Zero Trust Architecture (ZTA) is an information security model that de-emphasizes computer networks as trust factors, focusing instead on strong user & device authentication and contextual, risk-based authorization. In this paper, we: • Review the background and history of ZTA (Section 2). • Summarize the history of our organization’s Zero Trust journey (Section 3). • Discuss highlights of our organization’s ZTA program, including its guiding principles, security focus areas, and governance (Sections 4 – 6). • Reflect on lessons learned (Section 7). • Consider future directions for our ZTA program (Section 8). • Evaluate ZTA as it relates to service providers (Section 9).