Over the next couple weeks, I’m going to do a series on implementing the CIS Top 20 critical security controls with little or no budget, just time. I mean this to be a technical overview with no marketing, overly broad, fluff that you normally see and only the basics of how to actually implement these controls as cheaply as possible. However, that is obviously bad advice as security is really important and you should hire a security consultant (or three) and pay them and do things the right way. This is for everyone else, who don’t want to be the slowest gazelle in the pack, but also don’t have the budget to pay consultants or buy expensive software. I hope to be able to move people along the path toward a more secure environment, so that one day you can talk competently with said hired security consultant and feel comfortable in your answers knowing you did all you could.