The Zero Trust Security Framework
Published by Pearson
Understanding and Applying Zero Trust Best Practices
Zero Trust has become an extremely popular reference for security best practices. Vendor marketing and other misleading data has unfortunately caused confusion about what Zero Trust is and how to use it properly. This misunderstanding of Zero Trust can lead to a false sense of security.
This course will review the history of many popular terms for security best practices as well as how the industry developed the term Zero Trust. We will review Zero Trust frameworks – everything from older to the latest Zero Trust versions -- as well as what vendor agnostic capabilities should be applied within your security practice to meet and exceed Zero Trust best practices. Topics will include network, endpoint and cloud security concepts. We will also discuss misconceptions, such as how Zero Trust best practices can’t be achieved by simply acquiring a technology such as a Firewall, Identity Management solution or Network Access Control offering. Expect many real-world examples, demos and definitions of topics that you can relate to as well as evaluate with open source or enterprise technology.
Joseph Muniz has been in the security industry for many years, consulting for various types of customers -- from fortune 500 to Federal. He has written numerous books, including Security Operations Center (SOC) and Investigating the Cyber Breach, both from Cisco Press, and is a distinguished speaker at various industry conferences He is well versed in security technologies as well as exploitation dark arts.
What you’ll learn and how you can apply it
- Understand the true meaning of the Zero Trust security framework
- Determine how to apply security best practices represented in the latest Zero Trust framework to your organization.
- Understand how to assess your existing security capabilities and map out a plan for improving your organization’s security practice.
- Understand security best practices for all areas of your business (cloud, endpoint and network)
This live event is for you because...
- You want to understand and leverage the Zero Trust security framework as it was meant to be used.
- You need to or desire to improve your cyber security capabilities
Prerequisites
We highly recommend you have a basic knowledge of computers and computer security concepts. Commodity technologies such as Firewall and IPS will be quickly defined, but how to configure them will not be covered. A basic understanding of how and why these technologies will be fine.
Course Set-up
Attendees will benefit by having access to a computer lab and networking gear, but this is not required for this training.
Recommended Preparation
If you do not have a basic understanding of security terminology, please view the following videos before attending the training.
- Cybersecurity Fundamentals Live Training by Omar Santos (search for “Cybersecurity” and “Omar Santos” in the O’Reilly search bar)
- CompTIA Cybersecurity Analyst CySA+ (CS0-001) by Joseph Muniz and Aamir Lakhani
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
The history of security and Zero Trust Length 40
- Security policies, procedures, frameworks, standards and guidelines
- The history of Zero Trust
- Marketing failures
- Zero Trust older model failures
Break 10 mins
Zero Trust Today Length 40
- Zero Trust latest definitions
- Comparing older models to the latest model
- Explanation of Zero Trust best practices
Zero Trust Capabilities Length 30
- Securing identity according to zero trust of people
- Securing the workplace
- Security the workload
- Managing Zero Trust capabilities
Break 10 mins
Zero Trust risk management Length 30
- Auditing against Zero Trust
- Prioritizing capabilities investments
- Assessing people and process
- Wrap up
Next Steps Length 20
- Resources for future learning
- Planning your next career and use of this knowledge
- Q&A
Your Instructor
Joseph Muniz
Joseph Muniz is a renowned security expert and security artificial intelligence specialist at Microsoft. With a passion for making the world a safer place, he is dedicated to promoting education and research on adversary tactics. Joseph has over two decades of experience designing security solutions and architectures for Fortune 500 companies and the US Government, serving as a trusted advisor. He is a researcher and thought leader in the industry, regularly speaking at international conferences and contributing to technical magazines. Joseph also develops training for various industry certifications, and has invented the fictitious character of Emily Williams to raise awareness of social engineering. As the founder of thesecurityblogger.com, Joseph has created a valuable resource for security and product implementation. He is the author and contributor of several publications, ranging from security best practices to exploitation tactics. His latest title, The Modern Security Operations Center, was released in 2021 and is his tenth publication. Follow Joseph’s work on Twitter at @SecureBlogger.