As organizations progress along their Zero Trust journey, many start to pursue approaches which pivot around particular capabilities: endpoint, identity, firewalls. Often these orgs are paying back some technical debt in doing so, and the vendors who benefit are cheering on this investment. But is this a truly sensible approach? Is this Zero Trust truth, or Zero Trust fiction? How can we plan our Zero Trust journey to reap the benefits Zero Trust can give?