Introduction

Zenith Live 2026 · Hands-On Lab

Discover · Protect · Investigate

A complete data security lifecycle — one fictional company, one payroll file, three personas, nine labs.

⏱ ~4 Hours🗂 3 Modules · 9 Labs👤 3 Personas🖥 2 Tenants🏢 Dataparity Inc.

Workshop Overview

Dataparity Inc. is a mid-size financial services firm that has grown its SaaS footprint faster than its data governance. Sensitive payroll data is scattered across cloud storage, endpoints, and AI tools — and no one knows where it's going. Over four hours, you'll step into the roles of three Dataparity employees: Alex maps the risk landscape and builds enforcement policies, Kevin triggers every violation you configure, and Priya investigates and automates the response. One payroll file threads all three modules together.

Learning Path

🔍

Discover

Module 1 · Labs 1–4

Shadow IT, SaaS posture, DSPM, and Copilot readiness — see everything before touching a policy.

→

🛡

Protect

Module 2 · Labs 5–8

Build detection logic, then enforce it across web, endpoint, and browser channels.

→

🔎

Investigate

Module 3 · Lab 9

Triage incidents, notify users, escalate, and automate future SOC response.

Module Overview

Module 1

Visibility

⏱ ~60 min · Enterprise Tenant · Read-Only

Lab 1Shadow IT & App Visibility

20 min

Lab 2SaaS Posture & App Governance

15 min

Lab 3DSPM — Data at Rest

15 min

Lab 4Copilot Readiness

10 min

Module 2

Protection

⏱ ~75 min · Lab Tenant · Read/Write

Lab 5Detection Logic

15 min

Lab 6Inline DLP

25 min

Lab 7Endpoint DLP

20 min

Lab 8Browser DLP

15 min

Module 3

Investigation

⏱ ~35 min · Enterprise Tenant · Read-Only

Lab 9ZWA SOC Triage

35 min

Triage · Notify · Escalate · Automate

Meet the Team

🛡

Alex

Security Administrator

Modules 1 + 2

Dataparity's lead security admin. In Module 1, Alex maps the full risk landscape. In Module 2, Alex builds and enforces every DLP policy from scratch.

👤

Kevin

End User · Customer Success

Module 2 (Test Steps)

Not malicious — just a busy employee reaching for the most convenient tool. Kevin triggers every policy violation you configure, across three different channels.

🔍

Priya

SOC Analyst · Tier-1

Module 3 (Full Lab)

Dataparity's incident responder. Priya picks up Kevin's violations, triages them, coaches him, escalates to management, and automates future response.

📊

The Narrative Thread

Dataparity_Q2_2025_Workforce_Financial_Summary.docx

One payroll file appears in 5 labs across all 3 modules. Discovered at rest in Lab 3, exposed to Copilot in Lab 4, blocked in transit in Labs 6 and 7, blocked in a browser prompt in Lab 8, and investigated by Priya in Lab 9. Same file. Five different risk contexts. One platform.

Lab 3 — DiscoveredLab 4 — AI ExposedLab 6 — Blocked (Web)Lab 7 — Blocked (Endpoint)Lab 9 — Investigated

Lab Tenants

🏢

Enterprise Tenant

Tenant 1 · Read-Only

Modules 1 + 3

Pre-populated with realistic production-like data. Shows what a mature Zscaler deployment looks like after months of collection. No configuration allowed.

⚗️

Lab Tenant

Tenant 2 · Read/Write

Module 2 Only

A clean environment with no active DLP policies. You build everything from scratch. The blank slate is intentional — building the policies yourself is the exercise.

💡 Facilitator Notes

Open with this question to the room: "Before we start — how many of you know exactly how many cloud applications your employees are using right now?" Wait for answers. Then: "By the end of Module 1, Dataparity's answer will be 911. How close do you think your number is?"

This sets up the Shadow IT discovery in Lab 1 and immediately connects the lab to their real environment.