Project Zero Trust puts readers into the driver’s seat in a journey to transform the security of a recently breached fictional bank by taking them through each step in the journey of implementing Zero Trust. The book follows the story of Matt, who hasn’t even started at his new job as IT Security Director at the Bank and who leads the project to implement Zero Trust while his CISO handles the breach investigation. Readers will be able to take these lessons back to their own organizations and have actionable lessons that they can apply to specific roles and situations at their organizations.
Readers will learn:
- John Kindervags’ 5 Step methodology for implementing Zero Trust
- The Four Zero Trust Design Principles
- How to Limit the Blast Radius of A Breach
- How To Align Security with the Business
- Common Myths and Pitfalls when Implementing Zero Trust
- Implementing Zero Trust in Cloud Environments
Since Zero Trust focuses on a strategy of prevention, readers will find opportunities to realize improvements in efficiency and reduced costs, in addition to increased security.
Project Zero Trust is essential for both aspiring technology professionals as well as experienced IT leaders, network engineers, system administrators, as well as project managers who need to implement Zero Trust initiatives in their organizations. Project Zero Trust demonstrates how Zero Trust can be integrated into any organization using easy-to-understand examples, bridging the gap between technical reference guides, vendor marketing, and organizational strategy.
GEORGE FINNEY is the Chief Security Officer at Southern Methodist University. He has taught Cybersecurity at SMU and been recognized as one of the top 100 Chief Information Security Officers in the world by CISOs Connect. He has over 20 years’ experience in the industry with startups, global telecommunication firms, and nonprofits.
About the Author xi
Acknowledgments xiii
Foreword xv
Introduction xxi
Chapter 1: The Case for Zero Trust 1
Key Takeaways 10
Chapter 2: Zero Trust Is a Strategy 13
Key Takeaways 26
The Four Zero Trust Design Principles 27
The Five-Step
Zero Trust Design Methodology 27
The Zero Trust Implementation Curve 27
Chapter 3: Trust Is a Vulnerability 29
Key Takeaways 39
Chapter 4: The Crown Jewels 43
Key Takeaways 54
Chapter 5: The Identity Cornerstone 57
Key Takeaways 71
Chapter 6: Zero Trust DevOps 73
Key Takeaways 83
Chapter 7: Zero Trust SOC 87
Key Takeaways 100
Chapter 8: Cloudy with a Chance of Trust 103
Key Takeaways 113
Chapter 9: A Sustainable Culture 117
Key Takeaways 129
Chapter 10: The Tabletop Exercise 133
Key Takeaways 147
Chapter 11: Every Step Matters 151
Key Takeaways 159
Appendix A: Zero Trust Design Principles and Methodology 165
The Four Zero Trust Design Principles 165
The Five-Step Zero Trust Design Methodology 166
Appendix B: Zero Trust Maturity Model 167
Appendix C: Sample Zero Trust Master Scenario Events List 171
Appendix D: For Further Reading 179
Standards, Frameworks, and Other Resources 179
Case Studies 180
Google BeyondCorp Papers 180
Books 181
Hardening Guides 181
Glossary 183
Index 191