About the Author xiAcknowledgments xiiiForeword xvIntroduction xxiChapter 1: The Case for Zero Trust 1Key Takeaways 10Chapter 2: Zero Trust Is a Strategy 13Key Takeaways 26The Four Zero Trust Design Principles 27The Five-StepZero Trust Design Methodology 27The Zero Trust Implementation Curve 27Chapter 3: Trust Is a Vulnerability 29Key Takeaways 39Chapter 4: The Crown Jewels 43Key Takeaways 54Chapter 5: The Identity Cornerstone 57Key Takeaways 71Chapter 6: Zero Trust DevOps 73Key Takeaways 83Chapter 7: Zero Trust SOC 87Key Takeaways 100Chapter 8: Cloudy with a Chance of Trust 103Key Takeaways 113Chapter 9: A Sustainable Culture 117Key Takeaways 129Chapter 10: The Tabletop Exercise 133Key Takeaways 147Chapter 11: Every Step Matters 151Key Takeaways 159Appendix A: Zero Trust Design Principles and Methodology 165The Four Zero Trust Design Principles 165The Five-Step Zero Trust Design Methodology 166Appendix B: Zero Trust Maturity Model 167Appendix C: Sample Zero Trust Master Scenario Events List 171Appendix D: For Further Reading 179Standards, Frameworks, and Other Resources 179Case Studies 180Google BeyondCorp Papers 180Books 181Hardening Guides 181Glossary 183Index 191

GEORGE FINNEY is the Chief Security Officer at Southern Methodist University. He has taught Cybersecurity at SMU and been recognized as one of the top 100 Chief Information Security Officers in the world by CISOs Connect. He has over 20 years' experience in the industry with startups, global telecommunication firms, and nonprofits.