CIS Critical Security Control 7: Continuous Vulnerability Management

Welcome to our course series on CIS Top 18 Critical Security Controls v8. In this course covering control 7: Continuous Vulnerability Management, you'll demonstrate how to configure a repository for Linux servers and configure a Windows System Update Service for a domain controller. Get hands-on with automated OS and application patch management!

Course Content

Why is This Control Critical?


Continuous Vulnerability Management
Configuring WSUS


Continuous Vulnerability Management
Course Description

These security controls can be combined with frameworks, like NIST SP 800-37 (The NIST Risk Management Framework-RMF) to provide organizations with defense-in-depth best practices.

This course will help prepare students for industry certifications around the CIS Security Controls. You will see an overview of each control, map the controls to the NIST Cybersecurity Framework, and gain hands-on practice in secure, scenario-based lab environments.


This course is designed for IT security professionals who want to expand their knowledge and skills in the area of development and implementation of security controls. Prerequisites include an existing knowledge of networking and knowledge of their organization’s security requirements.

Course Goals

By the end of this course, students should be able to:

  • Explain the concept of security controls
  • Enumerate the eighteen (18) areas of critical security controls
  • * Implement technical security controls related to these areas

    This course is part of a Career Path:
    No items found.

    Instructed by

    Senior Instructor
    Corey Holzer

    My current title is Information Systems Engineer. As part of my quest for self-improvement, I earned multiple degrees including a Ph.D. in Information Security from Purdue (2016); a Master of Science in Networking and Communications Management (2009) and Master in Business Administration (2009) from Keller Graduate School of Management; a Master of Arts (1994) from St. John's University NY. I also hold multiple industry certifications including CISSP, Security+, CNDA, and CEH.

    Growing up in New York City, NY, much of my 13 years of IT work experience in the private sector came while I lived there. My positions included roles from entry-level technician for World Wrestling Entertainment through Lead web developer and Technical Project Manager on several multi-million dollar projects for J. Walter Thompson’s new media division. In 2006, I transitioned over to the public sector. My military career also focuses on Information Technology. In the last 14 years, I filled various technology positions involving systems and network administration, technical project management, and team lead for multiple capability development projects.

    At a young age I discovered my love for technology and computers. It began with figuring out how technology worked by taking it apart. Mom wasn’t happy when she found the remains of my tape recorder in my room. I soon moved on to learning about computers and programming languages. While the term “hacker” has taken on a negative connotation in recent years, I still consider myself a hacker based on the original description of the word when talking about people like Gates and Jobs.

    I first discovered Cybrary last year when I started studying for the CCNA exam. When I learned they needed instructors for various courses, I applied. Mentorship is one of my favorite aspects of the various roles I held in the last few years. Being an instructor affords me more opportunities for mentorship.

    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a CIS Critical Security Control 7: Continuous Vulnerability Management Certificate of Completion