DOD Zero Trust Chief: ZT Implementation Requires Clearer Standards
Randy Resnick, director of the DOD Zero Trust Portfolio Management Office, announced an upcoming memo to eliminate ambiguity on its zero-trust guidelines.

The Defense Department Zero Trust Portfolio Management Office is developing new language to eliminate ambiguity in zero-trust implementation standards and protocols, Randy Resnick, director of the DOD Zero Trust Portfolio Management Office, said at AFCEA TechNet Cyber in Baltimore Tuesday.
“We wrote a [directive type memo], if it’s not out, it’s going to be out very, very soon,” Resnick said. “You will see language in it that makes it very clear what the portfolio office capabilities are and the power that we have over telling the department just how to do things in terms of policy deadlines and such. It also clearly outlines what… the agency’s roles and responsibilities are for zero trust.”
Resnick said that the his office will release the document within the next two months. The memo will define roles and responsibilities for zero trust in the department and eliminate “gaps” and “gray areas.”
As zero trust becomes standard for agencies like DOD, the change in posture is creating a knock-on effect for the country’s partners and allies as well. Resnick said that the department’s zero trust work inadvertently influenced other countries’ policies.
“Our allies are now following, thinking—plagiarizing — the way we do zero trust in the Department of Defense. You’ll see it within their documents,” he said. “Instead of the blood, sweat and tears of five years of ZT before the portfolio office started back at NSA, they jumped right to the solution and they accepted our hard work in the department, and they said, ‘This looks pretty good to us.’”
Though international partners might have reasons for not fully implementing the DOD zero-trust strategy, Resnick added, they take portions and develop it for their own use.
Despite this adoption, Resnick said there are still gaps in training that he hopes industry can fill.
“There’s a role for industry to play. Industry has all kinds of training and all kinds of other things in network security, cybersecurity, and yet I still see a little gap in zero trust,” Resnick said. “I’m encouraging industry not to stand by but to actually be aggressive here, and to actually come up with zero trust training. Because, I assure you, once the training exists, they’re not going to take all the online classes only from [Defense Acquisition University] and you’re going to have a ready market for zero-trust training at whatever level, from 101 to 401 on zero trust.”
According to Resnick, the Zero Trust Portfolio Management Office is using innovative techniques to improve zero trust across the agency. This includes what he called “purple teaming,” an exercise in which red and blue teams fight and shift with each other in attacking and defending systems within a simulated environment.
To Resnick, exercises like purple teaming are critical to getting everyone speaking the same language and understanding DOD requirements when it comes to zero trust and cybersecurity.
“Right now we see that there’s no repeatable process. This is a problem. We said in the past that we really don’t know how a component gets to zero trust just as long as they get to target, but it really didn’t address the DevSecOps part of what the vendors are doing in order to keep them in the spirit of the best principles that we can think of, and have it done repeatedly so that when we go and Purple Team them, we have a higher assurance that has been designed correctly,” Resnick said.
While changing the culture surrounding zero trust is critical to the health of the department, Resnick said that an employed “permafrost” is likely to never fully embrace new cybersecurity principles. Waiting them out is more likely than shifting their workflow, he added.
“We have a bigger burden of figuring out how to explain zero trust and its fundamentals and to actually get through the culture inertia that exists in the department,” Resnick said. “The only people that push back are what I would call the middle layer, the permafrost, as we jokingly say, that is frozen in time. They feel threatened because they’re doing the old style of cybersecurity. I did it myself. I totally understand. But these people, if they haven’t learned now, they’re never going to learn. And so I truly believe it’s a generational thing. We’re going to have to wait until they retire out, and so you won’t see this problem in another 10 years.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Inside DOD’s Push to Grow the Cyber Workforce Through Academia
Diba Hadi gives her first interview since becoming principal director of the DOD’s Cyber Academic Engagement Office.
15m listen -
Generative AI Demands Federal Workforce Readiness, Officials Say
NASA and DOI outline new generative AI use cases and stress that successful AI adoption depends on strong change management.
6m read -
The Next AI Wave Requires Stronger Cyber Defenses, Data Management
IT officials warn of new vulnerabilities posed by AI as agencies continue to leverage the tech to boost operational efficiency.
5m read -
Federal CIOs Push for ROI-Focused Modernization to Advance Mission Goals
CIOs focus on return on investment, data governance and application modernization to drive mission outcomes as agencies adopt new tech tools.
4m read -
Data Transparency Essential to Government Reform, Rep. Sessions Says
Co-Chair of the Congressional DOGE Caucus Rep. Pete Sessions calls for data sharing and partnerships to reduce waste and improve efficiency.
5m read -
DOD Turns to Skills-Based Hiring to Build Next-Gen Cyber Workforce
Mark Gorak discusses DOD’s efforts to build a diverse cyber workforce, including skills-based hiring and partnerships with over 480 schools.
20m listen -
Trump Executive Order Boosts HBCUs Role in Building Federal Tech Workforce
The executive order empowers HBCUs to develop tech talent pipelines and expand access to federal workforce opportunities.
3m read -
DOD Can No Longer Assume Superiority in Digital Warfare, Officials Warn
The DOD must make concerted efforts to address cyber vulnerabilities to maintain the tactical edge, military leaders said at HammerCon 2025.
4m read -
Marine Corps Operation StormBreaker Slashes Software Delivery Timelines by 17x
New program aims to deliver critical digital capabilities to warfighters at the "speed of relevance" by overhauling traditional processes.
4m read -
Tracking CIOs in Trump's Second Term
Stay informed on the latest shifts in federal technology leadership as new CIOs are appointed and President Trump's second term takes shape.
6m read -
Inside Oak Ridge National Lab’s Pioneer Approach to AI
Energy Department’s Oak Ridge National Lab transforms AI vulnerabilities into strategic opportunities for national defense.
22m listen -
DOI Must Modernize Energy to Win AI Race, Secretary Says
Doug Burgum links AI innovation to energy reform as DOI advances digital infrastructure and wildfire response under Trump’s tech agenda.
2m read