Supply chain for Beginners
RCCE students will learn software and hardware supply chain security including vendor risk assessment, third-party code analysis, dependency management, build pipeline integrity, and supply chain attack detection. RCCE students will learn to evaluate supply chain risks across software development lifecycles, implement software bill of materials (SBOM) practices, verify code signing and artifact integrity, detect compromised dependencies and malicious packages, configure dependency scanning in CI/CD pipelines, assess vendor security posture, and respond to supply chain compromise incidents such as dependency confusion, typosquatting, and upstream repository attacks. Designed for students with no prior experience in this area, this course builds knowledge from the ground up with clear explanations, guided demonstrations, and progressive skill-building. Starting from foundational concepts, RCCE students will learn core concepts through practical examples that connect theory to real-world security operations. By completion, students will have the foundational knowledge and hands-on confidence needed to contribute in professional cybersecurity roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Supply chain for Beginners
- Execute hands-on tasks for supply chain security
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn — covering Software and hardware supply chain risks.
- Execute hands-on tasks for course structure — covering 18 topic modules with labs.
- Execute hands-on tasks for raw materials
- Execute hands-on tasks for traditional supply chain — covering Physical goods from source to consumer.
- Execute hands-on tasks for digital supply chain — covering Software components, libraries, services.
- Execute hands-on tasks for software supply chain fundamentals
- Execute hands-on tasks for open source libraries — covering Community-maintained code packages, External services your app depends on.
- Execute hands-on tasks for third-party apis — covering Community-maintained code packages.
- Execute hands-on tasks for container images — covering IDEs, compilers, build systems.
- Execute hands-on tasks for software supply chain lifecycle
| Module 01 | Supply Chain Security |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Course Structure |
| Module 05 | Raw Materials |
| Module 06 | Traditional Supply Chain |
| Module 07 | Digital Supply Chain |
| Module 08 | Software Supply Chain Fundamentals |
| Module 09 | Open Source Libraries |
| Module 10 | Third-Party APIs |
| Module 11 | Container Images |
| Module 12 | Software Supply Chain Lifecycle |
| Module 13 | Source Code |
| Module 14 | Each Stage Has Risks |
All hands-on labs run on Rocheston Rose X OS. Students practice supply chain for beginners by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for supply chain security
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for course structure
- Lab 5: Execute hands-on tasks for raw materials
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Supply chain for Beginners, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI