Recently, cloud security provider Zscaler introduced its Zero Trust Certified Architect (ZTCA) certification. The program is designed to help network and security professionals learn critical skills and also validate their expertise.
The program offers coursework and practical guidance on how to effectively deliver control and visibility across zero trust initiatives. It’s important to understand that the course material extends well past Zscaler-specific information and delves into architectural constructs for real-world deployments. This helps create a baseline understanding of the technology, similar to the way Cisco educated the world on networking with its certification programs.
I recently interviewed Raj Krishna, Sr. VP of New Initiatives at Zscaler, who discussed ZTCA, and how zero trust enables digital transformation by changing how cybersecurity is deployed. Highlights of the ZKast interview, done in conjunction with eWEEK eSPEAKS, are below.
Also see: Best Website Scanners
- Zero trust fundamentally changes how users access the network. The concept is very different from legacy networking architectures like firewalls and VPNs. The essence of zero trust is to hide the attack surface by eliminating public internet protocol (IP) addresses, so they’re not discoverable.
- In the business context, zero trust is about connecting the right user to the right application based on policies that an organization has defined. For example, someone connected to a VPN can move laterally on the network and get access to information. With zero trust, however, a user’s identity must be validated before they’re allowed to get on the network.
- There are several factors driving zero trust today, specifically the shift to hybrid work. People are working remotely from anywhere, which makes the enterprise network more vulnerable to security breaches. Companies pay a high price for breaches, both literally and figuratively—whether it’s ransomware that involves monetary extortion or an attack that damages the company’s reputation and brand.
- Since zero trust is a new way of thinking about security, there’s a heightened demand for training programs. To address this need, Zscaler created the ZTCA program, giving security professionals the practical tools they need to implement zero trust in their environments. ZTCA starts with universities and other educational institutions in training “a workforce of tomorrow.” But it’s also valuable to those who already have a career in security and are looking to gain new skills.
- The program is the first of many and has been well received in the industry. Zscaler designed ZTCA to be more agnostic than its usual product trainings. While it provides guidance on implementing zero trust with Zscaler, the key focus is on the core tenets of zero trust.
- ZTCA was modeled after classic certification programs like Certified Information Systems Security Professional (CISSP) and Cisco’s CCNA/CCIE. ZTCA participants can receive credits while learning at their own pace. After completing the course, participants become certified zero trust experts and receive a LinkedIn certificate and badge.