Building a Security-First Practice with the CIS Controls


Use this course material and kit to jump-start your Managed Services offerings based on the CIS Controls:

  • What are the CIS Controls and why should I use them in my MSP practice?
  • Deep dive on the top 18 Controls including commentary on all three Implementation Groups
  • How to communicate the importance of cybersecurity and the CIS Controls to customers
  • Downloadable kit of Customer-facing templates and other materials

Come away with a better understanding of the CIS Controls and how to implement them in your MSP practice.

Buy Now



This is my most comprehensive overview of the CIS Critical Security Controls, updated for Version 8, and including guidance on all three Implementation Groups (IG1, IG2, and IG3).

The goal of this Course and Practice Kit is to help you jump-start your Security-First Managed Services Practice. Making sure that security is the foundation of your business implies a commitment to transforming your services. Expect to find the following materials in this course:

  • Intro & Commentary on the CIS Controls IG1, 2 and 3 (Video and written content)
  • Cybersecurity Assessment materials for IG1, 2 and 3 (Assessment Workbook + Report template)
  • Policy & Procedures aligned to the CIS Controls (template for IG1)
  • Project work described (SOW templates)
  • Future updates to the course and materials

Note that this content is meant to be mostly vendor-agnostic. In other words, do not come here for a technical “how-to” on specific Microsoft products. For that, you can buy my courses or guides on those topics.

That having been said, I will share some of my experiences implementing various CIS Controls, which sometimes involves Microsoft products. I will also point out areas where I think Microsoft does not have a good answer. But understand that the framework I am sharing here is flexible enough to allow you to plug in whatever technology and supporting behaviors you want. I will provide the scaffolding and some ideas on how you might build from there, but ultimately it will be up to you to complete this journey.