AWS Threats and Detection: In Practice
RCCE students will learn Amazon Web Services security architecture and operations including IAM policies, VPC security, Security Hub, GuardDuty, CloudTrail analysis, S3 bucket security, KMS encryption, and Lambda function security. RCCE students will learn to secure AWS workloads using native and third-party security controls, configure IAM least-privilege policies, design secure VPC architectures with security groups and NACLs, enable and analyze CloudTrail logs for security investigations, detect misconfigurations using AWS Config and Security Hub, respond to alerts from GuardDuty, and implement automated security remediation using Lambda and Step Functions. This threat-focused course teaches students to think like adversaries while building robust defenses. Building on core knowledge, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Cloud Security Architects and Engineers
- DevSecOps and Platform Engineers
- Identity and Access Management Specialists
- Security Analysts securing cloud workloads
- Professionals implementing AWS Threats and Detection: In Practice
- Build detections and response workflows for privilege escalation
- Explain Course Overview fundamentals — covering IAM policies and least privilege, Security Hub configuration.
- Monitor and audit privilege usage; detect escalation attempts, including IAM policies and least privilege, and Security Hub configuration.
- Build detections and response workflows for privilege escalation, including IAM policies and least privilege.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for customer responsibility — covering AWS Responsibility.
- Integrate privilege controls with identity providers and SIEM telemetry
- Execute hands-on tasks for data layer — covering Network Layer.
- Execute hands-on tasks for security hub aggregation
- Execute hands-on tasks for "effect": "allow",
| Module 01 | AWS Threats and Detection: In Practice |
| Module 02 | Course Overview |
| Module 03 | Detection and Monitoring |
| Module 04 | Response and Automation |
| Module 05 | AWS Shared Responsibility Model |
| Module 06 | Customer Responsibility |
| Module 07 | AWS Security Architecture |
| Module 08 | Identity Layer |
| Module 09 | Data Layer |
| Module 10 | Security Hub aggregation |
| Module 11 | Identity and Access Management core concepts |
| Module 12 | "Effect": "Allow", |
| Module 13 | 3. Test and Validate |
| Module 14 | Access Controls |
All hands-on labs run on Rocheston Rose X OS. Students practice aws threats and detection: in practice by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Build detections and response workflows for privilege escalation
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Monitor and audit privilege usage; detect escalation attempts
- Lab 4: Build detections and response workflows for privilege escalation
- Lab 5: Design a scalable privilege management architecture with policy and enforcement
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for AWS Threats and Detection: In Practice, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI