Hands-On Metrics
RCCE students will learn security program measurement including KPI and KRI development, security metrics frameworks, operational metrics collection, executive dashboard design, and data-driven decision making. RCCE students will learn to define meaningful security metrics that demonstrate program effectiveness, build KPIs that align with organizational risk appetite and business objectives, collect and validate operational metrics from security tools, design executive dashboards that communicate security posture clearly, use metrics to identify trends and predict future security needs, benchmark performance against industry standards, and avoid common metrics pitfalls that lead to misleading conclusions. This practice-intensive course emphasizes applied skills through lab exercises, real-world scenarios, and production-realistic workflows. Building on core knowledge, RCCE students will learn by doing, building muscle memory and practical confidence through repeated hands-on engagement. Students complete exercises that mirror actual workplace tasks, ensuring skills transfer directly to their professional roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Hands-On Metrics
- Measure attack surface reduction and program effectiveness
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for core competencies
- Execute hands-on tasks for applied skills — covering meaningful security metrics, Use metrics to identify trends.
- Execute hands-on tasks for decision support — covering Demonstrate program, Quantify security posture, Prioritize resource.
- Execute hands-on tasks for show roi on controls — covering Quantify security posture.
- Measure attack surface reduction and program effectiveness — covering Patch compliance rate, Residual risk score.
- Measure attack surface reduction and program effectiveness — covering Audit finding closure rate.
- Execute hands-on tasks for key performance indicators: measuring what matters — covering Specific and measurable, KPI drives action, vanity.
| Module 01 | Hands-On Metrics |
| Module 02 | Learning Objectives |
| Module 03 | Core Competencies |
| Module 04 | Applied Skills |
| Module 05 | Why Security Metrics Matter |
| Module 06 | Decision Support |
| Module 07 | Show ROI on controls |
| Module 08 | Security Metrics Taxonomy |
| Module 09 | Operational Metrics |
| Module 10 | Risk Metrics |
| Module 11 | Business Metrics |
| Module 12 | Key Performance Indicators: Measuring What Matters |
| Module 13 | KPI vs. Vanity Metric |
| Module 14 | Threshold Design |
All hands-on labs run on Rocheston Rose X OS. Students practice hands-on metrics by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Measure attack surface reduction and program effectiveness
- Lab 2: Execute hands-on tasks for learning objectives
- Lab 3: Execute hands-on tasks for core competencies
- Lab 4: Execute hands-on tasks for applied skills
- Lab 5: Measure attack surface reduction and program effectiveness
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Hands-On Metrics, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI