The rapid expansion of industrial internet of things (IIoT) adoption in Industry 4.0 has improved automation and real-time control yet simultaneously increased security risks in operational technology (OT) environments, where device integrity and system reliability are critical. Existing attestation approaches such as SAFEHIVE, SEDA, CRA, and ERASMUS provide scalable verification capabilities but still lack continuous hardware-rooted validation and adaptive access control required for real-time industrial systems. To address this gap, this study proposes a hybrid cybersecurity framework that integrates IoT device-trusted remote attestation (ID-TRA) based on trusted platform module (TPM) with zero trust architecture (ZTA) to ensure continuous device trustworthiness in brewery operations. The framework was implemented on an industrial testbed with programmable logic controllers (PLCs), edge devices, and industrial switches, and it was evaluated through measurements of attestation latency, false positive rate, communication overhead, and TPM resource utilization. Experimental results show that the framework achieves an average attestation latency of 250 ms, a false positive rate below 2%, and a communication overhead of only 1.1%, while TPM resource usage remains within acceptable bounds (62% CPU and 48 MB RAM). These outcomes demonstrate that the proposed solution can reliably detect unauthorized firmware modifications, prevent compromised devices from accessing critical network zones, and maintain compatibility with real-time control processes. Overall, the integration of ID-TRA and ZTA enhances device-level assurance and strengthens industrial cybersecurity resilience against firmware tampering, replay attacks, and unauthorized lateral movement.