Identity lifecycle Threats, Tactics, and Defenses: Primer
RCCE students will learn the complete identity lifecycle from provisioning through deprovisioning, covering joiner-mover-leaver processes, account creation workflows, role-based access assignments, periodic access recertification, and timely account deactivation. RCCE students will learn to design identity lifecycle automation using identity governance platforms, implement approval workflows for access requests, detect orphaned and dormant accounts, enforce separation of duties, and integrate HR systems with identity providers to ensure access rights accurately reflect current employment status and job responsibilities. This threat-focused course teaches students to think like adversaries while building robust defenses. Starting from foundational concepts, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Identity lifecycle Threats, Tactics, and Defenses: Primer
- Integrate privilege controls with identity providers and SIEM telemetry
- Execute hands-on tasks for learning objectives — covering Understand joiner-mover-leaver processes end to.
- Design a scalable privilege management architecture with policy and enforcement, including Build governance workflows with identity platforms.
- Integrate privilege controls with identity providers and SIEM telemetry, including Understand joiner-mover-leaver processes end to.
- Execute hands-on tasks for enforce separation of duties — covering SoD policies and conflict detection.
- Execute hands-on tasks for build threat-informed defenses — covering Analyze attacker TTPs targeting identity systems.
- Integrate privilege controls with identity providers and SIEM telemetry, including Find orphaned, dormant, and over-privileged.
- Integrate privilege controls with identity providers and SIEM telemetry, including Ensure access reflects employment status in real.
- Execute hands-on tasks for active use
- Execute hands-on tasks for core principles
- Execute hands-on tasks for why it matters — covering Least privilege by default.
| Module 01 | Identity Lifecycle Threats, |
| Module 02 | Learning Objectives |
| Module 03 | Design Lifecycle Automation |
| Module 04 | Map the Identity Lifecycle |
| Module 05 | Enforce Separation of Duties |
| Module 06 | Build Threat-Informed Defenses |
| Module 07 | Detect Identity Risks |
| Module 08 | Integrate HR with Identity |
| Module 09 | Identity Request |
| Module 10 | Active Use |
| Module 11 | Core Principles |
| Module 12 | Why It Matters |
| Module 13 | Identity Lifecycle Phases |
| Module 14 | Joiner Process: Provisioning New Identities |
All hands-on labs run on Rocheston Rose X OS. Students practice identity lifecycle threats, tactics, and defenses: primer by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Integrate privilege controls with identity providers and SIEM telemetry
- Lab 2: Execute hands-on tasks for learning objectives
- Lab 3: Design a scalable privilege management architecture with policy and enforcement
- Lab 4: Integrate privilege controls with identity providers and SIEM telemetry
- Lab 5: Execute hands-on tasks for enforce separation of duties
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Identity lifecycle Threats, Tactics, and Defenses: Primer, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI