AI supply chain Threats, Tactics, and Defenses
RCCE students will learn software and hardware supply chain security including vendor risk assessment, third-party code analysis, dependency management, build pipeline integrity, and supply chain attack detection. RCCE students will learn to evaluate supply chain risks across software development lifecycles, implement software bill of materials (SBOM) practices, verify code signing and artifact integrity, detect compromised dependencies and malicious packages, configure dependency scanning in CI/CD pipelines, assess vendor security posture, and respond to supply chain compromise incidents such as dependency confusion, typosquatting, and upstream repository attacks. This threat-focused course teaches students to think like adversaries while building robust defenses. Building on core knowledge, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing AI supply chain Threats, Tactics, and Defenses
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for the supply chain landscape
- Execute hands-on tasks for source code → dependencies → build system → artifact store →
- Execute hands-on tasks for software supply chain
- Execute hands-on tasks for hardware supply chain — covering Open-source libraries &, Chip fabrication facilities.
- Execute hands-on tasks for ai/ml supply chain — covering Open-source libraries &.
- Execute hands-on tasks for supply chain attack surface
- Execute hands-on tasks for entry points — covering Package registries.
- Execute hands-on tasks for impact zones — covering Data exfiltration.
- Execute hands-on tasks for what is an sbom? — covering Formal machine-readable inventory.
- Execute hands-on tasks for sbom formats — covering SPDX (ISO/IEC 5962:2021).
- Execute hands-on tasks for trivy sbom mode — covering SBOM repository.
| Module 01 | Learning Objectives |
| Module 02 | The Supply Chain Landscape |
| Module 03 | Source Code → Dependencies → Build System → Artifact Store → |
| Module 04 | Software Supply Chain |
| Module 05 | Hardware Supply Chain |
| Module 06 | AI/ML Supply Chain |
| Module 07 | Supply Chain Attack Surface |
| Module 08 | Entry Points |
| Module 09 | Impact Zones |
| Module 10 | What Is an SBOM? |
| Module 11 | SBOM Formats |
| Module 12 | Trivy SBOM mode |
| Module 13 | New CVE matching |
| Module 14 | Dependency Management Fundamentals |
All hands-on labs run on Rocheston Rose X OS. Students practice ai supply chain threats, tactics, and defenses by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for learning objectives
- Lab 2: Execute hands-on tasks for the supply chain landscape
- Lab 3: Execute hands-on tasks for source code → dependencies → build system → artifact store →
- Lab 4: Execute hands-on tasks for software supply chain
- Lab 5: Execute hands-on tasks for hardware supply chain
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for AI supply chain Threats, Tactics, and Defenses, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI