Vendor risk for Beginners
RCCE students will learn comprehensive vendor and third-party risk management covering vendor due diligence, ongoing monitoring, contract security clauses, and vendor incident coordination. RCCE students will learn to build vendor risk management programs from the ground up, assess vendor security posture through questionnaires, certifications, and independent testing, negotiate security requirements into vendor contracts, implement continuous vendor risk monitoring using security ratings and threat intelligence, manage fourth-party risk through supply chain mapping, respond to vendor security incidents, and maintain vendor risk registers that inform procurement and partnership decisions. Designed for students with no prior experience in this area, this course builds knowledge from the ground up with clear explanations, guided demonstrations, and progressive skill-building. Starting from foundational concepts, RCCE students will learn core concepts through practical examples that connect theory to real-world security operations. By completion, students will have the foundational knowledge and hands-on confidence needed to contribute in professional cybersecurity roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Vendor risk for Beginners
- Execute hands-on tasks for comprehensive third-party risk management
- Execute hands-on tasks for learning objectives
- Monitor and audit privilege usage; detect escalation attempts
- Execute hands-on tasks for respond & govern — covering vendor risk, Conduct vendor due diligence.
- Execute hands-on tasks for what is third-party risk? — covering Risk from any external entity with access.
- Execute hands-on tasks for key principle — covering You own the risk your vendors create.
- Execute hands-on tasks for why vendor risk matters
- Execute hands-on tasks for costlier than internal
- Execute hands-on tasks for avg breach cost
- Execute hands-on tasks for business impact
- Execute hands-on tasks for operational risks — covering Revenue loss from service.
- Execute hands-on tasks for third-party risk landscape
| Module 01 | Comprehensive Third-Party Risk Management |
| Module 02 | Learning Objectives |
| Module 03 | Assess & Monitor |
| Module 04 | Respond & Govern |
| Module 05 | What Is Third-Party Risk? |
| Module 06 | Key Principle |
| Module 07 | Why Vendor Risk Matters |
| Module 08 | Costlier Than Internal |
| Module 09 | Avg Breach Cost |
| Module 10 | Business Impact |
| Module 11 | Operational Risks |
| Module 12 | Third-Party Risk Landscape |
| Module 13 | Technology Vendors |
| Module 14 | Business Services |
All hands-on labs run on Rocheston Rose X OS. Students practice vendor risk for beginners by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for comprehensive third-party risk management
- Lab 2: Execute hands-on tasks for learning objectives
- Lab 3: Monitor and audit privilege usage; detect escalation attempts
- Lab 4: Execute hands-on tasks for respond & govern
- Lab 5: Execute hands-on tasks for what is third-party risk?
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Vendor risk for Beginners, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI