Project Zero Trust A Story about a Strategy for Aligning Security and the Business

Project Zero Trust puts readers into the driver’s seat in a journey to transform the security of a recently breached fictional bank by taking them through each step in the journey of implementing Zero Trust. The book follows the story of Matt, who hasn’t even started at his new job as IT Security Director at the Bank and who leads the project to implement Zero Trust while his CISO handles the breach investigation. Readers will be able to take these lessons back to their own organizations and have actionable lessons that they can apply to specific roles and situations at their organizations.

Readers will learn:

• John Kindervags’ 5 Step methodology for implementing Zero Trust
• The Four Zero Trust Design Principles
• How to Limit the Blast Radius of A Breach
• How To Align Security with the Business
• Common Myths and Pitfalls when Implementing Zero Trust
• Implementing Zero Trust in Cloud Environments

Since Zero Trust focuses on a strategy of prevention, readers will find opportunities to realize improvements in efficiency and reduced costs, in addition to increased security.

Project Zero Trust is essential for both aspiring technology professionals as well as experienced IT leaders, network engineers, system administrators, as well as project managers who need to implement Zero Trust initiatives in their organizations. Project Zero Trust demonstrates how Zero Trust can be integrated into any organization using easy-to-understand examples, bridging the gap between technical reference guides, vendor marketing, and organizational strategy.

GEORGE FINNEY is the Chief Security Officer at Southern Methodist University. He has taught Cybersecurity at SMU and been recognized as one of the top 100 Chief Information Security Officers in the world by CISOs Connect. He has over 20 years’ experience in the industry with startups, global telecommunication firms, and nonprofits.

About the Author xi

Acknowledgments xiii

Foreword xv

Introduction xxi

Chapter 1: The Case for Zero Trust 1

Key Takeaways 10

Chapter 2: Zero Trust Is a Strategy 13

Key Takeaways 26

The Four Zero Trust Design Principles 27

The Five-Step

Zero Trust Design Methodology 27

The Zero Trust Implementation Curve 27

Chapter 3: Trust Is a Vulnerability 29

Key Takeaways 39

Chapter 4: The Crown Jewels 43

Key Takeaways 54

Chapter 5: The Identity Cornerstone 57

Key Takeaways 71

Chapter 6: Zero Trust DevOps 73

Key Takeaways 83

Chapter 7: Zero Trust SOC 87

Key Takeaways 100

Chapter 8: Cloudy with a Chance of Trust 103

Key Takeaways 113

Chapter 9: A Sustainable Culture 117

Key Takeaways 129

Chapter 10: The Tabletop Exercise 133

Key Takeaways 147

Chapter 11: Every Step Matters 151

Key Takeaways 159

Appendix A: Zero Trust Design Principles and Methodology 165

The Four Zero Trust Design Principles 165

The Five-Step Zero Trust Design Methodology 166

Appendix B: Zero Trust Maturity Model 167

Appendix C: Sample Zero Trust Master Scenario Events List 171

Appendix D: For Further Reading 179

Standards, Frameworks, and Other Resources 179

Case Studies 180

Google BeyondCorp Papers 180

Books 181

Hardening Guides 181

Glossary 183

Index 191