Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Zero Trust Fundamentals
- Evolution from perimeter security to Zero Trust for government operations
- Core principles of Zero Trust: never trust, always verify, and least privilege
- NIST SP 800-207 Zero Trust Architecture framework for government agencies
- Comparison of Zero Trust to traditional network security models in the public sector
- Open source ecosystem supporting Zero Trust implementation for government
Zero Trust Architecture Components
- Identity as the new perimeter for government systems
- Device trust and posture validation in government networks
- Network segmentation and micro-segmentation for enhanced security in government environments
- Application workload protection for government applications
- Data classification and protection strategies for government data
- Policy enforcement points and policy decision points in government Zero Trust architectures
Identity Foundation for Zero Trust
- Identity providers such as Keycloak, Authentik, and Dex for government use
- Integration of OAuth 2.0, OIDC, and SAML in government identity management systems
- Implementation of multi-factor authentication (MFA) for enhanced security in government operations
- Risk-based authentication and step-up authentication mechanisms for government users
- Identity lifecycle management practices for government employees and contractors
- Identity proofing and verification processes for government identity systems
Device Trust and Posture
- Device enrollment and attestation procedures for government devices
- Compliance checking using tools like Kolide and OSQuery in government environments
- Integration of endpoint detection and response (EDR) solutions for government networks
- Certificate-based device authentication for secure government operations
- Mobile device management (MDM) integration to collect posture data in government settings
- Continuous assessment of device trust for government devices
Network-Level Zero Trust
- Concepts of software-defined perimeter (SDP) for government networks
- Open source SDP implementations suitable for government use
- Micro-segmentation using tools like OVN, Cilium, and Calico in government environments
- Zero Trust Network Access (ZTNA) architecture for secure government network access
- Replacing traditional VPNs with zero trust access solutions for government
- Implementing network policies as code in government networks
Identity-Aware Proxies and Access Gateways
- Pomerium: an identity-aware proxy architecture for government applications
- vouch-proxy integration with nginx and Apache for government web services
- Deployment and configuration of OAuth2 Proxy in government environments
- Traefik with forward authentication for secure government access
- Kong Gateway with OIDC plugins for enhanced security in government operations
- Configuration and enforcement of access policies in government systems
Service Mesh for Zero Trust
- Service mesh as a zero trust fabric for government applications
- Zero trust configuration using Istio in government service meshes
- Secure deployment patterns with Linkerd for government services
- Mutual TLS (mTLS) for secure service-to-service authentication in government environments
- SPIFFE/SPIRE for workload identity management in government service meshes
- Implementation of authorization policies within government service meshes
- Multi-cluster trust domains in government service mesh architectures
PKI and Certificate Management
- Certificate-based authentication for zero trust in government systems
- Use of Smallstep CA for workload identities in government operations
- HashiCorp Vault PKI engine for secure certificate management in government
- Automation of certificate rotation and lifecycle management for government applications
- Establishment of private CAs for internal trust in government networks
- Certificate transparency and monitoring practices for government PKI systems
Secrets Management
- HashiCorp Vault for secrets management in government environments
- Sealed Secrets for secure Kubernetes operations in government
- External Secrets Operator for enhanced secrets management in government systems
- SOPS (Secrets OPerationS) for secure secret handling in government applications
- Dynamic secrets and automatic rotation practices for government operations
- Secret injection patterns for application security in government contexts
Policy as Code and Authorization
- Fundamentals of Open Policy Agent (OPA) for government policy management
- Basics of the Rego policy language for government use
- Integration of OPA with Kubernetes admission control in government clusters
- Use of OPA with Envoy for service authorization in government applications
- Implementation of OPA with API gateways for secure government services
- Testing and validation of policies in government systems
- Integration of Apache APISIX with OPA for enhanced security in government operations
API Security in Zero Trust
- Security patterns for API gateways in government systems
- Use of Kong open source with security plugins for government APIs
- Rate limiting and DDoS protection strategies for government APIs
- Authentication and authorization mechanisms for government APIs
- Security considerations for GraphQL in government applications
- API discovery and shadow API detection practices for government systems
Data Protection and DLP
- Data classification frameworks for government data
- Open source DLP tools and integration strategies for government use
- Encryption practices for data in transit and at rest in government systems
- Tokenization and masking techniques for secure data handling in government operations
- Data loss prevention policies for government agencies
- Sovereign data handling considerations in zero trust environments for government
Continuous Authentication and Authorization
- Session management practices in zero trust environments for government
- Continuous authentication mechanisms for secure government access
- Context-aware access decisions in government systems
- Risk scoring and dynamic authorization techniques for government users
- Step-up authentication triggers for enhanced security in government applications
- Real-time policy enforcement practices for government operations
Monitoring and Observability in Zero Trust
- Security telemetry collection methods for government systems
- Integration of SIEM with open source tools for government security monitoring
- User and entity behavior analytics (UEBA) for enhanced detection in government environments
- Audit logging and compliance reporting practices for government operations
- Anomaly detection using machine learning techniques in government systems
- Security dashboards and alerting mechanisms for government monitoring
Zero Trust for Cloud-Native Workloads
- Container security practices in zero trust contexts for government cloud environments
- Management of ephemeral workload identities in government operations
- Use of admission controllers for zero trust enforcement in government Kubernetes clusters
- Runtime security solutions like Falco and Tetragon for government applications
- Network policies for container segmentation in government cloud systems
- Immutable infrastructure patterns for secure government operations
Implementing Zero Trust Roadmap
- Maturity assessment and gap analysis for government agencies transitioning to zero trust
- Phased implementation approach for government zero trust adoption
- Design and execution of pilot projects for government zero trust initiatives
- Change management and user adoption strategies for government organizations
- Metrics for measuring the success of zero trust implementations in government
- Common challenges and pitfalls to avoid in government zero trust deployments
Production Deployment and Operations
- High availability design patterns for government zero trust infrastructure
- Disaster recovery strategies for government zero trust systems
- Performance optimization techniques for government zero trust environments
- Troubleshooting methods for authentication and authorization issues in government operations
- Upgrading and patching procedures for government zero trust components
- Documentation and runbook creation practices for government zero trust operations
Future of Zero Trust and Open Source
- Emerging standards and protocols relevant to government zero trust initiatives
- Considerations for quantum-safe zero trust in government systems
- Application of AI/ML in zero trust decision-making processes for government
- Federated zero trust architectures for multi-agency collaboration in government
- Community resources and ongoing development efforts supporting government zero trust adoption
- Summary of key points and next steps for government agencies implementing zero trust
Requirements
- Proficient in network security concepts and principles
- Practical experience with identity and access management systems
- Comprehensive knowledge of Public Key Infrastructure (PKI), certificates, and encryption fundamentals
- Familiarity with microservices and container architectures for government applications
- Experience in deploying and managing open-source software solutions
Audience
- Security Architects and Engineers
- Infrastructure Architects focused on designing modern security frameworks
- DevSecOps Engineers responsible for implementing robust security pipelines
- Network Administrators transitioning to zero trust architectures
35 Hours
Testimonials (2)
communication, knowledge from experience, solve problems,
Marcin Walewski - Intel Technology Poland Sp. z o.o.
Course - OpenStack Bootcamp
The virtual desktop in a browser feature was kind of neat.
