The Zero Trust Security Framework
Understanding and Applying Zero Trust Best Practices
Zero Trust has become an extremely popular reference for security best practices. Vendor marketing and other misleading data has unfortunately caused confusion about what Zero Trust is and how to use it properly. This misunderstanding of Zero Trust can lead to a false sense of security.
This course will review the history of many popular terms for security best practices as well as how the industry developed the term Zero Trust. We will review Zero Trust frameworks – everything from older to the latest Zero Trust versions -- as well as what vendor agnostic capabilities should be applied within your security practice to meet and exceed Zero Trust best practices. Topics will include network, endpoint and cloud security concepts. We will also discuss misconceptions, such as how Zero Trust best practices can’t be achieved by simply acquiring a technology such as a Firewall, Identity Management solution or Network Access Control offering. Expect many real-world examples, demos and definitions of topics that you can relate to as well as evaluate with open source or enterprise technology.
Joseph Muniz has been in the security industry for many years, consulting for various types of customers -- from fortune 500 to Federal. He has written numerous books, including Security Operations Center (SOC) and Investigating the Cyber Breach, both from Cisco Press, and is a distinguished speaker at various industry conferences He is well versed in security technologies as well as exploitation dark arts.
What you'll learn-and how you can apply it
- Understand the true meaning of the Zero Trust security framework
- Determine how to apply security best practices represented in the latest Zero Trust framework to your organization.
- Understand how to assess your existing security capabilities and map out a plan for improving your organization’s security practice.
- Understand security best practices for all areas of your business (cloud, endpoint and network)
This training course is for you because...
- You want to understand and leverage the Zero Trust security framework as it was meant to be used.
- You need to or desire to improve your cyber security capabilities
We highly recommend you have a basic knowledge of computers and computer security concepts. Commodity technologies such as Firewall and IPS will be quickly defined, but how to configure them will not be covered. A basic understanding of how and why these technologies will be fine.
Attendees will benefit by having access to a computer lab and networking gear, but this is not required for this training.
If you do not have a basic understanding of security terminology, please view the following videos before attending the training.
- Cybersecurity Fundamentals Live Training by Omar Santos (search for “Cybersecurity” and “Omar Santos” in the O’Reilly search bar)
- CompTIA Cybersecurity Analyst CySA+ (CS0-001) by Joseph Muniz and Aamir Lakhani
About your instructor
Joseph Muniz is an architect at Cisco Systems and security researcher. Joseph started his career in software development and later managed networks as a contracted technical resource. He moved into consulting and found a passion for security while meeting with a variety of customers.
Joseph has been involved with the design and implementation of multiple projects ranging from Fortune 500 corporations to large federal networks. He is the author and contributor of several books as well as has spoken for popular security conferences such as RSA, Cisco Live, ISC2 and DEF CON. Joseph’s current role gives him visibility into the latest trends in cyber security both from leading vendors and customers.
The timeframes are only estimates and may vary according to how the class is progressing
The history of security and Zero Trust Length 40
- Security policies, procedures, frameworks, standards and guidelines
- The history of Zero Trust
- Marketing failures
- Zero Trust older model failures
Break 10 mins
Zero Trust Today Length 40
- Zero Trust latest definitions
- Comparing older models to the latest model
- Explanation of Zero Trust best practices
Zero Trust Capabilities Length 30
- Securing identity according to zero trust of people
- Securing the workplace
- Security the workload
- Managing Zero Trust capabilities
Break 10 mins
Zero Trust risk management Length 30
- Auditing against Zero Trust
- Prioritizing capabilities investments
- Assessing people and process
- Wrap up
Next Steps Length 20
- Resources for future learning
- Planning your next career and use of this knowledge