A tailored course, built for your situation
Direct authority over Azure infrastructure decisions with CIS Controls
A tailored 12-module course to expand your remit in cloud operations and security governance
Who this is for
Senior cloud engineer or infrastructure specialist with Azure expertise, operating as an individual contributor but with demonstrated ownership across hybrid environments and compliance-sensitive configurations.
Who this is not for
Entry-level administrators, managers focused only on budget or staffing, or teams seeking generic compliance checklists without technical depth.
What you walk away with
- Final sign-off capability on Azure security baselines aligned to CIS Controls
- Repeatable decision logic for network and identity policies in hybrid environments
- Documented framework for peer validation of configuration changes
- Proven audit trail for infrastructure decisions reducing escalation need
- Expanded scope in current role to include standalone compliance ownership
The 12 modules (with all 144 chapters)
- Decision ownership vs approval
- Mapping CIS to Azure services
- Identifying owned components
- Baseline configuration roles
- Defining change thresholds
- Autonomy within compliance
- Documentation standards
- Peer validation triggers
- Escalation exceptions
- Integration touchpoints
- Policy enforcement levels
- Version control for decisions
- VM hardening checklist
- Disk encryption standards
- Network interface rules
- NSG rule optimization
- Logging enablement
- JIT access configuration
- Baseline image validation
- Patch compliance timing
- Host-based firewall setup
- Endpoint detection rules
- Secure boot enforcement
- CIS scoring automation
- Privileged account inventory
- MFA enforcement policies
- Guest user controls
- Role-based access design
- PIM configuration
- Conditional access rules
- Break-glass account setup
- Access review cadence
- Just-in-time provisioning
- CIS-aligned permission sets
- Service principal hardening
- Identity threat monitoring
- VNet segmentation rules
- DNS security settings
- Firewall rule baselines
- DDoS protection enablement
- Private endpoint usage
- Web Application Firewall setup
- CIS logging requirements
- Traffic filtering standards
- Zero trust network design
- Hybrid connectivity security
- DNS over HTTPS policy
- Network micro-segmentation
- Data classification schema
- Azure Information Protection
- DLP policy design
- Encryption key ownership
- Backup compliance checks
- Retention tagging
- Data movement logging
- CIS data inventory rules
- Sensitive data workflows
- Cross-border data rules
- Storage account encryption
- Blob access logging
- Log retention periods
- Centralized logging design
- Alert severity levels
- CIS logging requirements
- SIEM integration
- Immutable log setup
- Query templates for audits
- Event collection scope
- Security event thresholds
- Incident timeline creation
- Baseline deviation alerts
- Automated log export
- Change advisory board role
- Standard change templates
- Emergency change rules
- Rollback procedure design
- CIS configuration drift
- Automated compliance checks
- Pre-deployment validation
- Post-change verification
- Change window policies
- Peer review automation
- Documentation updates
- Version-controlled templates
- Vulnerability scoring model
- Patch compliance standards
- Automated scanning schedule
- Remediation SLA design
- Critical system exceptions
- CIS Top 20 alignment
- Asset criticality tagging
- Zero-day response plan
- Third-party tool integration
- Scan exclusion policy
- Risk acceptance workflow
- Executive reporting format
- Control mapping exercise
- Evidence collection process
- Audit timeline ownership
- Internal review cycles
- CIS to NIST alignment
- Remediation tracking
- Executive summary writing
- Finding categorization
- Compliance dashboard design
- Stakeholder reporting
- Automated evidence generation
- Cross-framework alignment
- Vendor onboarding checklist
- Third-party access rules
- Managed service SLAs
- CIS compliance verification
- Audit right requirements
- Data handling assurances
- Incident response clauses
- Patch management terms
- Configuration drift monitoring
- Reporting requirements
- Security questionnaire design
- Contractual compliance terms
- Recovery point objectives
- Recovery time definitions
- Geo-redundant design
- Failover testing schedule
- CIS resilience standards
- Backup validation process
- DR runbook creation
- Cross-region sync rules
- Testing documentation
- Post-failover review
- Stakeholder notification
- Automated recovery steps
- Playbook structure design
- Decision rationale logging
- Template library creation
- Version control process
- Peer validation record
- Escalation avoidance tactics
- Audit preparation workflow
- Lessons learned review
- Stakeholder communication
- Continuous improvement loop
- Cross-team reference use
- Success metric tracking
How this maps to your situation
- When a new Azure subscription is provisioned
- Before a compliance audit cycle begins
- After a security finding is reported
- During third-party vendor integration
Before vs. after
What's included with your purchase
- 12 modules with 12 chapters each (144 chapters total)
- Downloadable templates and worked examples for every module
- Hand-built implementation playbook delivered alongside course access
- 30-day money-back guarantee
Delivery and format
- Course and learning environment access provisioned within 24 hours of purchase
- Hand-built implementation playbook delivered alongside course access
Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.
Time investment: Approximately 3 hours per module, designed for practitioners to complete one module per week while on the job.
How this compares to the alternatives
Unlike generic cloud security courses, this program focuses exclusively on expanding decision authority within your current role using the CIS Controls framework, with Azure-specific implementation playbooks and no reliance on external certifications.
Frequently asked
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.