Hands-On Misconfigurations
RCCE students will learn cloud and infrastructure misconfiguration detection, prevention, and remediation including CSPM deployment, configuration baseline management, and automated remediation. RCCE students will learn to identify common misconfigurations across cloud platforms including public S3 buckets, overly permissive security groups, unencrypted data stores, and misconfigured identity policies, deploy cloud security posture management tools, establish configuration baselines and detect drift, implement automated remediation for critical misconfigurations, prioritize misconfiguration findings by exploitability and business impact, and build organizational processes that prevent misconfigurations from reaching production. This practice-intensive course emphasizes applied skills through lab exercises, real-world scenarios, and production-realistic workflows. At an expert level, RCCE students will learn by doing, building muscle memory and practical confidence through repeated hands-on engagement. Students complete exercises that mirror actual workplace tasks, ensuring skills transfer directly to their professional roles.
- Cloud Security Architects and Engineers
- DevSecOps and Platform Engineers
- Identity and Access Management Specialists
- Security Analysts securing cloud workloads
- Professionals implementing Hands-On Misconfigurations
- Execute hands-on tasks for hands-on misconfigurations
- Explain Module Overview fundamentals
- Execute hands-on tasks for what you will learn
- Execute hands-on tasks for module approach — covering Identify misconfigurations across cloud platforms, Hands-on lab exercises throughout.
- Execute hands-on tasks for the cloud misconfiguration landscape
- Execute hands-on tasks for impact categories — covering Cloud complexity outpaces security teams.
- Execute hands-on tasks for misconfiguration taxonomy
- Execute hands-on tasks for high-severity categories
- Execute hands-on tasks for medium-severity categories — covering Public storage buckets with sensitive data, Missing resource tags for ownership.
- Integrate privilege controls with identity providers and SIEM telemetry, including Wildcard (*) permissions in policies, and AssumeRole chains enabling escalation.
- Execute hands-on tasks for aws-specific iam risks — covering Wildcard (*) permissions in policies.
- Execute hands-on tasks for azure-specific iam risks — covering Owner role assigned at subscription level.
| Module 01 | Hands-On Misconfigurations |
| Module 02 | Module Overview |
| Module 03 | What You Will Learn |
| Module 04 | Module Approach |
| Module 05 | The Cloud Misconfiguration Landscape |
| Module 06 | Impact Categories |
| Module 07 | Misconfiguration Taxonomy |
| Module 08 | High-Severity Categories |
| Module 09 | Medium-Severity Categories |
| Module 10 | Identity & Access Misconfigurations |
| Module 11 | AWS-Specific IAM Risks |
| Module 12 | Azure-Specific IAM Risks |
| Module 13 | Inventory Roles |
| Module 14 | Analyze Usage |
All hands-on labs run on Rocheston Rose X OS. Students practice hands-on misconfigurations by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for hands-on misconfigurations
- Lab 2: Explain Module Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for module approach
- Lab 5: Execute hands-on tasks for the cloud misconfiguration landscape
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Hands-On Misconfigurations, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI