SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
SEC566: Implementing and Auditing CIS Controls
SEC566Cybersecurity Leadership
- 5 Days (Instructor-Led)
- 30 Hours (Self-Paced)
Course authored by:
Brian Ventura
Course authored by:Brian Ventura
- GIAC Critical Controls Certification (GCCC)
- 30 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- 26 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Transform the CIS Controls into a defensible roadmap that strengthens security, ensures compliance, and prepares your organization for the future.
Featured Quote
I would recommend this course to anyone that is going to be an ISSO or ISSM or CISO.
Course Overview
Learn to put the CIS Critical Security Controls v8.1 into action across IT, cloud, third-party, and emerging environments. This hands-on course shows you how to stop attacks mapped in the MITRE ATT&CK framework, strengthen programs through automation, and align security with compliance frameworks. Through practical labs and Cyber42 leadership simulations, you’ll gain the skills to build resilient, defensible cybersecurity programs that stand up to both threats and scrutiny.
What You'll Learn
- Design and implement CIS Controls across IT, cloud, hybrid, and AI environments
- Build metrics and risk scores to measure effectiveness and communicate residual risk
- Streamline configuration, coverage, and compliance with automation and orchestration
- Apply strong identity and access controls to secure users, services, and AI workflows
- Enforce endpoint, network, and cloud defenses and extend to AI pipelines and training data
- Establish a culture of continuous improvement through vulnerability management, secure configurations, and forward-looking defense
Business Takeaways
- Reduce attack surface with a prioritized set of CIS Controls
- Maximize ROI by focusing on safeguards with the highest risk reduction
- Create a consistent, measurable security posture across systems, partners, and AI workflows
- Demonstrate regulatory compliance and industry standard alignment through CIS mappings and measurable reporting
- Strengthen detection and response against real-world and AI-enabled threats
- Show measurable improvements with metrics, scoring, and automation
- Build a sustainable, business-aligned program that earns executive support
Meet Your Author
Brian Ventura
Principal InstructorBrian Ventura, a Partner at Cyverity, an information security consulting firm specializing in governance, focuses on enterprise information security governance, risk, and compliance.
Read more about Brian VenturaCourse Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC566: Implementing and Auditing CIS Controls.
Section 1Introduction and Overview of the CIS Critical Controls
Learn the foundations of the CIS Controls framework, its evolution, and implementation strategies. Focus on enterprise asset inventory as the cornerstone of security, exploring tools and techniques to maintain accurate device tracking across complex networks.
Topics covered
- CIS Critical Controls
- Resources and tools of the CIS Controls
- Mitre ATT&CK for common threats
- Control assessments practice
- CIS Control #1
Labs
- Use the CIS Self-Assessment Tool (CSAT) for control assessment
- Bonus Lab: Use Excel-based tools for control assessment
- Inventory assets, software and user accounts with MS PowerShell
Section 2Data Protection, Identity and Authentication
Become proficient in the defensive domains of software control, data protection, and identity management. Learn implementation techniques for secure configurations, privileged access controls, and effective account management systems.
Topics covered
- Software asset management
- Data protection strategies
- Identity and access management (IAM) best practices
- Secure access control implementation
Labs
- Enforce application control with AppLocker
- Bonus Lab: Use an inventory scanning tool
- Encrypt data at rest with Veracrypt
- Simulate privilege abuse with Mimikatz
- Scenario-based leadership simulation game
Section 3Server, Workstation, Network Protections
Discover the inner workings of vulnerability management, secure configurations, and audit logging implementation. Gain proficiency in techniques to protect email and web browsing while maintaining comprehensive security baselines.
Topics covered
- CIS Controls 4, 7, 8, and 9
- Secure configuration frameworks
- Vulnerability management systems
- Audit logging implementation
- Email protections
Labs
- Use CIS-CAT tool for auditing configurations
- Bonus Lab: Performing additional scans with CIS-CAT
- Bonus Lab: Parse Nmap output with PowerShell for automated analysis and reporting
- Explore Security Incident and Event Management (SIEM) solutions using ELK
- Execute a vulnerability scan of AI models using Garak
Section 4Network Infrastructure and Defense
Delve into advanced system protections: malware defenses, data recovery, and network infrastructure security. Learn to monitor network traffic and detect malicious activities using practical tools.
Topics covered
- Malware defense implementation and automation
- Applying CIS Controls to AI Workflows
- Data recovery strategies and testing
- Network infrastructure hardening and management
- Network monitoring and intrusion detection
Labs
- Building Secure Configurations for AI workflows using Amazon Bedrock Guardrails
- Use CIS Navigator to map controls across frameworks and compliance standards
- Use CIS Navigator mapping and model control mappings in a sample GRC system
- Audit network devices with Nipper for misconfiguration and rule-set consistency
- Scenario-based leadership simulation game
Section 5Governance and Operational Security
Develop skills in governance domains including security awareness, service provider management, and incident response. Discover techniques for app security, effective security management, and penetration testing.
Topics covered
- Security awareness training
- Service provider management
- Application security implementation
- Incident response frameworks
- Penetration testing
Labs
- Build robust tabletop exercises
- Use CIS-RAM for risk assessment
- Assess an organization, then prioritize and report on residual risk
- Develop security program metrics
- Scenario-based leadership simulation game
Things You Need To Know
Relevant Job Roles
Operational Leader
Cybersecurity LeadershipOperate from the point of view of an adversary in order to protect you most sensitive assets.
Explore learning pathCybersecurity Research & Development
SCyWF: Cybersecurity Architecture, Research And DevelopmentThis role conducts conducts cybersecurity research and development. Find the SANS courses that map to the Cybersecurity Research & Development SCyWF Work Role.
Explore learning pathCyber Legal, Policy & Compliance Officer
European Cybersecurity Skills FrameworkManages compliance with cybersecurity-related standards, legal and regulatory frameworks based on the organisation’s strategy and legal requirements.
Explore learning pathTechnology Research and Development (OPM 661)
NICE: Design and DevelopmentResponsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.
Explore learning pathSecurity Manager
Cybersecurity LeadershipDaily focus is on the leadership of technical teams. Includes titles such as Technical Director, Manager, and Team Lead.
Explore learning pathDefensive Cybersecurity (OPM 511)
NICE: Protection and DefenseResponsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.
Explore learning pathCybersecurity Researcher
European Cybersecurity Skills FrameworkResearch the cybersecurity domain and incorporate results in cybersecurity solutions.
Explore learning pathLaws and Data Protection
SCyWF: Governance, Risk, Compliance And LawsThis role ensures the organization complies with cybersecurity and data protection laws and regulations. Find the SANS courses that map to the Laws and Data Protection SCyWF Work Role.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Location & instructorDate & TimeCourse priceRegistration Options
- Date & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$7,650 USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..View event detailsCourse price$7,765 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price€7,190 EUR*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..View event detailsCourse price$7,765 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price$7,650 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price$7,650 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price$7,650 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price€7,190 EUR*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price$7,765 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price$7,765 USD*Prices exclude applicable local taxes
Showing 10 of 16
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 3A comprehensive walkthrough of the Critical Security Controls, not just focusing on the 'what', but more importantly the 'why.' It’s been an invaluable learning experience for me.
- Slide 2 of 3I would recommend this course to anyone that is going to be an ISSO or ISSM or CISO.
- Slide 3 of 3Very valuable because it focuses on what matters, and provides practical and easy ways to improve security posture.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources