Supply chain Deep Dive
RCCE students will learn software and hardware supply chain security including vendor risk assessment, third-party code analysis, dependency management, build pipeline integrity, and supply chain attack detection. RCCE students will learn to evaluate supply chain risks across software development lifecycles, implement software bill of materials (SBOM) practices, verify code signing and artifact integrity, detect compromised dependencies and malicious packages, configure dependency scanning in CI/CD pipelines, assess vendor security posture, and respond to supply chain compromise incidents such as dependency confusion, typosquatting, and upstream repository attacks. This deep-dive course provides comprehensive technical coverage that goes beyond surface-level understanding. Building on core knowledge, RCCE students will learn to master the nuances, edge cases, and advanced configurations that separate competent practitioners from true experts. Students will engage with complex real-world scenarios and gain the depth of knowledge required to troubleshoot difficult situations, mentor junior team members, and make architectural decisions with confidence.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Supply chain Deep Dive
- Execute hands-on tasks for supply chain deep dive
- Execute hands-on tasks for advanced cyber defense mastery
- Explain DevSecOps Foundations fundamentals
- Explain Executive Overview fundamentals
- Execute hands-on tasks for why supply chain security?
- Execute hands-on tasks for strategic importance
- Execute hands-on tasks for key regulatory drivers — covering EO 14028: US mandate for SBOM in federal software.
- Execute hands-on tasks for core definitions
- Execute hands-on tasks for software supply chain
- Execute hands-on tasks for dependency confusion
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for cisa / ntia — covering Syft — generates CycloneDX/SPDX from containers.
| Module 01 | Supply Chain Deep Dive |
| Module 02 | Advanced Cyber Defense Mastery |
| Module 03 | DevSecOps Foundations |
| Module 04 | Executive Overview |
| Module 05 | Why Supply Chain Security? |
| Module 06 | Strategic Importance |
| Module 07 | Key Regulatory Drivers |
| Module 08 | Core Definitions |
| Module 09 | Software Supply Chain |
| Module 10 | Dependency Confusion |
| Module 11 | Supply Chain Architecture & Trust Zones |
| Module 12 | CISA / NTIA |
| Module 13 | Vendor Risk Assessment |
| Module 14 | Vendor Security Posture Evaluation Framework |
All hands-on labs run on Rocheston Rose X OS. Students practice supply chain deep dive by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for supply chain deep dive
- Lab 2: Execute hands-on tasks for advanced cyber defense mastery
- Lab 3: Explain DevSecOps Foundations fundamentals
- Lab 4: Explain Executive Overview fundamentals
- Lab 5: Execute hands-on tasks for why supply chain security?
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Supply chain Deep Dive, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI