Zero Trust Journey Across the Digital Estate

Zero Trust is the strategy that organizations need to implement to stay ahead of cyber threats, period. The industry has 30 plus years of categorical failure that shows us that our past approaches, while earnest in their efforts, have not stopped attackers. Zero Trust strategically focuses on and systematically removes the power and initiatives hackers and adversaries need to win as they circumvent security controls. This book will help you and your organization have a better understanding of what Zero Trust really is, recognize its history, and gain prescriptive knowledge that will help you and your enterprise finally begin beating the adversaries in the chess match that is cyber security strategy.

Dr. Chase Cunningham (aka Dr. Zero Trust), Cyberware Expert

Today's organizations require a new security approach that effectively adapts to the challenges of the modern environment, embraces the mobile workforce, and protects people, devices, apps, and data wherever they are located. Zero Trust is increasingly becoming the critical security approach of choice for many enterprises and governments; however, security leaders often struggle with the significant shifts in strategy and architecture required to holistically implement Zero Trust.

This book seeks to provide an end-to-end view of the Zero Trust approach across organizations' digital estates that includes strategy, business imperatives, architecture, solutions, human elements, and implementation approaches that could significantly enhance these organizations' success in learning, adapting, and implementing Zero Trust. The book concludes with a discussion of the future of Zero Trust in areas such as artificial intelligence, blockchain technology, operational technology (OT), and governance, risk, and compliance.

The book is ideal for business decision makers, cybersecurity leaders, security technical professionals, and organizational change agents who want to modernize their digital estate with the Zero Trust approach.

「零信任」是組織需要實施的策略，以應對網絡威脅。過去30多年的行業失敗告訴我們，我們過去的方法雖然誠懇，但並未阻止攻擊者。零信任策略有策略地專注於並系統性地削弱黑客和對手獲勝所需的權力和行動，以繞過安全控制。本書將幫助您和您的組織更好地了解零信任的真正含義，認識其歷史，並獲得具體的知識，幫助您和您的企業最終在這場網絡安全策略的象棋對局中擊敗對手。

「零信任博士」Chase Cunningham（又名「零信任博士」），網絡安全專家

現今的組織需要一種新的安全方法，能夠有效應對現代環境的挑戰，擁抱移動勞動力，並保護人員、設備、應用程序和數據的安全，無論它們位於何處。零信任越來越成為許多企業和政府的關鍵安全方法選擇；然而，安全領導者常常在全面實施零信任所需的策略和架構轉變方面遇到困難。

本書旨在提供一個全面的零信任方法視角，涵蓋組織的數字資產，包括策略、業務要求、架構、解決方案、人員要素和實施方法，這些都可以顯著提升組織在學習、適應和實施零信任方面的成功。本書最後討論了零信任在人工智能、區塊鏈技術、運營技術（OT）和治理、風險和合規性等領域的未來。

本書適合業務決策者、網絡安全領導者、安全技術專業人員和組織變革推動者，他們希望通過零信任方法來現代化他們的數字資產。

Abbas Kudrati, a long-time cybersecurity practitioner and CISO, is Microsoft Asia's Chief Cybersecurity Advisor. Abbas works with customers on cybersecurity strategy, how Microsoft sees the threat landscape, how we are investing in the future of security at Microsoft, and how organizations can take advantage of Microsoft's security solutions to help improve their security posture and reduce costs.

In addition to his work at Microsoft, he serves as an executive advisor to Deakin University, LaTrobe University, HITRUST ASIA, EC Council ASIA, and many security and technology startups. He supports the broader security community through his work with ISACA chapters and student mentorship. He is also a part-time professor at Deakin University, Melbourne, Australia and a regular speaker on Zero Trust, cybersecurity, cloud security, governance, risk, and compliance.

Abbas has received multiple industry awards, such as Business Leader/ Professional of the year 2021 by IABCA, Top Security Advisor for APJ for the year 2020 and the year 2019, Best Security Professional of the year 2018, CISO 100 Award 2018, Finalist for Australian CISO of the year 2015, IT Governance Professional of the year 2014, and Security Strategist of the year 2011.

He graduated from Gujarat University, India, with a bachelor's degree in Accounting and Auditing and is a certified Forrester Zero Trust Strategist, CCISO, CISM, CISA, CGEIT, CPDSE, and CSX-P, among other professional certifications.

Binil Pillai is a strategic-thinking business development professional with 23 years of multifaceted experience building relationships, cultivating partnerships, retaining customers, and growing profit channels by establishing trust. As Global Director of Security, Compliance and Identity (SCI) business at Microsoft, Binil is responsible for partner strategy and business development and works with corporate executives and partners to evangelize security as a foundational capability to accelerate a secure digital transformation journey for customers. Binil has experience in security product development, managed security product marketing, and led worldwide security go-to-market and sales activations. He was the business architect who designed and launched the Business Value Analysis (BVA) model to quantify security risk exposure for B2B customers. Before joining Microsoft, Binil worked as a regional practice manager for Deloitte Consulting's strategy and operations practice. His business strategy consulting experience spans business transformation, corporate strategy alignment, post-merger integration, adoption and change management, customer relationship management, IT strategic planning, and more, with a wide range of companies and government agencies. He is also a board adviser to several start-ups to help grow their business successfully.

Binil is passionate about establishing a coaching culture to improve learning and performance, make the most of the people's potentials and deliver sustainable results. As a PROCI-certified change management practitioner, Binil embraces the leadership accountability to take a step-by-step approach that helps the organization achieve success, no matter how complex the system, process, method, or culture need to affect or transform. Binil graduated from INSEAD in Business Strategy & Financial Acumen and has a master's in business administration. He is TOGAF certified enterprise architect and account-based marketing (ABM) professional from ITSMA.

He has also published a book for Wiley (Title - Threat Hunting in the Cloud: Defending AWS, Azure and Other Platforms Against Cyberattacks) and many thought leadership documents. His recent publications are How COVID-19 Changes Small Medium Enterprise (SME) Priority on Security, Identity - Building Trust in a Digital World, How Does Your Cybersecurity Posture Need To Change?, and What Does It Take To Protect Your Workplace?.

Technical Editor Biography

David Fairman is an experienced CSO/CISO, strategic advisory, investor, and coach. David has extensive experience in the global financial services sector. David is currently the APAC CSO for Netskope helping customers manage their digital and cyber risk programs in addition to working across industry with the aim of making the digital economy a safer place to do business. Furthermore, David is a Partner and CISO-in-residence at SixThirty Ventures, driving innovation and helping build great technology companies. Previously, David was the Chief Security Officer (CSO)at NAB owning all aspects of Physical Security, Fraud, Investigations and Cyber Security. Prior to NAB, he was the Group Chief Information Security Officer (CISO)for the Royal Bank of Canada. David has been a senior leader atJP Morgan Chase & Co as Deputy Technology Controls Officer and Global Head of Technology Risk and Control. David has also held several senior roles at the Royal Bank of Scotland (RBS), including CISO RBS Americas and Head of Information Security EMEA.

David has lived and worked in Australia, the UK, the Netherlands, and the USA. David was raised and educated in Australia where he received his Bachelor of Information Technology in Software Engineering and Computer Science. He holds a Master of Business Administration and a Master of Project Management. David began his career in Information Security while serving in the Royal Australian Air Force's Electronic Warfare and Communications group, where he gained valuable experience in the technology, policy and process aspects of security and risk management. Subsequently, David worked in a variety of roles in technology and cyber, including in the utilities sector (gas and electricity). David holds a number of positions on boards of directors and was a founding member of the Security Advisor Alliance (www.securityadvisoralliance.org), and the Canadian Cyber Threat Exchange. During his tenure at NAB, David was the Chair for the Board of Directors for the Australian Financial Crimes Exchange and spear headed the formation of a taskforce involving the big 4 banks, AFP, ASD and ACSC to detect and disrupt cyber-crime impacting Australia. David also advises several VC funds and Cyber Security companies. Recently, David was recognized in the Top 50 Australian Professionals, as profiled by the Top 100 Magazine. David has also been named as one of the Top 10 CISOs to know, http: //www.information-management.com/gallery/Chief-Information-Security-Officer-CISO-List-Trends-10027134-1.htmland is recognized as a thought leader in the cyber security industry as profiled by K-Logix here, https: //www.klogixsecurity.com/blog/david-fairman-ciso-royal-bank-of-canada. David co-authored Cyber Risk (2016), and co-edited Fintech: Growth and Deregulation (2018) published by Risk Books. David is passionate about education. He has held Adjunct Professorships at both the University of New York and the University of Toronto and is currently working with Deakin University in Australia. David currently resides in both Melbourne and Brisbane, Australia.

Abbas Kudrati，一位長期從事資訊安全的專業人士和CISO，是微軟亞洲的首席資訊安全顧問。Abbas與客戶合作，就資訊安全策略、微軟對威脅環境的看法、微軟在安全領域的未來投資，以及組織如何利用微軟的安全解決方案來提升安全姿態並降低成本等方面進行合作。

除了在微軟的工作之外，他還擔任迪肯大學、拉特羅布大學、HITRUST ASIA、EC Council ASIA和許多安全和技術初創公司的執行顧問。他通過與ISACA分會和學生指導的工作來支持更廣泛的安全社區。他還是澳大利亞墨爾本迪肯大學的兼職教授，並經常在Zero Trust、資訊安全、雲安全、治理、風險和合規性等方面發表演講。

Abbas獲得了多個行業獎項，例如2021年IABCA的年度商業領袖/專業人士、2020年和2019年APJ區域的頂級安全顧問、2018年年度最佳安全專業人士、2018年CISO 100獎、2015年澳大利亞年度CISO決賽入圍者、2014年IT治理專業人士、2011年年度安全策略師等。

他畢業於印度古吉拉特大學，獲得會計和審計學士學位，並擁有Forrester Zero Trust Strategist、CCISO、CISM、CISA、CGEIT、CPDSE和CSX-P等專業認證。

Binil Pillai是一位具有23年多方面經驗的戰略思維業務發展專業人士，他建立了關係、培養合作夥伴關係、保留客戶並通過建立信任來增加利潤渠道。作為微軟的全球安全、合規性和身份（SCI）業務的全球總監，Binil負責合作夥伴策略和業務發展，並與企業高管和合作夥伴合作，宣揚安全作為加速客戶安全數字轉型之基礎能力。Binil在安全產品開發、管理安全產品營銷方面具有經驗，並領導全球範圍的安全市場推廣和銷售活動。他是設計並推出了用於量化B2B客戶安全風險暴露的商業價值分析（BVA）模型的業務架構師。在加入微軟之前，Binil曾擔任德勤咨詢公司戰略和運營實踐的區域實踐經理。他的業務戰略咨詢經驗涵蓋了業務轉型、企業戰略對齊、後併購整合、採納和變革管理、客戶關係管理、IT戰略規劃等，與各種公司和政府機構有廣泛的合作。他還是幾家初創公司的董事顧問，以幫助他們成功發展業務。

Binil熱衷於建立一種教練文化，以提高學習和表現，充分發揮人們的潛力並實現可持續的結果。作為PROCI認證的變革管理從業者，Binil擁抱領導責任，採取逐步方法，幫助組織實現成功，無論系統、流程、方法或文化需要影響或轉變的複雜程度如何。Binil畢業於INSEAD商業戰略與財務學，並擁有工商管理碩士學位。他還是TOGAF認證的企業架構師和ITSMA的基於帳戶的營銷（ABM）專業人士。

他還出版了一本Wiley的書（標題為《在雲端中進行威脅狩獵：保護AWS、Azure和其他平台免受網絡攻擊》），以及許多思想領導文件。他最近的出版物包括《COVID-19如何改變中小企業對安全的重視》、《身份-在數字世界建立信任》、《您的資訊安全姿態需要如何改變？》和《保護您的工作場所需要什麼？》。