PSIRT Operations and Case Management
RCCE students will learn how product security incident response teams manage vulnerability intake, triage, coordination, disclosure timelines, customer communications, and remediation tracking for shipped products. RCCE students will learn to run case workflows, assign severity, coordinate with engineering owners, manage embargoes, document timelines, and maintain defensible records from report receipt through closure. The course covers practical scenarios ranging from inbound vulnerability reports to coordinated response, advisories, and lessons learned. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing PSIRT Operations and Case Management
- Execute hands-on tasks for case management
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn
- Execute hands-on tasks for course details — covering vulnerability intake and triage, Level: Intermediate.
- Execute hands-on tasks for a product security incident
- Execute hands-on tasks for mission statement
- Execute hands-on tasks for reporting lines
- Execute hands-on tasks for triage analyst
- Execute hands-on tasks for case coordinator
- Execute hands-on tasks for technical lead
- Execute hands-on tasks for comms lead
- Execute hands-on tasks for vulnerability intake channels
| Module 01 | Case Management |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Course Details |
| Module 05 | A Product Security Incident |
| Module 06 | Mission Statement |
| Module 07 | Reporting Lines |
| Module 08 | Triage Analyst |
| Module 09 | Case Coordinator |
| Module 10 | Technical Lead |
| Module 11 | Comms Lead |
| Module 12 | Vulnerability Intake Channels |
| Module 13 | Security Email Alias |
| Module 14 | Bug Bounty Platform |
All hands-on labs run on Rocheston Rose X OS. Students practice psirt operations and case management by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for case management
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for course details
- Lab 5: Execute hands-on tasks for a product security incident
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for PSIRT Operations and Case Management, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI