The course is designed to enable and empower risk management professionals to confidently, productively, efficiently, and effectively analyze cybersecurity risk in the context of Zero Trust tenets. Specific topics include:

• Zero Trust Tenets: "not trust but verify, instead always verify"
• Historical rationale for Zero Trust
• Governance Requirements for Zero Trust
• Zero Trust Industry Standards and Regulatory Landscape
• Vendor impact on Zero Trust architecture
• Methods to measure Zero Trust

Attendees are expected to have some level of experience in technology risk management principles and practices, but deep expertise in technology risk management is not required. The seminar enhances the awareness of attendees at all levels on how to leverage their own experience to improve their understanding of cybersecurity risk management.

The objective of the seminar is to enable and empower risk professionals to confidently, efficiently, and effectively contribute to cybersecurity risk management programs. Specific skills that will be taught in this course include how to:

• Recognize and explain Zero Trust tenets.
• Classify access control mechanisms as Zero Trust (non) compliant.
• Analyze Zero Trust technology at the architecture level.
• Model cybersecurity risk indicators based on Zero Trust tenets.

Jennifer L. Bayuk is a Cybersecurity due diligence expert. She has been a Global Financial Services Technology Risk Management Officer, a Wall Street Chief Information Security Officer, a Big 4 Information Risk Management Consultant, a Manager of Information Technology Internal Audit, a Security Architect, a Bell Labs Security Software Engineer, a Professor of Systems Security Engineering, and a Private Cybersecurity Investigator and Expert Witness. She is currently developing Cybersecurity Frameworks and Metrics with Decision Framework Systems, Inc. and consulting independently. Bayuk is a member of the Executive Advisory Board for the Digital Assurance for High Consequence Systems Mission Campaign, a federally funded program to develop the scientific foundation for rigorous, rapid, cost-effective, generalizable digital assurance across high consequence system lifecycles.

Bayuk has numerous publications on cybersecurity management, information technology risk management, information security tools and techniques, cybersecurity forensics, technology-related privacy issues, audit of physical and information systems, security awareness education, systems security architecture, and systems security metrics. She is the author of: Stepping through the IS Audit, Stepping through the InfoSec Program, Enterprise Security for the Executive, and author/editor of: Cyberforensics, Cybersecurity Policy Guidebook, Enterprise Information Security and Privacy, Financial Cybersecurity Risk Management, and Stepping Through Cybersecurity Risk Management. Her most recent book includes a sub-chapter devoted to Zero Trust and in 2023 she led an ISACA Seminar on Zero Trust Architecture.

Bayuk’s direct technology experience spans enterprise architecture, telecommunications networks, operating systems, database management systems, network management systems, software development and support, technology forensics, business continuity, and operations process. She has Masters Degrees in Computer Science and Philosophy, and a PhD in Systems Engineering. Her certifications include CISSP, CISA, CISM, CGEIT, and a NJ State Private Investigator's License.