Historically, security architectures relied on a castle and moat strategy. We derived a certain amount of comfort knowing our assets were protected inside the castle. We placed a base level of trust in people because they entered the same gates, we did to enter the castle. Post-Covid, the castle is more porous than ever. Enterprises are much more complex, with most revenue driven by digital, and more than half of corporate valuations are derived from intangible, usually digital assets. With about 36 million people working from home at least part-time, our exposure has only increased. Traditional security practices do not work. Zero Trust fundamentally changes the way we view security architectures, how we minimize the blast radius, and how we respond to incidents. This session focuses on not only the philosophy of Zero Trust but, more importantly, how Zero Trust fits into traditional Governance, Risk Management, and Compliance (GRC) practices like the Lines of Defense (LODs), Risk Registers, and RAIC diagrams. The session will begin with an overview of how the game has changed. We will then talk about where Zero Trust fits into your strategy and end with practical guidance on crafting your Zero Trust journey with a list of things you can do today.