In the world of cybersecurity, zero trust has emerged as a critical discipline. Just as martial arts require discipline and training, zero trust demands a similar approach. Tim Denman, the lead director for the cybersecurity enterprise team at Defense Acquisition University, is at the forefront of this discipline, often referred to as the "ninja" of zero trust. Denman's efforts to create a training program and foster a community for zero trust adoption within the Department of Defense (DoD) have been instrumental. In a recent symposium, Denman shared his vision, emphasizing the importance of training, cultural change, and collaboration. Let's delve into the highlights of his insightful presentation.
The Power of Community:
Denman's success in creating a training program and building connections within the zero-trust community has greatly benefited the DoD. Through his diligent efforts, Denman has connected like-minded professionals, experts, and thought leaders to form a consortium of ideas. This collaborative network is facilitating the adoption and acceleration of zero trust across the DoD by the end of fiscal year 2027. Furthermore, this community aims to support other organizations in their journey towards implementing zero trust.
During his presentation, Denman stressed the significance of addressing organizational culture alongside strategy. Citing the famous quote by Laszlo Bock, "Culture eats strategy for breakfast," Denman emphasized that no matter how well-crafted a strategy may be, without addressing cultural aspects, its effectiveness is compromised. Training and awareness play a pivotal role in shaping culture. Denman outlined a comprehensive plan consisting of three levels of training: basic awareness, deep technical training, and a practitioner workshop. This approach ensures a well-rounded and holistic understanding of zero trust principles within the DoD.
Training Program Highlights:
Denman provided an overview of the training program being developed for zero trust adoption. The basic awareness level, already underway, aims to provide foundational knowledge to a large number of DoD personnel. An executive-level course on joint knowledge online serves as a valuable resource for senior leaders. Moving into deeper technical training, online webinars and additional courses are being developed to enhance expertise and practical skills. The practitioner workshop, led by Paul Shaw, focuses on hands-on application of zero trust principles and has yielded positive results during several pilot runs. Moreover, Denman revealed an exciting addition to the training program—a chief engineer's workshop that simulates successful zero trust implementation. These workshops aim to equip engineers and architects with the essential concepts of zero trust and enable the creation of prototype segmentation.
The Journey Continues:
Denman concluded his presentation by expressing his gratitude to the symposium attendees and highlighting the intention to make this event an annual occurrence. He emphasized that zero trust adoption is an ongoing journey rather than a final destination. Regular touchpoints and continuous refinement of ideas are crucial for success. Denman also emphasized that while resources are important, having the right people in the right place at the right time and a strong will to overcome challenges are equally essential for cultural change and zero trust adoption.
Tim Denman's instrumental role in creating a community for zero trust adoption within the DoD is commendable. By emphasizing training, fostering cultural change, and facilitating collaboration, Denman has set the stage for the successful implementation of zero trust principles across the DoD. The comprehensive training program, consisting of multiple levels and hands-on workshops, demonstrates the commitment to equipping personnel with the necessary knowledge and skills. As organizations embark on their own zero trust journeys, Denman's approach serves as an inspiration to leverage collective expertise, overcome challenges, and continuously refine strategies to achieve cybersecurity excellence.