Zero Trust (ZT) is the de facto security model for many business and government organizations, but security leaders often don’t know where to begin architecting and implementing it; they can be daunted by the fundamental shifts in strategy and architecture that ZT demands. Contrary to popular belief, a Zero Trust architecture does not require ripping out current security controls and starting anew. With the right approach, security leaders can increase their ZT competence and realize security benefits right away. This report guides security leaders through a roadmap for implementing ZT using practical building blocks that take advantage of existing technology investments and current maturity.