Hands-On Supply chain: Workshop
RCCE students will learn software and hardware supply chain security including vendor risk assessment, third-party code analysis, dependency management, build pipeline integrity, and supply chain attack detection. RCCE students will learn to evaluate supply chain risks across software development lifecycles, implement software bill of materials (SBOM) practices, verify code signing and artifact integrity, detect compromised dependencies and malicious packages, configure dependency scanning in CI/CD pipelines, assess vendor security posture, and respond to supply chain compromise incidents such as dependency confusion, typosquatting, and upstream repository attacks. This practice-intensive course emphasizes applied skills through lab exercises, real-world scenarios, and production-realistic workflows. Building on core knowledge, RCCE students will learn by doing, building muscle memory and practical confidence through repeated hands-on engagement. Students complete exercises that mirror actual workplace tasks, ensuring skills transfer directly to their professional roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Hands-On Supply chain: Workshop
- Execute hands-on tasks for hands-on supply chain security
- Execute hands-on tasks for advanced cyber defense mastery
- Explain Executive Overview: Supply Chain Security fundamentals
- Execute hands-on tasks for what is supply chain
- Execute hands-on tasks for workshop outcomes — covering SolarWinds, Log4Shell, XZ.
- Execute hands-on tasks for supply chain threat landscape
- Execute hands-on tasks for attack vector
- Execute hands-on tasks for real-world example
- Execute hands-on tasks for dependency confusion
- Execute hands-on tasks for supply chain attack kill chain
- Execute hands-on tasks for defense objective — covering and block at each kill chain stage.
- Execute hands-on tasks for sbom formats — covering Inventory of all software components.
| Module 01 | Hands-On Supply Chain Security |
| Module 02 | Advanced Cyber Defense Mastery |
| Module 03 | Executive Overview: Supply Chain Security |
| Module 04 | What Is Supply Chain |
| Module 05 | Workshop Outcomes |
| Module 06 | Supply Chain Threat Landscape |
| Module 07 | Attack Vector |
| Module 08 | Real-World Example |
| Module 09 | Dependency Confusion |
| Module 10 | Supply Chain Attack Kill Chain |
| Module 11 | Defense Objective |
| Module 12 | SBOM Formats |
| Module 13 | Code Signing & Artifact Integrity |
| Module 14 | Generate Keys |
All hands-on labs run on Rocheston Rose X OS. Students practice hands-on supply chain: workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for hands-on supply chain security
- Lab 2: Execute hands-on tasks for advanced cyber defense mastery
- Lab 3: Explain Executive Overview: Supply Chain Security fundamentals
- Lab 4: Execute hands-on tasks for what is supply chain
- Lab 5: Execute hands-on tasks for workshop outcomes
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Hands-On Supply chain: Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI