“Treat every identity as compromised and every perimeter as imaginary, and suddenly your architecture starts to look honest about the world we actually live in,” says Vijayent Kohli, a principal cybersecurity engineer at Ford Motor Company. In an industry often dominated by jargon and incremental tweaks, his formulation has found an audience among enterprises staring down a future of quantum attacks, AI‑driven fraud, and expanding digital footprints.
Kohli sits at the intersection where theory about digital risk meets the stubborn realities of global infrastructure, from consumer payments to connected vehicles. His work unfolds as organizations steadily abandon the old assumption that trusted insiders sit safely behind a perimeter while unknown threats lurk outside.
From Risk Engines to Roadways
Kohli’s path into this moment began not with cars but with code and fraud models. Earlier in his career, he worked on risk systems for large digital payment platforms, helping to design real‑time incentive abuse prevention that could detect and block suspicious behavior at the edge of the transaction stream. Those systems married statistical models with streaming data to make judgment calls in seconds, an approach that foreshadowed today’s emphasis on continuous verification in zero-trust environments.
“That was the first time I really saw how architecture could change behavior at scale,” he said. “You weren’t just writing rules, you were shaping incentives across millions of users, and the system itself was learning where the weak points were.” The lesson, he suggested, was that security was a living system, constantly updated as attackers probed for gaps and business models evolved.
Stints at major software firms extended that logic into the cloud era. Working with large‑scale distributed systems and modern identity protocols, he moved from application‑level defenses to the broader problem of authenticating users and services across hybrid environments. That shift mirrored a wider industry transition, as organizations grappled with employees, contractors, and partners accessing critical systems from everywhere, on devices and networks they did not fully control.
The Rise of Zero Trust as Default Doctrine
By the mid‑2020s, “zero trust” had become the organizing principle for that transition. The core premise is simple: verify explicitly, apply least privilege, and assume breach. In practice, that means identity‑centric controls, finely segmented networks, continuous telemetry, and automated policy enforcement.
For Kohli, the appeal is partly philosophical. “Zero trust stopped being a buzzword the moment executives began to see that every breach is now a business continuity event, not just an IT story,” he said. “You either architect for continuous verification or you wake up one morning and realize your digital revenue stream depended on a login page from 2012.”
He describes zero trust as a habit of mind. Teams must learn to ask, for every connection and every request: who or what is this? How do we know? And what is the smallest set of actions we can safely allow? The answers, in his view, should be encoded not in policy binders but in machine‑enforceable rules that update as context changes.
Engineering Trust for a Post Quantum Era
If zero trust is the doctrine, quantum computing is its looming stress test. Cryptographers have long warned that powerful quantum computers could eventually break widely used public-key algorithms, undermining the foundations of secure internet communication and identity systems. Governments and standards bodies are already drafting migration paths to post‑quantum cryptography, but for enterprises with decades of legacy systems, the practical challenge is daunting.
Kohli frames the issue less as an apocalyptic break than as a forced modernization. “Quantum is the deadline that finally compels you to inventory your trust assumptions,” he said. “Which keys do you rely on, where are they stored, how are they rotated, who can access them, and what happens if they’re exposed? Zero trust gives you the vocabulary to ask and answer those questions systematically.”
The systems he works on at Ford sit at the intersection of identity and machine autonomy. A modern connected vehicle is, in effect, a rolling cluster of networked computers, sensor arrays, and over‑the‑air update channels, each a potential target for intrusion. From Kohli’s vantage point, the principle that no user or device is inherently trusted maps naturally onto this landscape: every control unit, every software update, every diagnostic session must present strong, verifiable credentials, and access must be tightly scoped and time‑bound.
A Public Voice in a Technical Debate
Though his day job is deep in the engineering stack, Kohli has also emerged as a visible explainer of these shifts. He appears on conference agendas and university programs, where he is often introduced as a principal cybersecurity engineer working at the forefront of zero-trust frameworks and automated defenses. In those venues, he tends to emphasize the sociological dimensions of security architecture.
“Zero trust is really about governance,” he told one academic audience. “You are encoding your institutional skepticism into software, deciding whose word you will take automatically and under what circumstances that trust expires.”
His academic and professional affiliations, including time in executive education at a leading business school, have strengthened that vantage. Colleagues say he has been effective at translating abstract frameworks into operational roadmaps for cross‑functional teams, an increasingly critical skill as boards demand both technical rigor and clear narratives about cyber risk. “He can talk ciphers with the security team and unit economics with finance in the same meeting,” one collaborator notes, describing a talent for shifting registers without losing the thread.
Bridging Industry and Academia
One way Kohli has tried to narrow the gap between aspiration and practice is by engaging with universities and student groups, especially in engineering programs that feed talent into the industry. He has spoken at institutions where organizers highlight his role in shaping the future of technology and security. In these forums, he often situates zero trust within a larger historical narrative of computing; from mainframes to client‑server to cloud and now to edge‑heavy, sensor‑dense environments.
“Students need to see that security is not just about firewalls and antivirus,” he told them. “It is about how you allocate trust in a system that includes people, devices, and algorithms, and how those choices reflect your assumptions about power and failure.” That framing resonates in an era when questions of digital sovereignty, data localization, and algorithmic accountability are increasingly politicized.
For Kohli, the academic outreach is also a way to test his own ideas against more skeptical audiences. As he encounters questions about surveillance, privacy, and the implications of pervasive identity verification, he is encouraged to clarify the boundary between necessary security and overreach. “If zero trust becomes an excuse to log everything forever, we’ll have solved one problem by creating another,” he said.
A Reflective Ending in an Unfinished Story
In a sense, the story of zero trust in a post‑quantum world is still in its early chapters. The actual shape of the threat landscape, the maturity of quantum machines, and the regulatory environment remain uncertain. Architects like Kohli operate in that ambiguity, building systems for a future whose exact contours they cannot know.
He seems comfortable with the tension. “Security has always been about managing asymmetry—between attackers and defenders, between what you know and what you can’t predict,” he said. “Zero trust doesn’t remove that uncertainty; it just insists that we stop pretending it isn’t there.”
Pressed on how he thinks history will judge this period of frenetic architectural change and swelling security budgets, he offers a characteristically measured answer. “If we get it right, people will look back and say this was the decade when digital systems finally grew up, when we accepted that trust online has to be earned continuously, not granted by default,” he stated. “If we get it wrong, they’ll say we saw the storm coming and chose better dashboards instead of better foundations.”
For now, he returns to the terse maxim with which he began. “Assume compromise, minimize trust, verify everything,” he says. “It is not pessimism, it is realism—and it is the only starting point that matches the world we have built.”
