Advanced OT segmentation Mastery
RCCE students will learn network segmentation design and implementation including VLAN segmentation, micro-segmentation, zero trust network architecture, and segmentation testing. RCCE students will learn to design network segmentation architectures that limit lateral movement, implement VLANs, firewall zones, and software-defined segmentation, apply micro-segmentation to protect high-value assets, verify segmentation effectiveness through penetration testing, monitor inter-segment traffic for policy violations, troubleshoot segmentation-related connectivity issues, and maintain segmentation policies as organizational network architectures evolve across on-premises, cloud, and hybrid environments. This advanced mastery course challenges experienced practitioners with complex scenarios, expert-level techniques, and nuanced decision-making. At an expert level, RCCE students will learn to handle the most demanding situations in this domain, developing the expertise expected of senior security professionals. Students tackle multi-layered problems that require synthesizing knowledge across multiple disciplines.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Advanced OT segmentation Mastery
- Execute hands-on tasks for learning objectives
- Design a scalable privilege management architecture with policy and enforcement, including IT: CIA triad prioritizes confidentiality, and PLCs, RTUs, HMIs, SCADA servers.
- Execute hands-on tasks for ot network components — covering IT: CIA triad prioritizes confidentiality.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for enterprise network
- Execute hands-on tasks for business planning
- Design a scalable privilege management architecture with policy and enforcement, including Separate VLANs per Purdue level, and Avoid VLAN spanning across switches.
- Execute hands-on tasks for ot-specific considerations — covering Separate VLANs per Purdue level.
- Execute hands-on tasks for no native vlan traffic on trunks — covering Avoid VLAN spanning across switches.
- Execute hands-on tasks for security hardening — covering Disable DTP on all ports.
- Execute hands-on tasks for enterprise zone — covering Full internet access, No direct IT-to-OT traffic.
| Module 01 | Learning Objectives |
| Module 02 | OT Network Architecture Fundamentals |
| Module 03 | OT Network Components |
| Module 04 | Purdue Model & ISA/IEC 62443 Zones |
| Module 05 | Enterprise Network |
| Module 06 | Business Planning |
| Module 07 | VLAN Design Principles |
| Module 08 | OT-Specific Considerations |
| Module 09 | No native VLAN traffic on trunks |
| Module 10 | Security Hardening |
| Module 11 | Firewall Zones & DMZ Architecture |
| Module 12 | Enterprise Zone |
| Module 13 | OT Production Zone |
| Module 14 | AD/LDAP authentication |
All hands-on labs run on Rocheston Rose X OS. Students practice advanced ot segmentation mastery by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for learning objectives
- Lab 2: Design a scalable privilege management architecture with policy and enforcement
- Lab 3: Execute hands-on tasks for ot network components
- Lab 4: Design a scalable privilege management architecture with policy and enforcement
- Lab 5: Execute hands-on tasks for enterprise network
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Advanced OT segmentation Mastery, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI