As IT infrastructure continues to expand beyond physical walls into cloud, edge and remote environments, an increasing number of organizations are turning to a zero trust security model. The approach allows organizations to reduce the attack surface through network micro-segmentation, giving users access to only the resources they need.
The most recent ISC2 Cybersecurity Workforce Study showed that zero trust implementation skills are highly valued by IT and cybersecurity managers. Even more striking, zero trust network access architecture, cited by 36% of participants, rated second only to automation cybersecurity (42%) as having the “greatest positive impact” on securing organizations. In addition, 19% of respondents cited zero trust edge technologies as impactful.
Zero trust carries implications beyond the implementation and management of security controls. It requires a shift in mindset to focus on data protection and acknowledges that network perimeter boundaries have blurred as a result of edge and cloud deployments, and remote environments such as home offices.
Cybersecurity professionals who adopt the zero trust mindset and acquire the requisite skills can stand out as more organizations embrace the model. As of April 2024, 63% of organizations worldwide had fully or partially implemented a zero trust strategy, according to Gartner. More recently, CIO.com reported that 81% of organizations plan to adopt the model by 2026.
In response to the high demand for zero trust training, ISC2 has developed a new offering, Zero Trust Strategy Certificate for advanced cybersecurity professionals. Through four on-demand courses, participants will learn essential zero trust principles and policies to strengthen their organization's security posture by aligning stakeholders, systems and technology. The certificate program includes nine hours of content that will result in the participant’s ability to demonstrate a comprehensive understanding of principles and requirements necessary to manage enterprise risks in a zero trust environment.
The Zero Trust Strategy Certificate is divided into four courses:
- Communication for Zero Trust – a focus on communication strategies and skills necessary for zero trust implementation to ensure stakeholders are informed and cybersecurity teams can manage data risks effectively.
- Security within Zero Trust – how to strengthen security posture by applying zero trust to enterprise-wide data, authentication, threat anticipation and evaluation, and risk management.
- Zero Trust for Business Leaders – educating non-IT managers to drive zero trust initiatives through the practical application of principles like least privilege, continuous verification and segmentation, and resource protection.
- Zero Trust Risk Management and Response – addressing the strategic benefits of implementing risk management processes, remediation, and incident response plans with a zero trust mindset.
Those with less working knowledge of zero trust may want to consider beginning their education with the more foundational Protecting Data Using Zero Trust Courses:
- Continuous Monitoring and Incident Response for Zero Trust – covering the necessity of real-time data collection, analysis and assessment from various sources to identify and respond to threats.
- Defining the Boundaries of Zero Trust – how to transition from traditional perimeter-based security to a business-enabling, data-centric security operating model.
- Vulnerability Management in Zero Trust – how essential vulnerability management principles and best practices provide a crucial component in cybersecurity operations, specifically in zero trust architecture (ZTA).
For more information on certificates from ISC2, visit https://www.isc2.org/professional-development/certificates