Rules of Engagement
RCCE students will learn the critical frameworks that define the legal, ethical, and operational boundaries of penetration testing. RCCE students will learn to draft and interpret Rules of Engagement (RoE) documents, define scope, authorized testing periods, and emergency contact procedures. The course covers the importance of getting explicit written consent, handling out-of-scope discoveries, and managing client expectations to ensure a safe and professional engagement. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Rules of Engagement
- Explain Penetration Testing Foundations fundamentals
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn — covering Draft and interpret RoE documents.
- Execute hands-on tasks for target audience
- Execute hands-on tasks for course structure — covering Concept explanation and theory.
- Execute hands-on tasks for benefits with roe — covering Criminal prosecution of testers.
- Explain Legal Foundations of Penetration Testing fundamentals
- Execute hands-on tasks for key laws & regulations — covering CFAA (Computer Fraud and Abuse Act).
- Execute hands-on tasks for legal concepts — covering Written authorization as legal shield.
- Execute hands-on tasks for cfaa key provisions for pentesters — covering Unauthorized access to protected computers.
- Execute hands-on tasks for what can go wrong — covering Testing systems outside agreed scope.
- Execute hands-on tasks for how roe protects you — covering Explicit scope in signed document.
| Module 01 | Penetration Testing Foundations |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Target Audience |
| Module 05 | Course Structure |
| Module 06 | Benefits With RoE |
| Module 07 | Legal Foundations of Penetration Testing |
| Module 08 | Key Laws & Regulations |
| Module 09 | Legal Concepts |
| Module 10 | CFAA Key Provisions for Pentesters |
| Module 11 | What Can Go Wrong |
| Module 12 | How RoE Protects You |
| Module 13 | International Legal Landscape |
| Module 14 | Key Law |
All hands-on labs run on Rocheston Rose X OS. Students practice rules of engagement by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Explain Penetration Testing Foundations fundamentals
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for target audience
- Lab 5: Execute hands-on tasks for course structure
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Rules of Engagement, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI