This program aims to equip security architects and engineers with the advanced knowledge and practical skills required to design, implement, and manage modern, Zero Trust-based network security architectures:

• Security Architects and Engineers.
• Network Engineers and Administrators.
• CISO/CTO seeking to modernize their security posture.
• Cloud Security Specialists.
• Security Operations Center (SOC) personnel.
• Consultants specializing in network transformation.

• Hands-on lab exercises configuring microsegmentation policies.
• Group design challenge: planning a Zero Trust migration for a fictional company.
• Case studies analysing major breaches and how ZT could have prevented lateral movement.
• Technical discussions on SASE vendor solutions and implementation pros/cons.
• Individual exercises mapping existing security controls to ZT pillars.

Unit 1: The Evolution of Network Security

• Limitations of the traditional castle-and-moat model.
• Impact of cloud, mobility, and IoT on the network boundary.
• Understanding the lateral movement problem after a perimeter breach.
• The need for a trust-less security model.

• Core principles of Zero Trust: Never Trust, Always Verify.
• The NIST Zero Trust Architecture (ZTA) model and components.
• The role of the Policy Enforcement Point (PEP) and Policy Decision Point (PDP).
• Mapping Zero Trust to modern business and operational needs.

Unit 2: Designing the Zero Trust Network

• Central role of Identity and Access Management (IAM) in Zero Trust.
• Implementing Multi-Factor Authentication (MFA) and adaptive authentication.
• Continuous and context-aware authorization.
• Managing and verifying non-human identities (API keys, service accounts).

• Traditional network segmentation (VLANs, ACLs).
• Techniques for microsegmentation (e.g., host-based, network-based, cloud-native).
• Policy definition and enforcement for east-west traffic control.
• Isolation of critical assets and high-risk environments.

Unit 3: Modern Network Security Components

• Software-Defined Perimeter (SDP) and its advantages over traditional VPNs.
• Cloud Access Security Brokers (CASBs) for cloud service governance.
• Secure Web Gateway (SWG) and DNS-layer security.
• The SASE (Secure Access Service Edge) architecture model.

• Next-Generation Firewall (NGFW) capabilities and deep packet inspection.
• Intrusion Prevention Systems (IPS) and advanced malware sandboxing.
• Techniques for encrypted traffic inspection (TLS/SSL decryption).
• Behavioral analytics and network detection and response (NDR).

Unit 4: Implementation and Deployment Strategies

• Developing a phased approach to Zero Trust adoption.
• Identifying high-value targets and building initial Zero Trust zones.
• Best practices for policy discovery and migration from legacy systems.
• Measuring the success of Zero Trust implementation.

• Integration of Zero Trust with Security Orchestration, Automation, and Response (SOAR).
• Continuous monitoring and auditing of ZT policies.
• Troubleshooting common connectivity and policy enforcement issues.
• Security considerations for operational technology (OT) networks.

Unit 5: Cloud and Future Networks

• Applying ZT principles to multi-cloud and hybrid cloud environments.
• Leveraging native cloud security services (e.g., AWS Security Hub, Azure Policy).
• Securing containerized and serverless environments with microsegmentation.
• Cloud Identity and Posture Management (CIEM, CSPM) for ZT.

• Impact of 5G and edge computing on network security design.
• Introduction to quantum-safe cryptography and network requirements.
• Future of SASE and Unified Endpoint Management (UEM).
• Automation and Artificial Intelligence in network security policy management.