Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Zero Trust Fundamentals
- Evolution from perimeter security to Zero Trust
- Zero Trust core principles: never trust, always verify, least privilege
- NIST SP 800-207 Zero Trust Architecture framework
- Zero Trust vs traditional network security models
- Open source ecosystem for Zero Trust implementation
Zero Trust Architecture Components
- Identity as the new perimeter
- Device trust and posture validation
- Network segmentation and micro-segmentation
- Application workload protection
- Data classification and protection
- Policy enforcement points and policy decision points
Identity Foundation for Zero Trust
- Identity providers: Keycloak, Authentik, Dex
- OAuth 2.0, OIDC, and SAML integration
- Multi-factor authentication implementation
- Risk-based authentication and step-up auth
- Identity lifecycle management
- Identity proofing and verification
Device Trust and Posture
- Device enrollment and attestation
- Device compliance checking with tools like Kolide, OSQuery
- Endpoint detection and response integration
- Certificate-based device authentication
- MDM integration for posture data
- Continuous device trust assessment
Network-Level Zero Trust
- Software-defined perimeter (SDP) concepts
- Open source SDP implementations
- Micro-segmentation with OVN, Cilium, Calico
- Zero Trust Network Access (ZTNA) architecture
- Replacing VPN with zero trust access
- Network policy as code
Identity-Aware Proxies and Access Gateways
- Pomerium: identity-aware proxy architecture
- vouch-proxy for nginx/Apache integration
- OAuth2 Proxy deployment and configuration
- Traefik with forward authentication
- Kong Gateway with OIDC plugins
- Access policy configuration and enforcement
Service Mesh for Zero Trust
- Service mesh as zero trust fabric
- Istio zero trust configuration
- Linkerd secure deployment patterns
- mTLS everywhere: service-to-service authentication
- SPIFFE/SPIRE for workload identity
- Authorization policies in service mesh
- Multi-cluster service mesh trust domains
PKI and Certificate Management
- Certificate-based authentication in zero trust
- Smallstep CA for workload identities
- HashiCorp Vault PKI engine
- Certificate rotation and lifecycle automation
- Private CA for internal trust establishment
- Certificate transparency and monitoring
Secrets Management
- HashiCorp Vault for secrets management
- Sealed Secrets for Kubernetes
- External Secrets Operator
- SOPS: Secrets OPerationS
- Dynamic secrets and automatic rotation
- Secret injection patterns for applications
Policy as Code and Authorization
- Open Policy Agent (OPA) fundamentals
- Rego policy language basics
- OPA with Kubernetes admission control
- OPA with Envoy for service authorization
- OPA with API gateways
- Policy testing and validation
- Apache APISIX with OPA integration
API Security in Zero Trust
- API gateway security patterns
- Kong open source with security plugins
- Rate limiting and DDoS protection
- API authentication and authorization
- GraphQL security considerations
- API discovery and shadow API detection
Data Protection and DLP
- Data classification frameworks
- Open source DLP tools and integration
- Encryption in transit and at rest
- Tokenization and masking strategies
- Data loss prevention policies
- Sovereign data handling in zero trust
Continuous Authentication and Authorization
- Session management in zero trust environments
- Continuous authentication mechanisms
- Context-aware access decisions
- Risk scoring and dynamic authorization
- Step-up authentication triggers
- Real-time policy enforcement
Monitoring and Observability in Zero Trust
- Security telemetry collection
- SIEM integration with open source tools
- User and entity behavior analytics (UEBA)
- Audit logging and compliance reporting
- Anomaly detection with machine learning
- Security dashboards and alerting
Zero Trust for Cloud-Native Workloads
- Container security in zero trust context
- Ephemeral workload identity management
- Admission controllers for zero trust enforcement
- Runtime security with Falco and Tetragon
- Network policies for container segmentation
- Immutable infrastructure patterns
Implementing Zero Trust Roadmap
- Maturity assessment and gap analysis
- Phased implementation approach
- Pilot project design and execution
- Change management and user adoption
- Measuring zero trust success metrics
- Challenges and pitfalls to avoid
Production Deployment and Operations
- High availability design patterns
- Disaster recovery for zero trust infrastructure
- Performance optimization strategies
- Troubleshooting authentication and authorization issues
- Upgrading and patching zero trust components
- Documentation and runbook creation
Future of Zero Trust and Open Source
- Emerging standards and protocols
- Quantum-safe zero trust considerations
- AI/ML in zero trust decisions
- Federated zero trust architectures
- Community resources and ongoing development
- Summary and next steps
Requirements
- Strong understanding of network security concepts and principles
- Experience with identity and access management systems
- Knowledge of PKI, certificates, and encryption fundamentals
- Familiarity with microservices and container architectures
- Experience deploying and managing open-source software
Audience
- Security Architects and Engineers
- Infrastructure Architects designing modern security postures
- DevSecOps Engineers implementing security pipelines
- Network Administrators transitioning to zero trust models
35 Hours