Behind the Curtain with a CCZT Developer: Security Solution Architect Bernard Coetzee

The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The certificate provides an in-depth understanding of Zero Trust architecture, drivers, benefits, and how to plan for adoption. Earning the CCZT is critical for security professionals seeking to advance their careers and for organizations who must maintain strong security postures.

In this blog series, we’re interviewing developers of the CCZT about the importance of the certificate and who should consider earning it. In this second blog, we’re interviewing Bernard Coetzee, Security Solution Architect, Capitec Bank.

1. How is the CCZT certificate program different from other cybersecurity certificate programs?

The CCZT differs from other cybersecurity certificates (such as CISSP, which I still see as the "information security gold standard”) in several ways:

1. Focus on Zero Trust Principles: Unlike many certificates that include a broad overview of security principles, CCZT is specialized in Zero Trust principles, which emphasize the philosophy of "never trust, always verify" and "always assume breach." This approach is critical in a landscape where traditional security perimeters are no longer applicable.
2. Cloud and Hybrid-Cloud Approach: The CCZT is "cloud fit," which is increasingly relevant as organizations move more of their operations into a cloud-dependent environment. CCZT teaches how to apply Zero Trust principles specifically in the cloud, as opposed to some other certificates that may not include cloud.
3. Integrated Risk Management Approach: The CCZT program incorporates a structured approach to understanding and managing corporate risk appetite. This integration helps professionals blend security controls with business processes, aiming to improve trust throughout an organization's critical operations.
4. Maturity Roadmap: Participants follow a maturity framework for trust improvement. This assists organizations to gradually enhance their security posture in a planned and measurable way.
5. Vendor-Neutral: CCZT is not tied to any one product or vendor, making the knowledge gained from it applicable across various technologies and platforms. This contrasts with certificates that might focus on specific vendor products or solutions that cite Zero Trust as the outcome.
6. Scalability Irrespective of Company Size: The principles taught in the CCZT program are scalable and applicable to organizations of any size, unlike some certificates that might target only large enterprises and disregard small businesses or SMEs.

Focusing on these areas, the CCZT prepares cybersecurity professionals to embrace and manage security strategies that are relevant for modern, cloud-based, and dynamic corporate environments.

2. Why did you want to get involved in the development of the CCZT?

After more than 20 years involved in information security and cybersecurity, my interest in the development of the CCZT was driven by a combination of factors. Firstly, there's a strong element of self-education involved; I believe in continuously updating my skills and understanding of emerging technologies. The CCZT, being at the forefront of innovation, represents a challenging yet exciting learning opportunity.

Secondly, the term “Zero Trust” has become something of a buzzword in our industry. I wanted to go beyond the hype, to understand its true potential and applications.

Lastly, I feel a sense of professional responsibility to contribute to advancements within my field. By being involved in the development of the CCZT, I am positioning myself at the forefront of technological progress, which allows me to contribute meaningfully to the community and help shape the future of our industry.

3. What did you learn or come to understand better while working on the CCZT?

While working on the CCZT, I gained a deeper understanding of how Zero Trust frameworks enhance an organization's security posture and build both customer and internal trust. Here are some of the key points:

1. Zero Trust as a Security Enhancement: Zero Trust is not just a technology, but a philosophy. I learned that it's essential to adopt this mindset across all levels of an organization to effectively identify and mitigate risks. By implementing a Zero Trust framework, organizations make no assumptions about trust and continuously validate interactions within their system components.
2. Five Steps of Implementing Zero Trust: The structured approach to implementing Zero Trust, broken down into five steps is: 1) identify sensitive data, 2) map transaction flows, 3) architect a Zero Trust environment, 4) create a Zero Trust policy, and 5) monitor and maintain the environment. Each step is critical in building a robust security framework that adapts to emerging threats.
3. Agility in Different Architectures: Working on CCZT, I learned the importance of agility in applying Zero Trust principles to various environments. Whether dealing with cloud-based services, on-premises data centers, or hybrid models, the ability to adapt and implement Zero Trust concepts is imperative. This agility ensures that security measures are not rigid tick-boxes, but are responsive and evolutionary.
4. Simplification and Common Sense - The "Special Ingredient": One of the key insights from working on the CCZT was the importance of simplifying security language. Instead of getting lost in "techie talk," it's vital to communicate security concepts in a way that is accessible and understandable to all stakeholders. This approach assists in making informed decisions that are guided by common sense rather than technical complexity.

In summary, this experience taught me that Zero Trust is a comprehensive and not just singular approach. It requires a change in mindset, a structured implementation strategy, adaptability, and clear communication. These elements work together to not only protect an organization's data, but also to build a foundation of trust with customers and within the organization itself.

4. Who should earn their CCZT?

This certificate is best for individuals with a robust foundation in cybersecurity. I would recommend a minimum of five years hands-on experience to ensure that candidates can effectively apply knowledge into practice. It equips professionals to make informed decisions about when and how to implement security strategies and tools. This is an advanced certificate and is most beneficial for those with a deep understanding of both technical and strategic areas of cybersecurity.

5. Any final thoughts?

This certificate is poised to set a new standard in the field of information security. It is comprehensive of the multifaceted aspects of security. It will equip professionals with robust and practical knowledge. I foresee this becoming a significant credential for any security professional striving to excel.

Learn more about the Certificate of Competence in Zero Trust (CCZT) here.