Duration:

3 Days

Audience:

Employees of federal, state and local governments; and businesses working with the government.

Course Description:

Discover the fundamentals of zero trust security, its solutions to conventional security challenges, and how to integrate it into your operational framework.

Zero trust security, though not a novel concept, has garnered increased attention in recent years as organizations across various sectors recognize the limitations of traditional security approaches. For instance, in mid-2021, US Federal CISO Chris DeRusha announced the White House’s initiative to transition all federal agencies towards a “zero trust paradigm.”

Traditionally, organizations focused on preventing external access to resources while maintaining relatively open internal access, assuming trust based on physical proximity and managed devices within a shared location. However, with the proliferation of connectivity (e.g., direct links with customers and suppliers, Internet of Things, remote work), this paradigm shifts. Accessing “internal” resources via the Internet becomes easier than physical infiltration, rendering the conventional “lock ’em out” strategy less effective. Relying on user identity, location, or device for trust becomes unreliable due to potential spoofing.

Zero trust security abolishes the concept of trusted locations, users, devices, or any other element. Instead of granting unrestricted access from specific locations or devices, authentication and authorization are mandated universally and continuously. While initially appearing complex, this approach simplifies security management by offering a single solution applicable across all scenarios, preventing hackers from gaining widespread access via single exploits.

Moreover, zero trust isn’t limited to user access; it extends to application-to-application communication. Traditional networking lacked stringent security controls between applications or containers, allowing broad traffic exchanges once firewall rules were established. Zero trust networking alters this by implementing transaction-level controls, where each transaction’s access rules are meticulously defined.

This course provides a comprehensive exploration of zero trust security. From grasping the concept of “trust” and the origins of the zero trust model to designing considerations and technical implementation details, participants gain a comprehensive understanding.

Key learning objectives include:

  • Implementing Zero Trust tenets and concepts within your organization.
  • Designing Zero Trust Architecture tailored to organizational needs.
  • Evaluating organizational readiness for Zero Trust adoption.
  • Advancing and maturing Zero Trust implementations.

Professionals who may benefit include:

  • Anyone in an IT Leadership role
  • CIOs / CTOs /CSO
  • Security Administrators
  • Any Security Staff
  • System Administrators
  • IT Operations Staff
  • Release Engineers
  • Configuration Managers
  • Anyone involved with IT infrastructure
  • Developers and Application Team leads
  • ScrumMasters
  • Software Managers and Team Leads
  • IT Project & Program Managers
  • Product Owners and Managers

Course Outline:

Part 1:

  • Brief Evolution of IT Security
  • The Perimeter Model
  • Brief Threat Landscape History
  • Problems with the Traditional Model
  • Brief History of Zero Trust
  • Zero Trust AuthN & AuthZ
  • Zero Trust Tenants
  • Zero Trust Basic Concepts

Part 2:

  • Zero Trust Network Design Part 1
  • Zero Trust 5 Steps of Transformation
  • Zero Trust Threats
  • Zero Trust Access Control
  • Zero Trust Risk Management
  • Zero Trust Governance
  • Zero Trust Vendor Selection
  • Zero Trust Reference Architecture

Part 3:

  • Zero Trust Network Design Part 2
  • Zero Trust Implementation
  • Zero Trust Migration
  • Zero Trust Challenges
  • Zero Trust Wrap Up