On the heels of President Biden's Executive Order requiring federal civilian agencies to establish plans to drive the adoption of Zero Trust Architecture by 2024 and encouraging private companies to do so, many in the cybersecurity industry are considering how to implement this properly and efficiently. Adopting a Zero Trust Architecture is an important goal, albeit one that requires considerable investment and organisational culture change. A good, well-defined XDR capability can help organisations to start achieving ZTA objectives at a foundational level today. This session will consider what is realistically achievable when balancing risk management with finite operational resources in the context of the Executive Order (EO 14028). We will also discuss what organisations in Southeast Asia can learn from others going through this exercise.