Supply chain Hardening Workshop
RCCE students will learn software and hardware supply chain security including vendor risk assessment, third-party code analysis, dependency management, build pipeline integrity, and supply chain attack detection. RCCE students will learn to evaluate supply chain risks across software development lifecycles, implement software bill of materials (SBOM) practices, verify code signing and artifact integrity, detect compromised dependencies and malicious packages, configure dependency scanning in CI/CD pipelines, assess vendor security posture, and respond to supply chain compromise incidents such as dependency confusion, typosquatting, and upstream repository attacks. This hands-on hardening course focuses on reducing attack surface through practical configuration changes and security guardrails. At an expert level, RCCE students will learn to apply hardening baselines, validate configurations, and measure the security improvement achieved. Students walk away with actionable hardening checklists and the skills to maintain hardened configurations as environments evolve.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Supply chain Hardening Workshop
- Execute hands-on tasks for supply chain hardening workshop
- Execute hands-on tasks for learning objectives — covering Evaluate supply chain risks across SDLCs, SBOM practices and verify integrity.
- Execute hands-on tasks for supply chain security fundamentals
- Execute hands-on tasks for software supply chain
- Execute hands-on tasks for hardware supply chain — covering Component manufacturing and sourcing.
- Execute hands-on tasks for supply chain attack surface
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for upstream components — covering Open-source libraries and frameworks.
- Execute hands-on tasks for internal pipeline — covering Source control and branch policies.
- Execute hands-on tasks for downstream consumers — covering Production environments and end users.
- Execute hands-on tasks for vendor risk assessment framework
- Execute hands-on tasks for security posture evaluation — covering SOC 2 / ISO 27001, Operational Risk Factors, Business continuity.
| Module 01 | Supply Chain Hardening Workshop |
| Module 02 | Learning Objectives |
| Module 03 | Supply Chain Security Fundamentals |
| Module 04 | Software Supply Chain |
| Module 05 | Hardware Supply Chain |
| Module 06 | Supply Chain Attack Surface |
| Module 07 | Software Supply Chain Architecture |
| Module 08 | Upstream Components |
| Module 09 | Internal Pipeline |
| Module 10 | Downstream Consumers |
| Module 11 | Vendor Risk Assessment Framework |
| Module 12 | Security Posture Evaluation |
| Module 13 | Operational Risk Factors |
| Module 14 | Technical Integration Risk |
All hands-on labs run on Rocheston Rose X OS. Students practice supply chain hardening workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for supply chain hardening workshop
- Lab 2: Execute hands-on tasks for learning objectives
- Lab 3: Execute hands-on tasks for supply chain security fundamentals
- Lab 4: Execute hands-on tasks for software supply chain
- Lab 5: Execute hands-on tasks for hardware supply chain
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Supply chain Hardening Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI