Security metrics Playbook for Teams
RCCE students will learn Industrial Control System security including PLC programming security, DCS architecture protection, safety instrumented system integrity, industrial protocol analysis, and ICS-specific incident response. RCCE students will learn to assess ICS environments for cybersecurity vulnerabilities, implement defense-in-depth for industrial control networks, monitor ICS communications for unauthorized commands, detect and respond to attacks targeting programmable logic controllers and distributed control systems, maintain safety system integrity during cyber incidents, apply ICS security standards including IEC 62443 and NIST SP 800-82, and bridge the gap between IT security teams and OT operations staff. This team-oriented course builds collaborative workflows and organizational playbooks for security operations. Building on core knowledge, RCCE students will learn to create and implement standardized procedures that enable consistent performance across team members and shifts. Students develop the documentation, communication, and coordination skills needed for effective team-based security operations.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Security metrics Playbook for Teams
- Measure attack surface reduction and program effectiveness
- Explain Course Overview fundamentals
- Execute hands-on tasks for learning objectives — covering security metrics aligned to business goals, Build team-based SOC playbooks and runbooks.
- Execute hands-on tasks for course structure — covering 6 hours of instruction and labs, Intermediate level with hands-on exercises.
- Measure attack surface reduction and program effectiveness — covering Mean time to detect (MTTD), Mean time to respond (MTTR).
- Execute hands-on tasks for mean time to detect (mttd) — covering Mean time to respond (MTTR).
- Measure attack surface reduction and program effectiveness — covering Incidents handled per analyst, Shift coverage completeness.
- Measure attack surface reduction and program effectiveness — covering Risk reduction over time, Coverage gaps per asset class.
- Measure attack surface reduction and program effectiveness — covering PLC patch currency rate, OT network segmentation score.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for anti-patterns to avoid — covering Specific: tied to one security outcome.
| Module 01 | Security Metrics Playbook for Teams |
| Module 02 | Course Overview |
| Module 03 | Learning Objectives |
| Module 04 | Course Structure |
| Module 05 | Security Metrics Fundamentals |
| Module 06 | Operational Metrics |
| Module 07 | Mean time to detect (MTTD) |
| Module 08 | Team Metrics |
| Module 09 | Strategic Metrics |
| Module 10 | ICS-Specific Metrics |
| Module 11 | Metric Design Principles |
| Module 12 | Anti-Patterns to Avoid |
| Module 13 | False Positive Rate |
| Module 14 | Alert Coverage |
All hands-on labs run on Rocheston Rose X OS. Students practice security metrics playbook for teams by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Measure attack surface reduction and program effectiveness
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for learning objectives
- Lab 4: Execute hands-on tasks for course structure
- Lab 5: Measure attack surface reduction and program effectiveness
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Security metrics Playbook for Teams, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI