Zero trust security is a proactive and robust approach to cybersecurity that addresses modern threats by continuously verifying and monitoring all network activities. While its implementation can be complex and resource-intensive, the benefits of improved security posture, reduced risk, and enhanced compliance make it a valuable strategy for organizations of all sizes.

Member Views on Zero Trust

ISC2 members recently shared with us their views on zero trust training, awareness and implementation.

We asked members about barriers and obstacles to implementing zero trust, with many responses focusing on the same areas, as Ray Heffer, CISSP explained.

“One of the barriers I see organizations facing is the shift in mindset from traditional perimeter-based security to a more holistic, identity-based approach. This change requires not just technological adjustments but also a significant cultural shift within the organization.

“There’s often resistance as this method necessitates rigorous authentication and verification processes at every access point, regardless of user location (network) or device, which can be perceived as adding complexity and potential delays to workflow. In addition, this extends beyond this to applications and data, which are two pillars that are often misunderstood or overlooked”.

Bright Erhabor, CC, added: “Zero Trust is still a relatively new security concept that is being used to replace traditional perimeter security. Some of the boundaries or limitations of zero trust include: cost of implementation, complexity of organizations' infrastructure, employees' resistance, operational challenges, poor user experience as well as difficulty integrating legacy technologies”.

We also asked members who should be targeted when deploying zero trust training and education in the workplace:

“Everyone should participate in zero trust continuing education. Executives need to understand the importance of restricting and monitoring access and end users need to understand the purpose behind why their access is being limited,” said Lewis Mandichak, CISSP.

This was echoed by several members including Raoul Hira, CISSP, who added: “Continuing education on zero trust should be pursued by all IT and security personnel, from analysts to C-suite executives, to foster a comprehensive understanding of its principles across the organization. I’ve led teams around the world, and the ones who understand zero trust deeply are always better prepared and react faster to security issues”.

Managing Zero Trust Data Risk Courses

Building on the ISC2 zero trust courses already available, we have launched additional courses that expand coverage of zero trust issues and themes.

Joining our roster are three new areas of focus, all designed to support you in your continuous education and skills development in the face of a rapidly evolving technology and threat landscape.

Communication for Zero Trust – This course addresses one of the great challenges of any fundamental security strategy implementation – effective communication and the strategies and skills necessary for zero trust to be successful. The course will cover methods for conveying the zero trust principles, policies and practices of your organization to ensure all stakeholder groups are kept informed and understand what is happening and why, while cybersecurity teams focus on managing data risk.

Security within Zero Trust – A strategic approach to how zero trust implementation can strengthen your organization’s security posture. You will examine the zero trust context of data classification; authentication policies; threat anticipation and evaluation; and risk management frameworks.

Zero Trust Risk Management and Response – Addressing risk management and incident response in a zero trust environment. You will learn about the strategic benefits of implementing risk management processes, along with how to implement remediation actions and incident response plans within a zero trust environment.

All three courses are aimed at cybersecurity professionals in advanced roles with an understanding of zero trust principles, such as Cybersecurity Architect, Cybersecurity Engineers and Cybersecurity Program Managers. ISC2 members completing zero trust courses can also earn CPE credits for each completed course.

Continuing Professional Development from ISC2

ISC2 provides a wide range of courses, certificates and skills development opportunities to support your continuous education journey, covering topics including Security Operations (where you’ll find the zero trust options), Software Security, Cloud Security, Cyber Leadership and more.