Agenda

Day 3 centers on applied training, translating strategy into action through Zero Trust implementation simulations and live demonstrations. Participants will engage with practical scenarios designed to test decision-making, policy alignment, and technical execution in real-world mission environments. Academic partners and representatives from the Warfighting Acquisition University and warfighting communities will showcase hands-on approaches to workforce development, acquisition integration, and operationalizing Zero Trust principles across the enterprise.

In addition to these sessions, Day 3 will feature a dedicated international track, highlighting perspectives from allied partners and global security leaders working to advance Zero Trust principles across multinational environments. Sessions will be dual broadcast, allowing participants to engage with both the applied training program and international discussions throughout the day.

Check back in to see our full agenda!

NATO’s adversaries are increasing their cyber activities, quickly adopting new technologies and operating at machine speed. In such a constantly evolving threat environment, perimeter-based security can no longer guarantee that mission-essential functions survive. Although increased enforcement of compliance and accreditation helps confirm that appropriate security controls are in place, it does not ensure operational continuity once a sophisticated actor has already achieved persistent access. The critical question for commanders has shifted from whether systems will be breached to whether the mission continues effectively when they are.
This presentation introduces Cyber Resilience by Design (CRbD), a framework integrating Zero Trust Architecture with the MITRE Cyber Resiliency Engineering Framework to prepare NATO’s communication and information systems for graduated mission survivability under the assumption of compromise. At its core, CRbD is expressed through twelve interdependent engineering principles organized across three categories that must be embedded across the entire system lifecycle.

Cyber war is no longer a future possibility—it is a current operational reality, already extracting financial and human costs from the United States at a scale comparable to conventional conflict, just without the cinematic shock of explosions or troop movements. This keynote reframes “cybersecurity incidents” as distributed acts of warfare, showing that cumulative losses from cybercrime and state-aligned operations have run into the trillions of dollars over the past decade, rivaling the cost of major shooting wars, yet remain largely invisible in public discourse and policy. Drawing on data from critical infrastructure, healthcare, and the private sector, the talk demonstrates how “low and slow” campaigns—ransomware against hospitals, supply-chain compromises, IP theft, and systemic fraud—create hidden casualties, degrade national resilience, and shift strategic advantage to adversaries who never have to fire a shot.

Attendees will:

• See a side-by-side comparison of cyber’s economic and human toll versus Vietnam, Iraq, and other U.S. conflicts.
• Understand how the dispersion of events across time, sectors, and jurisdictions prevents a true “war footing” response.
• Learn a practical framework for treating cyber as an operational battlespace—linking doctrine, investment, and Zero Trust implementation to the reality that this war is already underway, and that the current “IT problem” mindset is, in effect, the adversary’s center of gravity.

 Zero Trust has moved beyond U.S. federal policy and is now shaping cybersecurity strategy at the national, allied, and sub-national level. This session traces the arc from the SolarWinds-driven policy response — EO 14028, OMB M-22-09, NIST SP 800-207, and the CISA Zero Trust Maturity Model — to active adoption by a growing number of governments and jurisdictions worldwide. Drawing on his experience as co-author of both NIST SP 800-207 and the CISA ZTMM, the speaker examines the common architecture language, policy structures, and maturity frameworks that are converging across programs. The session concludes with practical observations on what distinguishes programs gaining ground from those still treating Zero Trust as a compliance exercise.

Department of War (DoW) stakeholders need guidance on how to tailor and adapt a zero-trust strategy to weapon system platforms. Carnegie Mellon University conducted a study that analyzed the applicability of nine foundational security and zero trust principles to weapon system environments. These principles define a framework for making security decisions, implementing security controls, and enabling mission assurance through effective risk management.

This presentation positions threat hunting as a central pillar of proactive cyber defense and examines how it can be strengthened through the integration of Zero Trust architecture, Security Operations Center (SOC) operations, artificial intelligence, and human factors engineering. Rather than waiting for alerts or confirmed compromise, the presentation emphasizes the value of actively searching for hidden adversary behavior, weak signals, and emerging attack patterns before they escalate into significant incidents. The presentation argues that threat hunting is most effective when supported by Zero Trust principles that reduce implicit trust, continuous monitoring practices within the SOC, and AI-enabled analytics that enhance speed, pattern recognition, and anomaly detection. At the same time, it underscores that successful threat hunting remains deeply dependent on human judgment, contextual reasoning, and analyst decision-making. For this reason, human factors engineering is presented as essential to reducing cognitive overload, mitigating fatigue, and designing tools and workflows that support better investigative performance. Overall, the presentation advances a unified model of cyber defense in which threat hunting serves as the operational centerpiece connecting technology, intelligence, and human expertise. This approach moves organizations beyond reactive security and toward a more adaptive, resilient, and intelligence-driven defense posture capable of countering increasingly complex cyber threats.

Zero Trust isn’t a finish line -- it’s a moving target. In this session, we cut through the hype around maturity models and break down what Zero Trust actually looks like in practice across users, workloads, and networks. You’ll learn how to structure a program around real protect surfaces, evolving business needs, and continuous feedback loops—so progress is measured by adaptability, not a misleading sense of “done.”

As organizations work to protect critical infrastructure with Zero Trust architectures, there is a growing need for practitioners who can translate these principles into operational controls in complex environments. The Cloud Security Alliance's (CSA) CCZT program provides vendor-neutral training aligned to NIST and CISA guidance, emphasizing identity, device posture, and contextual signals for continuous authorization. This overview sets the foundation for a hands-on demonstration of how these controls are applied to secure access to sensitive, mission-critical resources.

As federal agencies accelerate adoption of Zero Trust architectures, workforce readiness has become one of the most critical challenges. This session uses an interactive exercise to illustrate how Zero Trust concepts are applied in practice. Attendees will see how identity, device posture, and contextual signals can be used to dynamically authorize access to protected resources, providing a practical view of how Zero Trust principles translate into real-world implementation.

It will also provide an overview of the Certificate of Competence in Zero Trust (CCZT) training program developed by the Cloud Security Alliance (CSA). The CCZT is a vendor-neutral program designed to help security professionals understand foundational Zero Trust concepts, architecture models, planning strategies, and implementation considerations, drawing on widely recognized guidance and frameworks from organizations such as NIST, the U.S. Department of Defense, and CISA.

Presenters Jason Garbis, co-author of Zero Trust Security: An Enterprise Guide, and Anna Campbell McKee, Director of Training Programs at Cloud Security Alliance, will discuss how structured training can strengthen cybersecurity workforce capability and help organizations transition from perimeter-based security models to modern Zero Trust architectures.

As digital transformation becomes a cornerstone of global development, the World Bank Group (WBG) is redefining security to protect its mission of ending extreme poverty and promoting shared prosperity. This session explores the WBG’s multi-year journey in implementing a Zero Trust Architecture (ZTA), a strategic shift catalyzed by the ransomware epidemic and the transformation induces by the cloud adoption. This presentation details how identity has emerged as the "nervous system" and new control plane of the organization, requiring robust governance and a focus on seamless user experiences, such as the migration to passwordless authentication. Drawing on lessons from the U.S. Federal government’s leadership—including the CISA Maturity Model—we will discuss how these frameworks provide a pragmatic blueprint for building cyber resilience in complex, global environments. We will further examine how the Zero Trust approach can scale to support the AI transformation.

This presentation provides an overview of network segmentation as a foundational security control within Operational Technology (OT) environments. It outlines key architectural principles, highlights common vulnerabilities in flat network designs, and emphasizes segmentation’s role in reducing risk, containing faults, and enhancing the resilience of critical OT systems.

As cyber threats become increasingly global, the adoption of Zero Trust (ZT) frameworks is gaining traction across industries and borders. This session explores the international landscape of Zero Trust adoption, highlighting the unique challenges, regulatory considerations, and best practices for organizations worldwide. Join us as experts discuss how different regions and sectors are implementing Zero Trust principles to enhance cybersecurity, protect critical infrastructure, and stay ahead of evolving threats. Learn how international collaboration and diverse perspectives are shaping the future of ZT adoption on a global scale.

Modern threats are evolving faster than humans can respond.  Learn how Zero Trust tools providing visualization and label-based segmentation can help defend against these growing threats.  See firsthand how threats can be neutralized across even the largest, most complex environments.

Zero Trust plays a foundational role in achieving cyber resilience by shifting the focus from a perimeter-based defense to an identity-centric model that assumes "breaches happen". While traditional security often creates brittle environments where a single failure can lead to total collapse, a resilient Zero Trust architecture is designed to maintain security posture and business continuity even when specific components fail or third parties are disrupted.

The integration of Zero Trust and resilience involves several key strategies:

• Eliminating (or reducing) Single Points of Failure (SPOF). A single disruption inside of an enterprise can cause a major incident. In today’s highly connected enterprise, we also need to be mindful of the Single Points of Failure that exist outside of the enterprise, like Cloud Service Providers (CSP) and within our supply chains.
• Limiting the blast radius to thwart contagion and cascading failures. We have all seen how a single disruption can rapidly move across an enterprise bringing the entire business to its knees. In today’s highly interconnected world, we also need to be mindful of  third-party disruptions entering our enterprise.
•  Adaptive Defense and Graceful Degradation. By accepting that incidents will happen allows us to prepare for the day, so we can operate in an impaired state until we are fully restored. Shifting workloads out of region, falling back to manual processes, throttling services, and prioritizing constituents are considered.
• Business Priorities. Nobody has unlimited resources. We prioritize based on the priorities of the business. The Business Impact Analysis (BIA) gains increased importance.
• Design Resilience in from the beginning, Test, Continuously Monitor. Ultimately, Zero Trust serves as the foundation for a resilient enterprise where the organization not only survives security incidents but also learns from them to improve its long-term operational effectiveness. Zero Trust Architectures, Site Reliability Engineering (SRE), Security By Design, chaos engineering and chaos testing are key to the prevention and the early detection of incidents to foster recovery.

This session provides a practical, training‑focused introduction to Zero Trust, mapping core principles—verify explicitly, least privilege, and assume breach—to industry certifications such as AZ‑900 and SC‑200. Attendees explore hands‑on learning paths, applied skills, and structured assessments, including the DoD Zero Trust Workbook, to support skill validation, posture assessment, and alignment with Department of Defense Zero Trust expectations.

Traditional cybersecurity tools rely heavily on probabilistic detection techniques that identify suspicious behavior after an attack has already begun. Integrity Assurance introduces a deterministic approach to cybersecurity by continuously validating the integrity of critical system components and enforcing trusted baselines. When unauthorized changes occur, organizations can immediately detect, alert, and automatically remediate those changes, reducing adversary dwell time and preventing attackers from establishing persistence. For this reason, it is called out as Tenet #5 in NIST 800-207.

In the context of DoW’s Zero Trust Strategy, integrity validation and enforcement contribute directly to over two dozen Zero Trust Target Level Activities within the 91 activity framework, particularly those associated with system configuration/change management, workload protection, and automated security response and remediation. By ensuring that devices and workloads remain in their approved and trusted state, Integrity Assurance strengthens Zero Trust architectures and enforces the “never trust, always verify” principle. This presentation will demonstrate how deterministic integrity enforcement enables organizations to move beyond detection toward a more resilient, self-correcting cybersecurity posture.

In a dynamic, discussion-driven forum, these experts will explore the latest developments, real-world challenges and best practices for extending Zero Trust principles across NATO alliances, international partnerships and defense industrial base operations overseas, all within an increasingly complex global threat environment.

Mr. Thomas Jewkes will explain zero trust with real-world examples rather than abstract concepts, highlighting how people already use zero trust in their daily lives. The presentation will address the challenges of IT/OT and identify where threats can breach the OT network. It will conclude with a BitW demo, showing how it reduces remote access and eliminates a key attack vector.

AI isn't just changing the threat landscape, it's breaking fundamental assumptions we've built enterprise security on for decades. In my "Core Collapse" research, I showed how advanced AI models constrain the attacker's problem space while expanding the defender's to near-infinity, and the math only gets worse as models keep advancing. AI-accelerated exploit development already outpaces our response cycles, and traditional defenses like patching windows and signature detection can't keep up. This doesn't mean the end, and we don't even need new technologies, we just need to go back to our preventative fundamentals. Zero Trust creates architectural resilienceand defense in depth at exactly the moment AI makes single-point failures so problematic. In this session I'll cut through the hype and focus on practical implementation: which Zero Trust principles matter most right now, how to prioritize when you have limited resources, and why organizations that build these foundations today won't find themselves scrambling when the next wave of autonomous AI capabilities hits.

As mandates for Zero Trust adoption accelerate, so does the volume of data, alerts, and operational complexity that face front-line defenders. This session looks at Zero Trust through the lens of SOC analyst fatigue, exploring how continuous verification can unintentionally overwhelm the very teams responsible for defending the mission. Attendees will hear how better visibility, normalized data, behavioral baselines, and AI-assisted analysis can help reduce noise, improve response, and make Zero Trust more effective in practice.

Move your Zero Trust strategy from compliance and checkboxes to outcomes and actionable intelligence. We examine real-world examples and how integrating data, automation and AI transform the platform into measurable results that safeguard the mission. Every pillar of zero trust must work together as a cohesive ecosystem, feeding advanced algorithms to recognize and react to threats.

A definitive guide to implementing Zero Trust architecture for autonomous AI, preserving data privacy, and mitigating next-generation cyber threats.

This presentation outlines a workforce‑aligned approach to institutionalizing Zero Trust as both a security framework and cultural shift across the Department of the War. It integrates Zero Trust training from Academia, Commercial and WarU offerings into DoW components, workforce requirements, and qualification standards aligned with DoDD 8140 and the Defense Cyber Workforce Framework. The plan proposes a tiered Zero Trust Qualification Pathway and a comprehensive training ecosystem spanning awareness courses, practitioner workshops, cyber training ranges, and advanced system‑specific exercises. Together, these efforts enable scalable, role‑based adoption of Zero Trust across IT, operational technology, and the acquisition lifecycle.