search menu icon-carat-right cmu-wordmark

The 4 Phases of the Zero Trust Journey

July 2022 Podcast
Timothy Morrow, Matthew Nicolai

Tim Morrow and Matthew Nicolai outline 4 steps that organizations can take to implement and maintain a zero trust architecture.

“The zero-trust architecture, it represents a shift away from the castle and moat style of cybersecurity that has become so prevalent.”

Listen

Watch

Abstract

Over the past several years, zero trust architecture has emerged as an important topic within the field of cybersecurity. Heightened federal requirements and pandemic-related challenges have accelerated the timeline for zero trust adoption within the federal sector. Private sector organizations are also looking to adopt zero trust to bring their technical infrastructure and processes in line with cybersecurity best practices. Real-world preparation for zero trust, however, has not caught up with existing cybersecurity frameworks and literature. NIST standards have defined the desired outcomes for zero trust transformation, but the implementation process is still relatively undefined. As the nation’s first federally funded research and development center with a clear emphasis on cybersecurity, the SEI is uniquely positioned to bridge the gap between NIST standards and real-world implementation. In this SEI podcast, Tim Morrow and Matthew Nicolai, researchers with the SEI’s CERT Division outline 4 steps that organizations can take to implement and maintain a zero trust architecture.

About the Speaker

Timothy Morrow

Timothy Morrow

Tim Morrow is the situational awareness technical manager in the SEI CERT Division’s Monitoring and Response Directorate. Morrow applies architecture-centric approaches to systems-of-systems to analyze ...

Tim Morrow is the situational awareness technical manager in the SEI CERT Division’s Monitoring and Response Directorate. Morrow applies architecture-centric approaches to systems-of-systems to analyze and identify potential risks to improve their cybersecurity. Morrow’s past experience includes providing acquisition and technical support for the complete lifecycle of DoD and non-DoD programs.

Read more
Matthew Nicolai

Matthew Nicolai

 

Matthew Nicolai is a graduate research assistant in the SEI’s CERT Division where he works on situational awareness projects with an emphasis on zero trust architecture. He is a master of ...

 

Matthew Nicolai is a graduate research assistant in the SEI’s CERT Division where he works on situational awareness projects with an emphasis on zero trust architecture. He is a master of science candidate in information security policy and management at Heinz College of Information Systems and Public Policy at Carnegie Mellon University. Nicolai holds a bachelor’s degree in political science from the University of California, Riverside. Prior to attending graduate school, he worked on privacy and security matters within the federal sector. 

Read more