Last week, CSA announced the launch of a Zero Trust Advancement Center, an online hub where the organization will be adding a mix of free informational resources and for-fee trainings over the next 18 months. The center will host white papers, webinars and a professional credential training and exam. Further plans call for a Zero Trust Summit in late 2022.
CSA created the center with funding and support from cybersecurity firm CrowdStrike, identity solutions provider Okta, and cloud security company Zscaler. CSA says the center’s resources will not promote particular vendors’ solutions, despite these private partnerships.
One of the center’s top goals will be dispelling myths about the space. That includes the misconception that adopting zero trust means buying a product billed as a “zero-trust solution,” CSA CEO Jim Reavis told Government Technology.
“You have to separate the hype from the reality,” Reavis said. “What we think is going to be really impactful and important coming out of our Advancement Center is teaching that zero trust is a philosophy and strategy first and foremost, and it’s not a specific technology.”
The center currently features some of CSA’s pre-existing educational materials on the topic, and will get new additions next month, when the not-for-profit plans to launch a self-directed introductory course as well as a white paper, Reavis said. Certain resources will be targeted specifically for CISOs.
In 2023, CSA plans to make a professional training course available through which participants can pass an exam to obtain a Certificate of Zero Trust Knowledge. That professional credential is intended to verify that the individual has the understanding needed to apply zero-trust principles to suit the contexts of different systems and organizations.
“Workforce in cybersecurity is one of the biggest problems. We have so many unfilled jobs and the jobs we do have filled, they often are not trained on state-of-the-art practices,” Reavis said.
But Reavis doesn’t expect every organization or professional to flock to the credential program. He said that only roughly 5 percent of cybersecurity professionals tend to go through the process of obtaining any given professional certification, and he hopes that participants in the zero-trust training will number “in the thousands” during its first year of availability.
It’s also not always viable for small organizations to secure their own zero-trust specialists or chart their own zero-trust strategies. Smaller state agencies have more limited budgets and cybersecurity staffing than their larger counterparts and so may opt to look to the bigger agencies to set examples they can follow or share their cloud systems, Reavis said.
“It’s not building it all yourself, but using those organizations that are more mature as your blueprint or your template,” he said. “Our goal is not to have every mom-and-pop shop get someone certified to a zero-trust credential. But, hopefully, as we focus on bigger to medium-size organizations, that raises the baseline of cybersecurity for everyone across the board.”