Product Security Foundations
RCCE students will learn how product security differs from traditional infrastructure security by focusing on secure design, secure defaults, vulnerability prevention, release risk, and customer-facing trust. RCCE students will learn to embed security into product lifecycles, collaborate with engineering teams, understand abuse cases, prioritize security debt, and create practical controls that protect products before they reach customers. The course covers practical scenarios ranging from product planning to design reviews, release readiness, and post-release security operations. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Product Security Foundations
- Explain Product Security Foundations fundamentals
- Execute hands-on tasks for embedding security into product lifecycles
- Explain Course Overview fundamentals
- Execute hands-on tasks for what this course covers
- Execute hands-on tasks for product security
- Execute hands-on tasks for infrastructure security
- Execute hands-on tasks for the product security mindset — covering abuse cases early, Safe configurations out of box.
- Execute hands-on tasks for think like an attacker — covering abuse cases early.
- Execute hands-on tasks for secure by default — covering Safe configurations out of box.
- Execute hands-on tasks for shift left always — covering Security in design, not just testing.
- Execute hands-on tasks for measure & iterate — covering Track security debt velocity.
- Execute hands-on tasks for security requirements engineering
| Module 01 | Product Security Foundations |
| Module 02 | Embedding Security Into Product Lifecycles |
| Module 03 | Course Overview |
| Module 04 | What This Course Covers |
| Module 05 | Product Security |
| Module 06 | Infrastructure Security |
| Module 07 | The Product Security Mindset |
| Module 08 | Think Like an Attacker |
| Module 09 | Secure by Default |
| Module 10 | Shift Left Always |
| Module 11 | Measure & Iterate |
| Module 12 | Security Requirements Engineering |
| Module 13 | Functional Requirements |
| Module 14 | Non-Functional Requirements |
All hands-on labs run on Rocheston Rose X OS. Students practice product security foundations by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Explain Product Security Foundations fundamentals
- Lab 2: Execute hands-on tasks for embedding security into product lifecycles
- Lab 3: Explain Course Overview fundamentals
- Lab 4: Execute hands-on tasks for what this course covers
- Lab 5: Execute hands-on tasks for product security
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Product Security Foundations, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI