“Never trust, always verify”. Zero Trust Architectures have gained undeniable popularity in the last few years. However, questions about how to institute, integrate and manage it remain. This summit will explore different aspects of the Zero Trust framework including design, resilience and threat modeling to build a modern zero trust strategy for your organization.  

Sessions Include - 

Cyber-Resilience: Managing Cybersecurity as a Predictable Risk

Speaker - Derrick A. Butts, CISSP, ITIL – CEO/ Cyber-Business Transformation Advisor, Continuums Strategies

Many businesses have zero trust goals and aspiration for 2023, but the number of businesses working to achieve this level of security, will be few due to the cost. Zero trust is a portion of a cyber-resilience strategy verses just another piece of technology.

A cyber-resilience strategy incorporates zero-trust methodologies, but it also needs to include updates to business policies, procedures, business continuity planning, enhancing technologies, security risk management, and modified security awareness training. The layering of these tasks will mature your security posture and increase the chances of your data being protected and restorable during and after a cyberattack.

Extending Zero Trust to the User with a Zero Trust Workspace

Speaker - Chalan Aras, n/a – Advisory Managing Director, Deloitte & Touche LLP

Implementing Zero Trust principles across an enterprise has accelerated as cyber risks have expanded through remote and third-party users, greater use of SaaS, and acceptance of unmanaged devices for enterprise connectivity.

Past solutions centered around technologies such as VD Infrastructure and Remote Browsers but these tend to compromise UE, can be costly, and depart from familiar software tools.

We will share the concept of a ZT Workspace that brings a large range of identity, posture, and application-based controls to protect data, without the cost current solutions, including the use of off-the-shelf applications that avoid a disruptive change to user experiences.

Zero Trust Threat Modeling

Speaker - Chris Romeo, CISSP, CSSLP – CEO, Kerr Ventures

Zero trust is all the rage. Nevertheless, zero trust has vast implications for AppSec and threat modeling. Zero trust threat modeling means the death of the trust boundary and assumes attackers are in the environment, and data sources and flows can no longer hide.

Apply the concept of zero trust to threat modeling by understanding what changes and considering a threat model of the zero-trust architecture. Explore new design principles in a zero-trust threat model and apply a mnemonic and taxonomy of threats impacting zero-trust applications.

Long live the threat model but say goodbye to the trust boundary.

Zero Trust: Is Everybody a Zero Trust Solution Now?

Speaker - Vincent Romney, CISSP, CCSP – Enterprise Security Architect, Nu Skin Enterprises, Nu Skin Enterprises

Zero Trust is a buzz-phrase like no other! Seemingly every vendor is now a Zero Trust solution, and organizations who've received that "top down" edict to "go Zero Trust" are often at a loss to determine where to spend their precious security dollars. Using NIST 800-207 as our guide, we'll walk through the components of a Zero Trust architecture, and contextualize it against various vendor offerings to bring clarity to the Zero Trust argument.

The Zero Trust Application Framework - Building Security without a Perimeter 

Speaker - Nat Bongiovanni, CTO, NTT DATA Federal Services

In this presentation we will discuss Zero Trust Architecture (ZTA) and how to build ZTA applications. We will start with the seven tenets described in NIST SP 800-207 and then show an application framework for building cloud-ready Zero Trust applications. Our presentation will show how the three components of Authentication, Monitoring, and Authorization enable ZTA. We will explore the concepts and implementation of policy decision and enforcement points as well as all other components of a ZTA. Tying it all together, we will present an example application as described in NIST SP 800-204 a, b, c.

Legal Implications, Issues, and Aspects of Zero Trust Architecture (ZTA)

Speaker - Scott Giordano, Senior AI, Privacy & Cybersecurity Attorney

There are myriad concerns when it comes to planning a executing a Zero Trust Architecture plan. Legal implications such as collecting a processing user data, complying with local and applicable data protection laws (like GDPR) , privacy issues that may involve monitoring user activities and network traffic and cross-boarder data transfers. This session will examine these issues and aspects such as:
-    User consent
-    Data breaches
-    Contract and Agreements
-    Incident response and notifications
-    Compliance with industry-specific regulations

* Please note: This is not included in the Main Conference registration and requires a separate registration.