BEC Hardening Workshop
RCCE students will learn Business Email Compromise detection, prevention, and response including CEO fraud, vendor impersonation, account compromise, and wire transfer fraud. RCCE students will learn to identify BEC attack patterns and social engineering tactics, implement technical controls to detect BEC including email authentication, anomalous login detection, and mail flow analysis, configure rules to flag financial request emails, investigate suspected BEC incidents including email account forensics and financial transaction tracing, coordinate with financial institutions for wire transfer recovery, and develop BEC awareness training and reporting procedures for finance and executive teams. This hands-on hardening course focuses on reducing attack surface through practical configuration changes and security guardrails. Building on core knowledge, RCCE students will learn to apply hardening baselines, validate configurations, and measure the security improvement achieved. Students walk away with actionable hardening checklists and the skills to maintain hardened configurations as environments evolve.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing BEC Hardening Workshop
- Build detections and response workflows for privilege escalation
- Execute hands-on tasks for learning objectives
- Build detections and response workflows for privilege escalation, including Identify BEC attack patterns, and Conduct email account forensics.
- Execute hands-on tasks for training & awareness — covering Apply hardening baselines.
- Execute hands-on tasks for key characteristics — covering $2.7B+ losses reported annually, Bypasses technical controls by targeting human behavior, Low-tech, high-impact social engineering.
- Execute hands-on tasks for why bec succeeds — covering Bypasses technical controls by targeting human behavior.
- Execute hands-on tasks for ceo fraud — covering Impersonates.
- Execute hands-on tasks for wire transfer fraud — covering Credential theft.
- Execute hands-on tasks for authority & urgency
- Execute hands-on tasks for trust & familiarity — covering CEO impersonation with pressure, Known vendor relationships.
- Execute hands-on tasks for technical deception — covering Fear of reprisal or job loss.
| Module 01 | Business Email Compromise Detection, Prevention & Response |
| Module 02 | Learning Objectives |
| Module 03 | Detection & Prevention |
| Module 04 | Investigation & Response |
| Module 05 | Training & Awareness |
| Module 06 | Key Characteristics |
| Module 07 | Why BEC Succeeds |
| Module 08 | CEO Fraud |
| Module 09 | Wire Transfer Fraud |
| Module 10 | Authority & Urgency |
| Module 11 | Trust & Familiarity |
| Module 12 | Technical Deception |
| Module 13 | BEC Threat Landscape Overview |
| Module 14 | Use Spoofed Domains |
All hands-on labs run on Rocheston Rose X OS. Students practice bec hardening workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Build detections and response workflows for privilege escalation
- Lab 2: Execute hands-on tasks for learning objectives
- Lab 3: Build detections and response workflows for privilege escalation
- Lab 4: Build detections and response workflows for privilege escalation
- Lab 5: Execute hands-on tasks for training & awareness
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for BEC Hardening Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI