Telemetry strategy Threats, Tactics, and Defenses
RCCE students will learn security telemetry collection strategy including data source identification, collection architecture, telemetry pipeline design, and coverage assessment. RCCE students will learn to identify critical telemetry sources across endpoints, networks, cloud environments, and applications, design telemetry collection architectures that balance coverage with performance and cost, implement telemetry pipelines for data enrichment, normalization, and routing, assess telemetry coverage against detection requirements and MITRE ATT&CK, manage telemetry volume and storage costs, troubleshoot telemetry collection failures, and continuously optimize telemetry strategy as the organizational attack surface evolves. This threat-focused course teaches students to think like adversaries while building robust defenses. Building on core knowledge, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Telemetry strategy Threats, Tactics, and Defenses
- Execute hands-on tasks for attack surface
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn
- Execute hands-on tasks for course structure — covering 4 hours of instructor-led training.
- Execute hands-on tasks for digital surface
- Execute hands-on tasks for physical surface
- Execute hands-on tasks for human surface — covering Software and applications, Hardware access points.
- Execute hands-on tasks for the cia triad: core security principles
- Execute hands-on tasks for extended security principles
- Execute hands-on tasks for authentication & non-repudiation — covering Verify identity before granting access, Multi-factor authentication enforcement.
- Implement least-privilege enforcement across endpoints and roles, including Role-based access control (RBAC), and minimum necessary permissions.
- Execute hands-on tasks for role-based access control (rbac) — covering minimum necessary permissions.
| Module 01 | Attack Surface |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Course Structure |
| Module 05 | Digital Surface |
| Module 06 | Physical Surface |
| Module 07 | Human Surface |
| Module 08 | The CIA Triad: Core Security Principles |
| Module 09 | Extended Security Principles |
| Module 10 | Authentication & Non-Repudiation |
| Module 11 | Authorization & Least Privilege |
| Module 12 | Role-based access control (RBAC) |
| Module 13 | Accountability & Auditability |
| Module 14 | Risk Management Fundamentals |
All hands-on labs run on Rocheston Rose X OS. Students practice telemetry strategy threats, tactics, and defenses by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for attack surface
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for course structure
- Lab 5: Execute hands-on tasks for digital surface
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Telemetry strategy Threats, Tactics, and Defenses, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI