Vendor risk Hardening Workshop
RCCE students will learn comprehensive vendor and third-party risk management covering vendor due diligence, ongoing monitoring, contract security clauses, and vendor incident coordination. RCCE students will learn to build vendor risk management programs from the ground up, assess vendor security posture through questionnaires, certifications, and independent testing, negotiate security requirements into vendor contracts, implement continuous vendor risk monitoring using security ratings and threat intelligence, manage fourth-party risk through supply chain mapping, respond to vendor security incidents, and maintain vendor risk registers that inform procurement and partnership decisions. This hands-on hardening course focuses on reducing attack surface through practical configuration changes and security guardrails. Starting from foundational concepts, RCCE students will learn to apply hardening baselines, validate configurations, and measure the security improvement achieved. Students walk away with actionable hardening checklists and the skills to maintain hardened configurations as environments evolve.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Vendor risk Hardening Workshop
- Execute hands-on tasks for vendor risk hardening workshop
- Execute hands-on tasks for comprehensive third-party risk management & security configuration
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for what is vendor risk management?
- Execute hands-on tasks for identify & assess
- Monitor and audit privilege usage; detect escalation attempts
- Execute hands-on tasks for respond & recover — covering Evaluate vendor security before, Continuously track vendor risk, Handle vendor incidents and.
- Execute hands-on tasks for vendor risk management lifecycle
- Execute hands-on tasks for 2. due diligence
- Execute hands-on tasks for regulatory & compliance drivers — covering Supply chain risk management, Information security for supplier, SOC 2 Type II.
- Execute hands-on tasks for vendor categories & risk tiers
- Execute hands-on tasks for risk tier
| Module 01 | Vendor Risk Hardening Workshop |
| Module 02 | Comprehensive Third-Party Risk Management & Security Configuration |
| Module 03 | Learning Objectives |
| Module 04 | What Is Vendor Risk Management? |
| Module 05 | Identify & Assess |
| Module 06 | Monitor & Control |
| Module 07 | Respond & Recover |
| Module 08 | Vendor Risk Management Lifecycle |
| Module 09 | 2. Due Diligence |
| Module 10 | Regulatory & Compliance Drivers |
| Module 11 | Vendor Categories & Risk Tiers |
| Module 12 | Risk Tier |
| Module 13 | Assessment Frequency |
| Module 14 | Example Vendors |
All hands-on labs run on Rocheston Rose X OS. Students practice vendor risk hardening workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for vendor risk hardening workshop
- Lab 2: Execute hands-on tasks for comprehensive third-party risk management & security configuration
- Lab 3: Execute hands-on tasks for learning objectives
- Lab 4: Execute hands-on tasks for what is vendor risk management?
- Lab 5: Execute hands-on tasks for identify & assess
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Vendor risk Hardening Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI