top of page
Search

LEGO Prompt Cards: Zero Trust Workshop

Updated: Oct 24

ree

🔐

Identity Management

Build Prompt:

“Use LEGO bricks to show how access is granted today. Who controls it? How do users get in?”

Reflection Questions:

  • “Where are we still relying on trust by default?”

  • “What would a secure, verified access model look like?”

  • “How do contractors and field teams fit into this model?”


🧱 Network Segmentation

Build Prompt:

“Create a model of how systems are connected across IT and OT. Where are the weak points?”

Reflection Questions:

  • “Which systems are exposed to lateral movement?”

  • “Where do we need stronger boundaries or microsegments?”

  • “What does a resilient, segmented network look like?”


🧠 Behavior Change

Build Prompt:

“Build a scene showing how secure behavior is taught and reinforced in your team.”

Reflection Questions:

  • “What behaviors are visible in your model?”

  • “Where does training break down or get ignored?”

  • “What would help people apply secure habits consistently?”


🚨 Incident Response

Build Prompt:

“Model how a cyber threat is detected and escalated. Who’s involved? What happens next?”

Reflection Questions:

  • “Where does confusion or delay happen?”

  • “How do people know what to do?”

  • “What would a fast, coordinated response look like?”


🧭 Bonus Card: Future State Vision

Build Prompt:

“Using any bricks, build your vision of a Zero Trust organization—what does it look like physically?”

Reflection Questions:

  • “What’s different from today’s model?”

  • “What behaviors, systems, or roles are central?”

  • “What would it take to get there?”


Round 1: Identity & Access Management

🧱 Step 1: As-Is Build

Participant Build:

A tall, narrow LEGO tower with one door and a single key at the base. Explanation:   “This represents our centralized identity system. Everyone uses the same credentials to access multiple systems.”

🗣 Step 2: Share & Reflect

Prompt Response:

“We’re still relying on implicit trust—once someone’s inside, they can access everything.” “There’s no MFA for internal apps, and contractors get the same access as full-time staff.”

🔧 Step 3: Future State Build

Participant Build:

Multiple smaller towers connected by bridges, each with its own colored key. Explanation:   “We’ve segmented access by role and added verification gates. Contractors only access what they need.”

📊 Step 4: Group Debrief

Flip Chart Insights:

  • Barriers: Legacy systems, lack of role clarity

  • Enablers: MFA rollout, identity governance tools

  • Ownership: IAM team, HR for role definitions

🌐 Round 2: Network Segmentation

🧱 Step 1: As-Is Build

Participant Build:

A flat LEGO base with all systems connected by a single line. Explanation:   “Our network is flat—once inside, attackers can move laterally.”

🗣 Step 2: Share & Reflect

Prompt Response:

“We trust internal traffic too much. There’s no segmentation between IT and OT.”

🔧 Step 3: Future State Build

Participant Build:

Segmented zones with colored walls and monitored gateways. Explanation:   “We’ve created microsegments with inspection points. Each zone has its own access rules.”

📊 Step 4: Group Debrief

Flip Chart Insights:

  • Barriers: Legacy infrastructure, lack of visibility

  • Enablers: Network monitoring, firewall upgrades

  • Ownership: Network team, security architects


🧠 Round 3: Behavior & Culture

🧱 Step 1: As-Is Build

Participant Build:

A classroom with one instructor and distracted students. Explanation:   “Security training is one-off and not engaging. People forget or ignore it.”

🗣 Step 2: Share & Reflect

Prompt Response:

“We rely on people remembering policies instead of building habits.”

🔧 Step 3: Future State Build

Participant Build:

A collaborative space with reward bricks and peer coaching. Explanation:   “We’ve gamified secure behavior and made it part of daily routines.”

📊 Step 4: Group Debrief

Flip Chart Insights:

  • Barriers: Low engagement, lack of reinforcement

  • Enablers: Gamification, team champions

  • Ownership: Security awareness team, team leads


🚨 Round 4: Incident Response

🧱 Step 1: As-Is Build

Participant Build:

A red alert tower with no clear path to responders. Explanation:   “Alerts go off, but escalation is unclear. People don’t know who owns what.”

🗣 Step 2: Share & Reflect

Prompt Response:

“We rely on tribal knowledge and Slack messages to coordinate response.”

🔧 Step 3: Future State Build

Participant Build:

A structured path from alert to SOC team, with clear roles and response kits. Explanation:   “We’ve mapped out escalation paths and built playbooks. Everyone knows their role.”

📊 Step 4: Group Debrief

Flip Chart Insights:

  • Barriers: No playbooks, unclear ownership

  • Enablers: Defined roles, tabletop exercises

  • Ownership: SOC team, incident manager


Follow on LinkedIn:

 
 
 

Recent Posts

See All
Science of Communication Titration

In chemistry, titration is the slow, measured addition of one substance to another until a reaction reaches its endpoint. Add too much too fast, and the solution becomes unstable. Add just enough, and

 
 
 

Comments

VIOLA LUPIN

Viola Lupin is a consultative mentoring initiative in the service of Visible Minority Leaders and professionals to navigate new challenges and transitions in their careers.

Contact Us

Email: hr@viola-lupin.com

Follow Us

  • LinkedIn

Reach Us

Thanks for submitting!

Copyright © 2025 VIOLA LUPIN • All Rights Reserved

bottom of page