Zero Trust Security Fundamentals
Published by O'Reilly Media, Inc.
Understanding key concepts, principles, and implementation approaches of zero trust security
In 2021, all federal government agencies were mandated via executive order to advance toward the zero trust security model. In recent years, governments and private organizations across the globe are likewise adopting the zero trust approach to improve their security posture to counter cyber threats. The number of highly publicized recent breaches guarantees that many more will join the movement.
Join expert Razi Rais to take a dive into the origins of zero trust and the key facets of the “never trust, always verify” approach to security. You’ll explore the standards and guidance around zero trust architecture and understand the various approaches to implementing zero trust while adapting to the complexity of the modern environment, embracing the mobile workforce, and focusing on protecting people, devices, apps, and data wherever they're located.
What you’ll learn and how you can apply it
By the end of this live online course, you’ll understand:
- Key principles and components of zero trust
- Why zero trust is important to your organization
- Zero trust implementation models and use cases
And you’ll be able to:
- Plan the zero trust journey for your organization
- Analyze your current security posture and identify gaps that need to be filled in order to adopt zero trust architecture
- Define roles and responsibilities to help your organization adopt zero trust
- Implement zero trust in your organization
This live event is for you because...
- You’re a security practitioner who wants to understand and implement zero trust architecture.
- You’re planning to implement security best practices in your organization.
- Your role requires you to stay current on security topics.
Prerequisites
- Basic knowledge of computer security topics, including authentication, authorization, firewall, storage devices, cloud computing, and networking
Recommended preparation:
- Read “Zero Trust Fundamentals” (chapter 1 in Zero Trust Networks)
Recommended follow-up:
- Finish reading Zero Trust Networks (book)
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Zero trust fundamentals (55 minutes)
- Presentation: The history and evolution of zero trust; understanding the meaning of the “never trust, always verify” mindset; what isn’t zero trust (marketing buzzwords, approaches, and hacks); the role of key players, including governments, cloud providers, and standard and compliance bodies
- Group discussion: Check your knowledge of the “never trust, always verify” mindset
- Q&A
- Break
The current state of frameworks, standards, and guidelines (45 minutes)
- Presentation: Overview of zero trust security frameworks, standards, and guidelines (NIST’s zero trust architecture, NSA’s zero trust security model, ACT-ICT’s six pillars of zero trust, the UK National Cyber Security Centre’s zero trust architecture, and Open Group’s zero trust security); understanding the role of identity, networking, and data in zero trust
- Q&A
Implementing zero trust (55 minutes)
- Presentation: The journey toward zero trust implementation; implementation challenges; migrating to zero trust architecture
- Group discussion: Microsoft’s approach to implementing zero trust architecture; the difference between zero trust frameworks and implementations
- Q&A
- Break
Wrap-up and Q&A (25 minutes)
- Presentation: What’s next in zero trust?; useful resources to enhance your knowledge; job market, roles, and growth prospects related to zero trust
Your Instructor
Razi Rais
Razi Rais is technical program manager at Microsoft, where he helps businesses improve their cybersecurity posture by safeguarding digital identities and authenticating millions of users. He’s also been a software engineer and architect, a Microsoft Certified Trainer, and author of several books over his 18-year career. Razi is an active member of the SANS advisory board and a frequent speaker at international conferences. You can reach him through LinkedIn and follow his projects on GitHub.