Cloud Infrastructure Entitlement Management (CIEM)
RCCE students will learn how to identify excessive permissions, toxic combinations, dormant entitlements, risky roles, and privilege escalation paths across cloud identities and services. RCCE students will learn to map permissions to real attack paths, reduce excessive access, enforce least privilege, validate entitlement cleanup, and improve governance of machine and human access in public cloud environments. The course covers practical scenarios ranging from entitlement analysis to remediation planning and continuous review. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- Cloud Security Architects and Engineers
- DevSecOps and Platform Engineers
- Identity and Access Management Specialists
- Security Analysts securing cloud workloads
- Professionals implementing Cloud Infrastructure Entitlement Management (CIEM)
- Execute hands-on tasks for cloud infrastructure
- Execute hands-on tasks for entitlement management
- Explain Course Overview fundamentals
- Execute hands-on tasks for compliance gap
- Execute hands-on tasks for attack surface — covering Auditors demand evidence of least privilege, Overprivileged identities are attacker goldmines.
- Integrate privilege controls with identity providers and SIEM telemetry
- Execute hands-on tasks for human identities
- Execute hands-on tasks for machine identities — covering IAM users with console access, Service accounts and roles.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for evaluation logic
- Execute hands-on tasks for key risks — covering Identity-based (attached to, Explicit Deny always wins.
| Module 01 | Cloud Infrastructure |
| Module 02 | Entitlement Management |
| Module 03 | Course Overview |
| Module 04 | Compliance Gap |
| Module 05 | Attack Surface |
| Module 06 | Cloud Identity Types |
| Module 07 | Human Identities |
| Module 08 | Machine Identities |
| Module 09 | AWS IAM Permission Model |
| Module 10 | Evaluation Logic |
| Module 11 | Key Risks |
| Module 12 | Azure RBAC Permission Model |
| Module 13 | Role Assignments |
| Module 14 | Scope Hierarchy |
All hands-on labs run on Rocheston Rose X OS. Students practice cloud infrastructure entitlement management (ciem) by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for cloud infrastructure
- Lab 2: Execute hands-on tasks for entitlement management
- Lab 3: Explain Course Overview fundamentals
- Lab 4: Execute hands-on tasks for compliance gap
- Lab 5: Execute hands-on tasks for attack surface
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Cloud Infrastructure Entitlement Management (CIEM), verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI