search menu icon-carat-right cmu-wordmark

The 4 Phases of the Zero Trust Journey

Tim Morrow and Matthew Nicolai outline 4 steps that organizations can take to implement and maintain a zero trust architecture.

Software Engineering Institute




Over the past several years, zero trust architecture has emerged as an important topic within the field of cybersecurity. Heightened federal requirements and pandemic-related challenges have accelerated the timeline for zero trust adoption within the federal sector. Private sector organizations are also looking to adopt zero trust to bring their technical infrastructure and processes in line with cybersecurity best practices. Real-world preparation for zero trust, however, has not caught up with existing cybersecurity frameworks and literature. NIST standards have defined the desired outcomes for zero trust transformation, but the implementation process is still relatively undefined. As the nation’s first federally funded research and development center with a clear emphasis on cybersecurity, the SEI is uniquely positioned to bridge the gap between NIST standards and real-world implementation. In this SEI podcast, Tim Morrow and Matthew Nicolai, researchers with the SEI’s CERT Division outline 4 steps that organizations can take to implement and maintain a zero trust architecture.

About the Speaker

Headshot of Timothy Morrow

Timothy Morrow

Tim Morrow is the situational awareness technical manager in the SEI CERT Division’s Monitoring and Response Directorate. Morrow applies architecture-centric approaches to systems-of-systems to analyze and identify potential risks to improve their cybersecurity. Morrow’s past experience includes providing acquisition and technical support for the complete lifecycle of DoD and non-DoD …

Read more
Headshot of Matthew Nicolai.

Matthew Nicolai

Matthew Nicolai is an SEI alumni employee.

Matthew Nicolai is a graduate research assistant in the SEI’s CERT Division, where he works on situational awareness projects with an emphasis on zero-trust architecture. He is a master of science candidate in information security policy and management at Heinz College of Information …

Read more