Supply chain security Monitoring and Detection
RCCE students will learn software and hardware supply chain security including vendor risk assessment, third-party code analysis, dependency management, build pipeline integrity, and supply chain attack detection. RCCE students will learn to evaluate supply chain risks across software development lifecycles, implement software bill of materials (SBOM) practices, verify code signing and artifact integrity, detect compromised dependencies and malicious packages, configure dependency scanning in CI/CD pipelines, assess vendor security posture, and respond to supply chain compromise incidents such as dependency confusion, typosquatting, and upstream repository attacks. This monitoring course teaches comprehensive detection and observability strategies for proactive security operations. Building on core knowledge, RCCE students will learn to instrument systems for security telemetry, build detection pipelines, configure alerting, and maintain monitoring coverage as environments evolve. Students gain the visibility and detection capabilities needed to catch threats early.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Supply chain security Monitoring and Detection
- Execute hands-on tasks for supply chain security
- Monitor and audit privilege usage; detect escalation attempts
- Explain Course Overview fundamentals
- Explain Supply Chain Foundations fundamentals — covering Software & hardware supply, Detection & Monitoring, Security telemetry pipelines.
- Monitor and audit privilege usage; detect escalation attempts, including Security telemetry pipelines.
- Build detections and response workflows for privilege escalation, including Compromise identification.
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for supply chain attack surface
- Execute hands-on tasks for source code
- Execute hands-on tasks for build systems
- Execute hands-on tasks for package repos
- Execute hands-on tasks for source code risks — covering Compromised developer, Build & Package Risks, Tampered CI/CD pipelines.
| Module 01 | Supply Chain Security |
| Module 02 | Monitoring and Detection |
| Module 03 | Course Overview |
| Module 04 | Supply Chain Foundations |
| Module 05 | Detection & Monitoring |
| Module 06 | Incident Response |
| Module 07 | Learning Objectives |
| Module 08 | Supply Chain Attack Surface |
| Module 09 | Source Code |
| Module 10 | Build Systems |
| Module 11 | Package Repos |
| Module 12 | Source Code Risks |
| Module 13 | Backdoored IDE plugins |
| Module 14 | Build & Package Risks |
All hands-on labs run on Rocheston Rose X OS. Students practice supply chain security monitoring and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for supply chain security
- Lab 2: Monitor and audit privilege usage; detect escalation attempts
- Lab 3: Explain Course Overview fundamentals
- Lab 4: Explain Supply Chain Foundations fundamentals
- Lab 5: Monitor and audit privilege usage; detect escalation attempts
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Supply chain security Monitoring and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI