Detection engineering Threats, Tactics, and Defenses
RCCE students will learn how to build, test, and maintain high-fidelity detection rules across SIEM, EDR, and cloud security platforms. RCCE students will learn to translate threat intelligence and MITRE ATT&CK techniques into detection logic, write detection rules using query languages (SPL, KQL, Sigma), reduce false positive rates through rule tuning, implement detection-as-code workflows, version control detection content, measure detection coverage gaps, and build automated testing pipelines that validate detection rules against simulated attack data before production deployment. This threat-focused course teaches students to think like adversaries while building robust defenses. Building on core knowledge, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Detection engineering Threats, Tactics, and Defenses
- Execute hands-on tasks for authentication threats,
- Explain Course Overview & Learning Objectives fundamentals
- Execute hands-on tasks for course scope — covering Authentication security fundamentals.
- Execute hands-on tasks for authentication fundamentals
- Execute hands-on tasks for what you know
- Execute hands-on tasks for what you have
- Execute hands-on tasks for what you are — covering Passwords and passphrases, Hardware tokens and smart, Fingerprint and facial.
- Explain Authentication Architecture Overview fundamentals
- Execute hands-on tasks for client layer
- Execute hands-on tasks for transport layer
- Execute hands-on tasks for application layer
- Execute hands-on tasks for auth logic, session mgmt, token validation
| Module 01 | Authentication Threats, |
| Module 02 | Course Overview & Learning Objectives |
| Module 03 | Course Scope |
| Module 04 | Authentication Fundamentals |
| Module 05 | What You Know |
| Module 06 | What You Have |
| Module 07 | What You Are |
| Module 08 | Authentication Architecture Overview |
| Module 09 | Client Layer |
| Module 10 | Transport Layer |
| Module 11 | Application Layer |
| Module 12 | Auth Logic, Session Mgmt, Token Validation |
| Module 13 | Data Layer |
| Module 14 | Credential Store, Key Vault, Audit Logs |
All hands-on labs run on Rocheston Rose X OS. Students practice detection engineering threats, tactics, and defenses by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for authentication threats,
- Lab 2: Explain Course Overview & Learning Objectives fundamentals
- Lab 3: Execute hands-on tasks for course scope
- Lab 4: Execute hands-on tasks for authentication fundamentals
- Lab 5: Execute hands-on tasks for what you know
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Detection engineering Threats, Tactics, and Defenses, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI