Zero trust is the latest buzzword in cyber security, with vendors branding their offerings, NIST developing standards, and companies and government agencies rushing to implement zero trust architectures. However, many of the core foundational concepts of zero trust are core cyber security initiatives that organizations have been implementing with varying degrees of success for some time. This presentation will explore what’s new in zero trust and what is just a repackaging of existing tools and processes to help organizations develop an appropriate strategy for enhancing their cyber security. Topics will include: •Identity Management – Zero trust extends the need for mature tools and processes for identity and credential management for people to include networked devices •End Point Management – Zero trust requires the ability to verify the hygiene status of end points, both for organizationally managed devices and for user owner BYOD systems •User Behavior Analytics – Zero trust leverages risk scores based on user behavior as part of real time access decisions •Network Segmentation – Rather than relying on segregation of administrative and application layers, zero trust introduces micro-segmentation, shrinking the traditional network boundary (Security, Standards, Architecture & Deployment, Rebecca Nielsen)