The Zero Trust Security Framework
Understanding and Applying Zero Trust Best Practices
Zero Trust has become an extremely popular reference for security best practices. Vendor marketing and other misleading data has unfortunately caused confusion about what Zero Trust is and how to use it properly. This misunderstanding of Zero Trust can lead to a false sense of security.
This course will review the history of many popular terms for security best practices as well as how the industry developed the term Zero Trust. We will review Zero Trust frameworks – everything from older to the latest Zero Trust versions -- as well as what vendor agnostic capabilities should be applied within your security practice to meet and exceed Zero Trust best practices. Topics will include network, endpoint and cloud security concepts. We will also discuss misconceptions, such as how Zero Trust best practices can’t be achieved by simply acquiring a technology such as a Firewall, Identity Management solution or Network Access Control offering. Expect many real-world examples, demos and definitions of topics that you can relate to as well as evaluate with open source or enterprise technology.
Joseph Muniz has been in the security industry for many years, consulting for various types of customers -- from fortune 500 to Federal. He has written numerous books, including Security Operations Center (SOC) and Investigating the Cyber Breach, both from Cisco Press, and is a distinguished speaker at various industry conferences He is well versed in security technologies as well as exploitation dark arts.
What you'll learn-and how you can apply it
- Understand the true meaning of the Zero Trust security framework
- Determine how to apply security best practices represented in the latest Zero Trust framework to your organization.
- Understand how to assess your existing security capabilities and map out a plan for improving your organization’s security practice.
- Understand security best practices for all areas of your business (cloud, endpoint and network)
This training course is for you because...
- You want to understand and leverage the Zero Trust security framework as it was meant to be used.
- You need to or desire to improve your cyber security capabilities
We highly recommend you have a basic knowledge of computers and computer security concepts. Commodity technologies such as Firewall and IPS will be quickly defined, but how to configure them will not be covered. A basic understanding of how and why these technologies will be fine.
Attendees will benefit by having access to a computer lab and networking gear, but this is not required for this training.
If you do not have a basic understanding of security terminology, please view the following videos before attending the training.
- Cybersecurity Fundamentals Live Training by Omar Santos (search for “Cybersecurity” and “Omar Santos” in the O’Reilly search bar)
- CompTIA Cybersecurity Analyst CySA+ (CS0-001) by Joseph Muniz and Aamir Lakhani
About your instructor
Joseph Muniz is an architect and security researcher in the Cisco Security Sales and Engineering Organization. He is driven by making the world a safer place through education and adversary research. Joseph has extensive experience in designing security solutions and architectures as a trusted advisor for the top Fortune 500 corporations and US Government.
Joseph is a researcher and industry thought leader. He speaks regularly at international conferences, writes for technical magazines and is involved with developing training for various industry certifications. He invented the fictitious character of Emily Williams to create awareness around Social Engineering. Joseph runs thesecurityblogger.com website, a popular resource for security and product implementation. He is the author and contributor of several publications including titles ranging from security best practices to exploitation tactics. Joseph’s latest title, Digital Forensics for Network Engineers was released 2018 with two new titles on SOC and VPN coming in 2020.
When Joseph is not using technology, you can find him on the futbal field or raising the next generation of hackers also known as his children. Follow Joseph at www.thesecurityblogger.com and @SecureBlogger.
The timeframes are only estimates and may vary according to how the class is progressing
The history of security and Zero Trust Length 40
- Security policies, procedures, frameworks, standards and guidelines
- The history of Zero Trust
- Marketing failures
- Zero Trust older model failures
Break 10 mins
Zero Trust Today Length 40
- Zero Trust latest definitions
- Comparing older models to the latest model
- Explanation of Zero Trust best practices
Zero Trust Capabilities Length 30
- Securing identity according to zero trust of people
- Securing the workplace
- Security the workload
- Managing Zero Trust capabilities
Break 10 mins
Zero Trust risk management Length 30
- Auditing against Zero Trust
- Prioritizing capabilities investments
- Assessing people and process
- Wrap up
Next Steps Length 20
- Resources for future learning
- Planning your next career and use of this knowledge