Project Zero Trust

Implement Zero Trust initiatives efficiently and effectively

In Project Zero Trust: A Story About a Strategy for Aligning Security and the Business, George Finney, Chief Security Officer at Southern Methodist University, delivers an insightful and practical discussion of Zero Trust implementation. Presented in the form of a fictional narrative involving a breach at a company, the book tracks the actions of the company's new IT Security Director.

Readers will learn John Kindervag's 5-Step methodology for implementing Zero Trust, the four Zero Trust design principles, and how to limit the impact of a breach. They'll also find:

• Concrete strategies for aligning your security practices with the business
• Common myths and pitfalls when implementing Zero Trust and how to implement it in a cloud environment
• Strategies for preventing breaches that encourage efficiency and cost reduction in your company's security practices

Project Zero Trust is an ideal resource for aspiring technology professionals, as well as experienced IT leaders, network engineers, system admins, and project managers who are interested in or expected to implement zero trust initiatives.

About the Author xi

Acknowledgments xiii

Foreword xv

Introduction xxi

Chapter 1: The Case for Zero Trust 1

Key Takeaways 10

Chapter 2: Zero Trust Is a Strategy 13

Key Takeaways 26

The Four Zero Trust Design Principles 27

The Five-Step Zero Trust Design Methodology 27

The Zero Trust Implementation Curve 27

Chapter 3: Trust Is a Vulnerability 29

Key Takeaways 39

Chapter 4: The Crown Jewels 43

Key Takeaways 54

Chapter 5: The Identity Cornerstone 57

Key Takeaways 71

Chapter 6: Zero Trust DevOps 73

Key Takeaways 83

Chapter 7: Zero Trust SOC 87

Key Takeaways 100

Chapter 8: Cloudy with a Chance of Trust 103

Key Takeaways 113

Chapter 9: A Sustainable Culture 117

Key Takeaways 129

Chapter 10: The Tabletop Exercise 133

Key Takeaways 147

Chapter 11: Every Step Matters 151

Key Takeaways 159

Appendix A: Zero Trust Design Principles and Methodology 165

The Four Zero Trust Design Principles 165

The Five-Step Zero Trust Design Methodology 166

Appendix B: Zero Trust Maturity Model 167

Appendix C: Sample Zero Trust Master Scenario Events List 171

Appendix D: For Further Reading 179

Standards, Frameworks, and Other Resources 179

Case Studies 180

Google BeyondCorp Papers 180

Books 181

Hardening Guides 181

Glossary 183

Index 191

GEORGE FINNEY is the Chief Security Officer at Southern Methodist University. He has taught Cybersecurity at SMU and been recognized as one of the top 100 Chief Information Security Officers in the world by CISOs Connect. He has over 20 years’ experience in the industry with startups, global telecommunication firms, and nonprofits.

Why your organization needs Zero Trust and how to implement it

In Project Zero Trust: A Story about a Strategy for Aligning Security and the Business, renowned CISO George Finney delivers a hands-on and step-by-step guide to implementing an effective and practical Zero Trust security strategy at your organization. The book is written as an engaging narrative that follows the story of Dylan, a new IT Director at a company that experiences a ransomware attack on his first day.

You’ll learn John Kindervags’ 5-step methodology for implementing Zero Trust, the four key Zero Trust design principles, and discover how to align this framework with your company’s operational and commercial requirements.

The author explains how to prevent data breaches and how to minimize the impact of a breach should one occur. He focuses on a strategy of prevention and addresses widespread myths and common pitfalls encountered by technology professionals when implementing Zero Trust. Project Zero Trust also explains how to implement its methodologies and strategies in a distributed cloud environment.

An essential read for aspiring and practicing technology professionals, Project Zero Trust will earn a place on the bookshelves of IT leaders, network engineers, sysadmins, and project managers.