Training
Featured CourseView All Courses
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

SEC566: Implementing and Auditing CIS Controls

SEC566Cybersecurity Leadership
  • 5 Days (Instructor-Led)
  • 30 Hours (Self-Paced)
Course authored by:
Brian Ventura
Brian Ventura
Register NowCourse Preview
SEC566: Implementing and Auditing CIS Controls
Course authored by:
Brian Ventura
Brian Ventura
Register NowCourse Preview
  • GIAC Critical Controls Certification (GCCC)

    Learn about certification

  • 30 CPEs

    Apply your credits to renew your certifications

  • In-Person, Virtual or Self-Paced

    Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months

  • 26 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Jump to:

Learn to establish critical security controls from the CIS Critical Security Controls framework to effectively defend against cyberattacks and create a secure, compliant environment.

Featured Quote

All week long I have been noting the topics and items I want to bring back to my team to improve various operations. This content is perfectly aligned with the work I am doing. So yes, this was an excellent course.
Thad ZeitlerAthena Health

Course Overview

SEC566 teaches practical techniques for implementing, assessing, and enforcing the Critical Security Controls published by the Center for Internet Security (CIS). This course helps you master specific, proven techniques and tools needed to implement and audit the Critical Security Controls as documented by CIS. Students will learn how to stop known attacks, including those in the ATT&CK framework, and how to maximize the value of existing security tools.

What You'll Learn

  • Design security architecture based on CIS Controls
  • Build effective security metrics and scoring systems
  • Implement automated configuration management
  • Deploy secure authentication and access control
  • Develop comprehensive endpoint protection strategy
  • Establish continuous vulnerability management

Business Takeaways

  • Reduce attack surface by implementing proven controls
  • Prioritize security investments based on the threat landscape
  • Establish a consistent security posture across the enterprise
  • Demonstrate compliance with regulatory frameworks
  • Improve incident response capabilities
  • Develop measurable security improvements
  • Create a sustainable security program with executive support

Meet Your Author

Brian Ventura
Brian Ventura

Brian Ventura

Principal Instructor

Brian Ventura, a Partner at Cyverity, an information security consulting firm specializing in governance, focuses on enterprise information security governance, risk, and compliance.

Read more about Brian Ventura

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC566: Implementing and Auditing CIS Controls.

Section 1Introduction and Overview of the CIS Critical Controls

Learn the foundations of the CIS Controls framework, its evolution, and implementation strategies. Focus on enterprise asset inventory as the cornerstone of security, exploring tools and techniques to maintain accurate device tracking across complex networks.

Topics covered

  • CIS Critical Controls
  • Resources and tools of the CIS Controls
  • Mitre ATT&CK for common threats
  • Control assessments practice
  • CIS Control #1

Labs

  • Use the CIS Self-Assessment Tool (CSAT) for control assessment
  • Use Excel-based tools for control assessment
  • Inventory assets with MS PowerShell

Section 2Data Protection, Identity and Authentication, Access Control Management, Audit Log Management

Become proficient in the defensive domains of software control, data protection, and identity management. Learn implementation techniques for secure configurations, privileged access controls, and effective account management systems.

Topics covered

  • Hardware inventory systems
  • Software asset management
  • Data protection strategies
  • Access control implementation

Labs

  • Enforce application control with AppLocker
  • Encrypt data at rest with Veracrypt
  • Experience privilege abuse with Mimkatz
  • Use Powershell and WMI for account inventories
  • Scenario-based leadership simulation game

Section 3Server, Workstation, Network Device Protections (Part 1)

Discover the inner workings of vulnerability management, secure configurations, and audit logging implementation. Gain proficiency in techniques to protect email and web browsing while maintaining comprehensive security baselines.

Topics covered

  • CIS Controls 4, 7, 8, and 9
  • Secure configuration frameworks
  • Vulnerability management systems
  • Audit logging implementation
  • Email protections

Labs

  • Use CIS-CAT tool for auditing configurations
  • Apply a CIS Benchmark and compare results
  • Parse Nmap output with PowerShell
  • Scenario-based leadership simulation game

Section 4Server, Workstation, Network Device Protections (Part 2)

Delve into advanced system protections: malware defenses, data recovery, and network infrastructure security. Learn to monitor network traffic and detect malicious activities using practical tools.

Topics covered

  • Malware defense implementation
  • Strategies in data recovery
  • Network infrastructure security
  • Network monitoring frameworks

Labs

  • Leverage Fleet for inventory, vulnerability and secure configuration
  • Map CIS Navigator controls
  • Audit network devices with Nipper
  • Use Wireshark to spot malicious activity
  • Scenario-based leadership simulation game

Section 5Governance and Operational Security

Develop skills in governance domains including security awareness, service provider management, and incident response. Discover techniques for app security, effective security management, and penetration testing.

Topics covered

  • Security awareness training
  • Service provider management
  • Application security implementation
  • Incident response frameworks
  • Penetration testing

Labs

  • Build robust tabletop exercises
  • Use CIS-RAM for risk assessment
  • Assess an organization and report on residual risk
  • Develop security program metrics
  • Scenario-based leadership simulation game

Things You Need To Know

Relevant Job Roles

Operational Leader

Cybersecurity Leadership

Operate from the point of view of an adversary in order to protect you most sensitive assets.

Explore learning path

Cybersecurity Research & Development

SCyWF: Cybersecurity Architecture, Research And Development

This role conducts conducts cybersecurity research and development. Find the SANS courses that map to the Cybersecurity Research & Development SCyWF Work Role.

Explore learning path

Cyber Legal, Policy & Compliance Officer

European Cybersecurity Skills Framework

Manages compliance with cybersecurity-related standards, legal and regulatory frameworks based on the organisation’s strategy and legal requirements.

Explore learning path

Technology Research and Development (OPM 661)

NICE: Design and Development

Responsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.

Explore learning path

Security Manager

Cybersecurity Leadership

Daily focus is on the leadership of technical teams. Includes titles such as Technical Director, Manager, and Team Lead.

Explore learning path

Defensive Cybersecurity (OPM 511)

NICE: Protection and Defense

Responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.

Explore learning path

Cybersecurity Researcher

European Cybersecurity Skills Framework

Research the cybersecurity domain and incorporate results in cybersecurity solutions.

Explore learning path

Laws and Data Protection

SCyWF: Governance, Risk, Compliance And Laws

This role ensures the organization complies with cybersecurity and data protection laws and regulations. Find the SANS courses that map to the Laws and Data Protection SCyWF Work Role.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchase Options?Contact Us

GIAC Certification Attempt

Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.

OnDemand Course Access

When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.

  • Location & instructor

    Virtual (OnDemand)

    Instructed by
    Brian Ventura
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    $7,650 USD*Prices exclude applicable local taxes
    Registration Options
    Self-Paced
  • Location & instructor

    Riyadh, SA & Virtual (live)

    Instructed by
    Brian Ventura
    Date & Time
    Fetching schedule..View event details
    Course price
    $7,765 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Virtual (live)

    Instructed by
    Brian Ventura
    Date & Time
    Fetching schedule..View event details
    Course price
    €7,190 EUR*Prices exclude applicable local taxes
    Registration Options
    Virtual
  • Location & instructor

    Dubai, AE & Virtual (live)

    Instructed by
    Brian Ventura
    Date & Time
    Fetching schedule..View event details
    Course price
    $7,765 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Washington, DC, US & Virtual (live)

    Instructed by
    Brian Ventura
    Date & Time
    Fetching schedule..View event details
    Course price
    $7,650 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Nashville, TN, US & Virtual (live)

    Instructed by
    Randy Marchany
    Date & Time
    Fetching schedule..View event details
    Course price
    $7,650 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Arlington, VA, US & Virtual (live)

    Instructed by
    Brian Ventura
    Date & Time
    Fetching schedule..View event details
    Course price
    $7,650 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Amsterdam, NL & Virtual (live)

    Instructed by
    Brian Ventura
    Date & Time
    Fetching schedule..View event details
    Course price
    €7,190 EUR*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Dubai, AE & Virtual (live)

    Instructed by
    Brian Ventura
    Date & Time
    Fetching schedule..View event details
    Course price
    $7,765 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Riyadh, SA & Virtual (live)

    Date & Time
    Fetching schedule..View event details
    Course price
    $7,765 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
Showing 10 of 14

Learn Alongside Leading Cybersecurity Professionals From Around The World

  • Slide 1 of 4
    SEC566 is truly providing the foundation to elevate my organization's security posture. It has given me the tools to secure our environment and explain why we need to in the first place.
    Keri PowellTextron
  • Slide 2 of 4
    After attending this class, I now have this rejuvenated desire to get back to work, tweek my vulnerability scanner, and run my scans.
    Jason HinojosaRush Enterprises
  • Slide 3 of 4
    I will be able to take this back to my organization and use it right away.
    Beth CannMIT Lincoln Laboratory
  • Slide 4 of 4
    SEC566 was very valuable for me. I thought I knew about security controls but this course has shown me that all I knew was the basics. I now have in-depth knowledge in this area.
    Noureen NjorogeCISCO Systems
Slide 1 of 0

Benefits of Learning with SANS

Instructor teaching to a class

Get feedback from the world’s best cybersecurity experts and instructors

OnDemand Mobile App

Choose how you want to learn - online, on demand, or at our live in-person training events

Resources

Get access to our range of industry-leading courses and resources