SBOM Operations Playbook
RCCE students will learn Software Bill of Materials creation, management, and security analysis including SBOM formats (SPDX, CycloneDX), dependency enumeration, vulnerability correlation, and license compliance. RCCE students will learn to generate SBOMs from source code and container images, analyze SBOM contents for known vulnerabilities, track dependency health across software portfolios, integrate SBOM generation into CI/CD pipelines, respond to newly disclosed vulnerabilities by querying SBOMs across the organization, comply with SBOM requirements from government regulations and customer contracts, and use SBOMs to improve software supply chain visibility and risk management. This operations-focused course delivers production-ready playbooks, checklists, and standard operating procedures. Building on core knowledge, RCCE students will learn to build repeatable day-to-day operational workflows that ensure consistency and quality. Students receive templates and frameworks they can customize and deploy immediately in their security operations, reducing time to operational effectiveness.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing SBOM Operations Playbook
- Execute hands-on tasks for sbom operations playbook
- Execute hands-on tasks for advanced cyber defense mastery
- Explain Executive Overview fundamentals — covering Machine-readable software inventory, EO 14028 mandates for federal software.
- Execute hands-on tasks for why sboms matter now — covering Machine-readable software inventory.
- Execute hands-on tasks for key drivers
- Execute hands-on tasks for business value — covering Software supply chain attacks up 742%, Reduce mean-time-to-remediate by 60%.
- Execute hands-on tasks for customer rfps increasingly require sboms — covering Reduce mean-time-to-remediate by 60%.
- Explain Linux Foundation standard fundamentals — covering OWASP community standard.
- Execute hands-on tasks for cyclonedx (owasp) — covering Linux Foundation standard.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for component name
- Execute hands-on tasks for dependency enumeration & classification
| Module 01 | SBOM Operations Playbook |
| Module 02 | Advanced Cyber Defense Mastery |
| Module 03 | Executive Overview |
| Module 04 | Why SBOMs Matter Now |
| Module 05 | Key Drivers |
| Module 06 | Business Value |
| Module 07 | Customer RFPs increasingly require SBOMs |
| Module 08 | Linux Foundation standard |
| Module 09 | CycloneDX (OWASP) |
| Module 10 | SBOM Anatomy & Data Model |
| Module 11 | Component Name |
| Module 12 | Dependency Enumeration & Classification |
| Module 13 | Direct Dependencies |
| Module 14 | Transitive Dependencies |
All hands-on labs run on Rocheston Rose X OS. Students practice sbom operations playbook by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for sbom operations playbook
- Lab 2: Execute hands-on tasks for advanced cyber defense mastery
- Lab 3: Explain Executive Overview fundamentals
- Lab 4: Execute hands-on tasks for why sboms matter now
- Lab 5: Execute hands-on tasks for key drivers
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for SBOM Operations Playbook, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI