecture in real activities and workflows—design around how systems are actually used, not just how they are described.

If you have thoughts to share with Mr. Lacey, you can comment on the Medium post here or reach out to him or the Progress File Transfer team. He wants to hear from you, and so do we. (Plus, he’s honestly one of the kindest individuals I’ve ever emailed with.)

Then stay tuned for the next time Progress will have David Lacey accompany us for a webinar for the chance to engage with him further.

For now, download his free paper.