Cloud 101CircleEventsBlog

Behind the Curtain with a CCZT Developer: Director Zenith Law

Behind the Curtain with a CCZT Developer: Director Zenith Law

Blog Article Published: 12/18/2023

The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the certificate provides an in-depth understanding of Zero Trust architecture, drivers, benefits, and how to plan for adoption. Earning the CCZT is critical for security professionals seeking to advance their careers and for organizations who must maintain strong security postures.

In this blog series, we’re interviewing developers of the CCZT about the importance of the certificate and who should consider earning it. In this fourth blog, we’re interviewing Zenith Law, Director of Zenospace.


1. How is the CCZT certificate program different from other cybersecurity certificate programs?

The CCZT certificate program is considered an evolving and disruptive extension to other cybersecurity certificate programs, specifically in the context of moving defenses from static, network-based perimeters to focusing on protecting resources with the principles of “assume breach” and “never trust, always verify.”


2. Why did you want to get involved in the development of the CCZT?

In the past 20+ years, I have always made myself available for contributing my knowledge to organisations, especially non-profit-making ones, with the aim of building a better knowledge-driven future in a collaborative manner. Meanwhile, I felt privileged to collaborate with CSA and contribute to the development of the CCZT since Zero Trust is believed to be an essential element for evolving architectures and technologies, including but not limited to: Open Radio Access Network (Open RAN), Secure Access Service Edge (SASE), Industry 4.0, and Generative Artificial Intelligence (GenAI).


3. What did you learn or come to understand better while working on the CCZT?

My knowledge of the Zero Trust planning and implementation process, Zero Trust Maturity Model, deployment models of a software-defined perimeter (SDP), automated enforcement of access policies, supply chain risk management, and automation and orchestration for the implementation of a Zero Trust Architecture (ZTA) has been greatly improved.


4. Who should earn their CCZT?

Any practitioner who genuinely embraces the principle of “never trust, always verify” and the evolution of our decentralised future with Zero Trust and software-defined everything should earn their CCZT.


5. Any final thoughts?

Throughout my engagement as both an exam item writer and exam item reviewer, the people and processes of the Cloud Security Alliance for engaging stakeholders and contributors, communicating about exam items, and performing quality control, were found to be brilliant and agile.



Learn more about the Certificate of Competence in Zero Trust (CCZT) here.

Share this content on your favorite social network today!