Supply chain Threats and Detection
RCCE students will learn software and hardware supply chain security including vendor risk assessment, third-party code analysis, dependency management, build pipeline integrity, and supply chain attack detection. RCCE students will learn to evaluate supply chain risks across software development lifecycles, implement software bill of materials (SBOM) practices, verify code signing and artifact integrity, detect compromised dependencies and malicious packages, configure dependency scanning in CI/CD pipelines, assess vendor security posture, and respond to supply chain compromise incidents such as dependency confusion, typosquatting, and upstream repository attacks. This threat-focused course teaches students to think like adversaries while building robust defenses. Building on core knowledge, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Supply chain Threats and Detection
- Build detections and response workflows for privilege escalation
- Explain Executive Overview fundamentals
- Execute hands-on tasks for why supply chain security matters
- Execute hands-on tasks for supply chain attack impact — covering Software supply chains span thousands of.
- Execute hands-on tasks for business risk
- Execute hands-on tasks for operational impact
- Execute hands-on tasks for compliance drivers — covering Revenue loss from breached, CI/CD pipeline compromise.
- Execute hands-on tasks for core definitions & key concepts
- Execute hands-on tasks for software supply chain
- Execute hands-on tasks for dependency confusion
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for hardware supply chain security
| Module 01 | Supply Chain Threats and Detection |
| Module 02 | Executive Overview |
| Module 03 | Why Supply Chain Security Matters |
| Module 04 | Supply Chain Attack Impact |
| Module 05 | Business Risk |
| Module 06 | Operational Impact |
| Module 07 | Compliance Drivers |
| Module 08 | Core Definitions & Key Concepts |
| Module 09 | Software Supply Chain |
| Module 10 | Dependency Confusion |
| Module 11 | Software Supply Chain Architecture |
| Module 12 | Hardware Supply Chain Security |
| Module 13 | Hardware Threat Vectors |
| Module 14 | Hardware Defense Controls |
All hands-on labs run on Rocheston Rose X OS. Students practice supply chain threats and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Build detections and response workflows for privilege escalation
- Lab 2: Explain Executive Overview fundamentals
- Lab 3: Execute hands-on tasks for why supply chain security matters
- Lab 4: Execute hands-on tasks for supply chain attack impact
- Lab 5: Execute hands-on tasks for business risk
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Supply chain Threats and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI