Cyber threats are constantly evolving, but the fundamentals of defense remain the same: organizations need a practical roadmap that cuts through complexity and prioritizes the actions that reduce the most risk. The CIS Controls provide exactly that—a proven, prioritized set of safeguards designed to stop the attacks that matter most and build lasting resilience. SEC566 gives practitioners, auditors, and risk leaders the knowledge and hands-on experience to put the CIS Controls into practice with confidence. You will learn to design, implement, and audit safeguards across traditional IT, cloud, hybrid, and third-party ecosystems, with expanded coverage for AI-related technologies and workflows. We must keep our skills sharp as organizations adopt machine learning, automation, and intelligent decision-making systems—SEC566 provides a controls-focused foundation for securing AI models, protecting data, applying guardrails, and ensuring accountability to advanced and merging technology adoptions. Business Takeaways ▐ Reduce attack surface with a prioritized set of CIS Controls ▐ Maximize ROI by focusing on safeguards with the highest risk reduction ▐ Create a consistent, measurable security posture across systems, partners, and AI workflows ▐ Demonstrate regulatory compliance and industry standard alignment through CIS mappings and measurable reporting ▐ Strengthen detection and response against real-world and AI-enabled threats ▐ Show measurable improvements with metrics, scoring, and automation ▐ Build a sustainable, business-aligned program that earns executive support Syllabus Summary SECTION 1: Introduction and Overview of the CIS Critical Controls SECTION 2: Data Protection, Identity and Authentication SECTION 3: Server, Workstation, Network Protections SECTION 4: Network Infrastructure and Defense SECTION 5: Governance and Operational Security CURRICULUM: Cybersecurity Leadership SEC566: Implementing and Auditing CIS Controls™ MAJOR UPDATE You Will Be Able To ▐ Design and implement CIS Controls across IT, cloud, hybrid, and AI environments ▐ Build metrics and risk scores to measure effectiveness and communicate residual risk ▐ Streamline configuration, coverage, and compliance with automation and orchestration ▐ Apply strong identity and access controls to secure users, services, and AI workflows ▐ Enforce endpoint, network, and cloud defenses and extend to AI pipelines and training data ▐ Establish a culture of continuous improvement through vulnerability management, secure configurations, and forward-looking defense Who Should Attend ▐ Information Assurance Auditors ▐ System Implementers or Administrators ▐ Compliance Analysts ▐ IT Administrators ▐ Department of Defense (DoD) personnel or contractors ▐ Federal agencies or clients ▐ Private sector organizations looking to improve information assurance processes and secure their systems ▐ Security vendors and consulting groups looking to stay current with frameworks for information assurance NICE Framework Work Roles ▐ Security Control Assessor (SP-RSK-002) “ SEC566 was very valuable for me. I thought I knew about security controls but this course has shown me that all I knew was the basics. I now have in-depth knowledge in this area.” —Keri Powell, Textron “ After attending this class, I now have this rejuvenated desire to get back to work, tweek my vulnerability scanner, and run my scans.” —Jason Hinojosa, Rush Enterprises Brian Ventura Course Author GCCC Critical Controls giac.org/gccc 5 Day Program 30 CPEs 23 Labs For detailed course description, visit SANS.ORG/SEC566 WAYS TO TAKE SEC566 Live Online In-Person OnDemand
