Skip to main content
Image coming soon

Direct authority over Azure infrastructure decisions with CIS Controls

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Direct authority over Azure infrastructure decisions with CIS Controls

A tailored 12-module course to expand your remit in cloud operations and security governance

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.

Who this is for

Senior cloud engineer or infrastructure specialist with Azure expertise, operating as an individual contributor but with demonstrated ownership across hybrid environments and compliance-sensitive configurations.

Who this is not for

Entry-level administrators, managers focused only on budget or staffing, or teams seeking generic compliance checklists without technical depth.

What you walk away with

  • Final sign-off capability on Azure security baselines aligned to CIS Controls
  • Repeatable decision logic for network and identity policies in hybrid environments
  • Documented framework for peer validation of configuration changes
  • Proven audit trail for infrastructure decisions reducing escalation need
  • Expanded scope in current role to include standalone compliance ownership

The 12 modules (with all 144 chapters)

Module 1. Defining your decision domain in Azure infrastructure
Establish clear boundaries for autonomous action based on CIS Controls Level 1 and 2 benchmarks, tailored to hybrid cloud environments with M-365 and on-prem dependencies.
12 chapters in this module
  1. Decision ownership vs approval
  2. Mapping CIS to Azure services
  3. Identifying owned components
  4. Baseline configuration roles
  5. Defining change thresholds
  6. Autonomy within compliance
  7. Documentation standards
  8. Peer validation triggers
  9. Escalation exceptions
  10. Integration touchpoints
  11. Policy enforcement levels
  12. Version control for decisions
Module 2. CIS Controls implementation for Azure IaaS
Apply CIS Benchmarks to virtual machines, disks, and networking with exact command-line references and deployment templates aligned to security baselines.
12 chapters in this module
  1. VM hardening checklist
  2. Disk encryption standards
  3. Network interface rules
  4. NSG rule optimization
  5. Logging enablement
  6. JIT access configuration
  7. Baseline image validation
  8. Patch compliance timing
  9. Host-based firewall setup
  10. Endpoint detection rules
  11. Secure boot enforcement
  12. CIS scoring automation
Module 3. Identity and access governance under CIS
Implement CIS Control 16 and 17 requirements in Azure AD, conditional access, and role assignments with precision for hybrid identity models.
12 chapters in this module
  1. Privileged account inventory
  2. MFA enforcement policies
  3. Guest user controls
  4. Role-based access design
  5. PIM configuration
  6. Conditional access rules
  7. Break-glass account setup
  8. Access review cadence
  9. Just-in-time provisioning
  10. CIS-aligned permission sets
  11. Service principal hardening
  12. Identity threat monitoring
Module 4. Secure networking with CIS benchmarks
Architect and sign off on Azure VNet, firewall, and DNS configurations that meet CIS Controls 9, 10, and 11 with documented rationale.
12 chapters in this module
  1. VNet segmentation rules
  2. DNS security settings
  3. Firewall rule baselines
  4. DDoS protection enablement
  5. Private endpoint usage
  6. Web Application Firewall setup
  7. CIS logging requirements
  8. Traffic filtering standards
  9. Zero trust network design
  10. Hybrid connectivity security
  11. DNS over HTTPS policy
  12. Network micro-segmentation
Module 5. Data protection and classification alignment
Map data handling workflows to CIS Control 13 and 18 with automated classification, retention, and encryption standards.
12 chapters in this module
  1. Data classification schema
  2. Azure Information Protection
  3. DLP policy design
  4. Encryption key ownership
  5. Backup compliance checks
  6. Retention tagging
  7. Data movement logging
  8. CIS data inventory rules
  9. Sensitive data workflows
  10. Cross-border data rules
  11. Storage account encryption
  12. Blob access logging
Module 6. Monitoring and logging for audit-ready operations
Configure Azure Monitor, Log Analytics, and Sentinel to meet CIS Control 8 with automated alerts and immutable logs.
12 chapters in this module
  1. Log retention periods
  2. Centralized logging design
  3. Alert severity levels
  4. CIS logging requirements
  5. SIEM integration
  6. Immutable log setup
  7. Query templates for audits
  8. Event collection scope
  9. Security event thresholds
  10. Incident timeline creation
  11. Baseline deviation alerts
  12. Automated log export
Module 7. Change management within CIS framework
Own the change lifecycle for Azure resources with pre-approved templates and documented rollback procedures aligned to CIS Control 14.
12 chapters in this module
  1. Change advisory board role
  2. Standard change templates
  3. Emergency change rules
  4. Rollback procedure design
  5. CIS configuration drift
  6. Automated compliance checks
  7. Pre-deployment validation
  8. Post-change verification
  9. Change window policies
  10. Peer review automation
  11. Documentation updates
  12. Version-controlled templates
Module 8. Vulnerability management with CIS priorities
Prioritize patching and remediation using CIS Critical Security Controls with Azure-native tool integration.
12 chapters in this module
  1. Vulnerability scoring model
  2. Patch compliance standards
  3. Automated scanning schedule
  4. Remediation SLA design
  5. Critical system exceptions
  6. CIS Top 20 alignment
  7. Asset criticality tagging
  8. Zero-day response plan
  9. Third-party tool integration
  10. Scan exclusion policy
  11. Risk acceptance workflow
  12. Executive reporting format
Module 9. Compliance mapping and reporting authority
Produce internal compliance reports and audit evidence packages using CIS Controls as the foundation, reducing dependency on external teams.
12 chapters in this module
  1. Control mapping exercise
  2. Evidence collection process
  3. Audit timeline ownership
  4. Internal review cycles
  5. CIS to NIST alignment
  6. Remediation tracking
  7. Executive summary writing
  8. Finding categorization
  9. Compliance dashboard design
  10. Stakeholder reporting
  11. Automated evidence generation
  12. Cross-framework alignment
Module 10. Vendor and third-party configuration oversight
Evaluate and approve third-party solutions and managed services against CIS benchmarks with standard assessment criteria.
12 chapters in this module
  1. Vendor onboarding checklist
  2. Third-party access rules
  3. Managed service SLAs
  4. CIS compliance verification
  5. Audit right requirements
  6. Data handling assurances
  7. Incident response clauses
  8. Patch management terms
  9. Configuration drift monitoring
  10. Reporting requirements
  11. Security questionnaire design
  12. Contractual compliance terms
Module 11. Disaster recovery and resilience planning
Design and validate DR plans for Azure workloads under CIS Control 11 with documented decision ownership.
12 chapters in this module
  1. Recovery point objectives
  2. Recovery time definitions
  3. Geo-redundant design
  4. Failover testing schedule
  5. CIS resilience standards
  6. Backup validation process
  7. DR runbook creation
  8. Cross-region sync rules
  9. Testing documentation
  10. Post-failover review
  11. Stakeholder notification
  12. Automated recovery steps
Module 12. Building a personal decision playbook
Compile reusable templates, rationale frameworks, and sign-off records to establish recognized authority in your environment.
12 chapters in this module
  1. Playbook structure design
  2. Decision rationale logging
  3. Template library creation
  4. Version control process
  5. Peer validation record
  6. Escalation avoidance tactics
  7. Audit preparation workflow
  8. Lessons learned review
  9. Stakeholder communication
  10. Continuous improvement loop
  11. Cross-team reference use
  12. Success metric tracking

How this maps to your situation

  • When a new Azure subscription is provisioned
  • Before a compliance audit cycle begins
  • After a security finding is reported
  • During third-party vendor integration

Before vs. after

Before
Requires peer validation or leadership approval for most Azure configuration changes, especially those touching security or compliance.
After
Owns final decision rights on critical Azure infrastructure configurations, with auditable rationale and peer-recognized authority.

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters total)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: Approximately 3 hours per module, designed for practitioners to complete one module per week while on the job.

How this compares to the alternatives

Unlike generic cloud security courses, this program focuses exclusively on expanding decision authority within your current role using the CIS Controls framework, with Azure-specific implementation playbooks and no reliance on external certifications.

Frequently asked

Who is this course designed for?
Senior Azure engineers and infrastructure specialists who already manage hybrid environments and want to expand their decision-making scope within security and compliance.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Will this help me get promoted?
This course is designed to expand your mandate in your current role, not prepare for a future title. The outcome is greater ownership of decisions, not a new job description.
$199 one-time. Approximately 3 hours per module, designed for practitioners to complete one module per week while on the job..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours