Security metrics Architecture and Guardrails
RCCE students will learn Industrial Control System security including PLC programming security, DCS architecture protection, safety instrumented system integrity, industrial protocol analysis, and ICS-specific incident response. RCCE students will learn to assess ICS environments for cybersecurity vulnerabilities, implement defense-in-depth for industrial control networks, monitor ICS communications for unauthorized commands, detect and respond to attacks targeting programmable logic controllers and distributed control systems, maintain safety system integrity during cyber incidents, apply ICS security standards including IEC 62443 and NIST SP 800-82, and bridge the gap between IT security teams and OT operations staff. This architecture course teaches secure system design using proven patterns, guardrails, and reference architectures. Building on core knowledge, RCCE students will learn to evaluate design options against security requirements, make informed trade-off decisions, and build systems that are resilient by design. Students gain the architectural thinking skills needed for security engineering and solution design roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Security metrics Architecture and Guardrails
- Design a scalable privilege management architecture with policy and enforcement
- Design a scalable privilege management architecture with policy and enforcement, including Evaluate design options against requirements, Make informed security trade-off decisions, and ICS environments for vulnerabilities.
- Execute hands-on tasks for ics security skills — covering ICS environments for vulnerabilities, defense-in-depth for OT networks.
- Execute hands-on tasks for assess ics environments for vulnerabilities — covering defense-in-depth for OT networks.
- Measure attack surface reduction and program effectiveness — covering security metrics architectures, guardrails and governance.
- Build detections and response workflows for privilege escalation, including Apply IEC 62443 and NIST SP 800-82, and attacks on PLCs and DCS systems.
- Execute hands-on tasks for apply iec 62443 and nist sp 800-82 — covering attacks on PLCs and DCS systems.
- Explain Topic Map Overview fundamentals
- Measure attack surface reduction and program effectiveness
- Execute hands-on tasks for metric taxonomy &
- Explain Security Metrics Foundations fundamentals
| Module 01 | Security Metrics Architecture |
| Module 02 | Architecture Skills |
| Module 03 | ICS Security Skills |
| Module 04 | Assess ICS environments for vulnerabilities |
| Module 05 | Metrics Mastery |
| Module 06 | Standards & Response |
| Module 07 | Apply IEC 62443 and NIST SP 800-82 |
| Module 08 | Topic Map Overview |
| Module 09 | Security Metrics |
| Module 10 | Metric Taxonomy & |
| Module 11 | Reference Architecture |
| Module 12 | Security Metrics Foundations |
| Module 13 | What Are Security Metrics? |
| Module 14 | Why Metrics Matter |
All hands-on labs run on Rocheston Rose X OS. Students practice security metrics architecture and guardrails by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Design a scalable privilege management architecture with policy and enforcement
- Lab 2: Design a scalable privilege management architecture with policy and enforcement
- Lab 3: Execute hands-on tasks for ics security skills
- Lab 4: Execute hands-on tasks for assess ics environments for vulnerabilities
- Lab 5: Measure attack surface reduction and program effectiveness
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Security metrics Architecture and Guardrails, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI