Telemetry strategy Hardening Workshop
RCCE students will learn security telemetry collection strategy including data source identification, collection architecture, telemetry pipeline design, and coverage assessment. RCCE students will learn to identify critical telemetry sources across endpoints, networks, cloud environments, and applications, design telemetry collection architectures that balance coverage with performance and cost, implement telemetry pipelines for data enrichment, normalization, and routing, assess telemetry coverage against detection requirements and MITRE ATT&CK, manage telemetry volume and storage costs, troubleshoot telemetry collection failures, and continuously optimize telemetry strategy as the organizational attack surface evolves. This hands-on hardening course focuses on reducing attack surface through practical configuration changes and security guardrails. At an expert level, RCCE students will learn to apply hardening baselines, validate configurations, and measure the security improvement achieved. Students walk away with actionable hardening checklists and the skills to maintain hardened configurations as environments evolve.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Telemetry strategy Hardening Workshop
- Monitor and audit privilege usage; detect escalation attempts
- Execute hands-on tasks for advanced cyber defense mastery
- Explain SECTION: Foundations fundamentals
- Explain Executive Overview fundamentals
- Execute hands-on tasks for visibility gap
- Execute hands-on tasks for strategic approach
- Execute hands-on tasks for hardening impact — covering Most SOCs collect <40% of needed, sources to detection goals, Reduce attack surface measurably.
- Execute hands-on tasks for core definitions
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for coverage assessment
| Module 01 | Telemetry Strategy Hardening Workshop |
| Module 02 | Advanced Cyber Defense Mastery |
| Module 03 | SECTION: Foundations |
| Module 04 | Executive Overview |
| Module 05 | Visibility Gap |
| Module 06 | Strategic Approach |
| Module 07 | Hardening Impact |
| Module 08 | Core Definitions |
| Module 09 | Security Telemetry |
| Module 10 | Collection Architecture |
| Module 11 | Telemetry Pipeline |
| Module 12 | Coverage Assessment |
| Module 13 | SECTION: Architecture & Components |
| Module 14 | Data Source Identification Framework |
All hands-on labs run on Rocheston Rose X OS. Students practice telemetry strategy hardening workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Monitor and audit privilege usage; detect escalation attempts
- Lab 2: Execute hands-on tasks for advanced cyber defense mastery
- Lab 3: Explain SECTION: Foundations fundamentals
- Lab 4: Explain Executive Overview fundamentals
- Lab 5: Execute hands-on tasks for visibility gap
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Telemetry strategy Hardening Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI