The head of the Defense Department’s (DoD) Zero Trust Portfolio Management Office said this week that he is looking for firms to focus on product integration possibilities as they pitch zero trust security strategies to the Pentagon.
Randy Resnick, director of the Zero Trust Portfolio Management Office, explained that DoD is looking to adopt zero trust models that can incorporate offerings from a range of security companies and cloud providers.
“We need to have companies working together to integrate their products instead of competing against each other on an individual product in order for us to really get to this zero trust destination that we want,” stated Resnick.
Last October, Resnick reported that military service branches and defense agencies had submitted dozens of zero trust security implementation plans to the zero trust office for evaluation, and that office had until the end of 2023 to review them.
“Those 43 implementation plans [under review] are going to explain how to achieve target-level zero trust,” Resnick said in October. “We delivered to the components the ‘target-level’ zero trust outcomes we want to see in their plans; now they got to deliver the how.”
“Those plans were very comprehensive, we’re talking 40 pages each,” Resnick said during his remarks this week.
“We evaluated every single one of them,” he continued. “Some of them were better than others, but they all described their strategy for getting at target levels and talked about what it would take to get to zero trust and how much resources or dollars they required to do that.”
Elsewhere in his remarks, Resnick talked about how DoD is ramping up zero trust training efforts.
“We are hot and heavy in terms of coming up with training for zero trust,” he said. “We are working with Defense Acquisition University (DAU) to come up with training courses, which they have done.”
“We’re working towards that model where it would actually either be mandatory to take the ZT 101 … or roll it into the existing cyber courses and essentially update the cyber course to include zero trust one way or the other,” Resnick said, adding, “this is how we’ll get the workforce upskilled.”