Introducing Zero Trust in a Cybersecurity Course

Abstract

Zero trust (ZT) is a conceptual and architectural model for cybersecurity teams to design networks into secure micro-perimeters and strengthen data security by systematically integrating state-of-the-art technology, risk management, and threat intelligence. ZT has recently gained momentum in the industry to defend against lateral movement of malicious actors in today’s borderless networks. The United States 2021 President Executive Order requires the federal government must adopt security best practice and advance toward a zero trust architecture (ZTA). However, it is not a trivial task to implement a ZTA due to its novelty and complexity. We need to understand what ZTA is to take the advantage of it. Therefore, there is a need to introduce the fundamental concepts, principles, and architectures of ZT in cybersecurity courses at a college to better prepare our new cybersecurity professionals for their careers. We have introduced ZT in a cybersecurity course for senior undergraduates and another course for graduate students. This article provides an overview of the materials we have used to introduce ZT in both courses, including the problems in a traditional perimeter-based security model and how these problems can be either resolved or mitigated with a ZT security model. We expect our work will serve as a good reference for educators to introduce ZT security model in a cybersecurity course.