Zero-Trust Approach to OT segmentation
RCCE students will learn network segmentation design and implementation including VLAN segmentation, micro-segmentation, zero trust network architecture, and segmentation testing. RCCE students will learn to design network segmentation architectures that limit lateral movement, implement VLANs, firewall zones, and software-defined segmentation, apply micro-segmentation to protect high-value assets, verify segmentation effectiveness through penetration testing, monitor inter-segment traffic for policy violations, troubleshoot segmentation-related connectivity issues, and maintain segmentation policies as organizational network architectures evolve across on-premises, cloud, and hybrid environments. This zero-trust course applies modern security principles including least privilege, continuous verification, and explicit trust evaluation. At an expert level, RCCE students will learn to implement zero-trust architectures that assume breach and verify every access request regardless of network location. Students build practical zero-trust implementations that align with organizational security modernization goals.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Zero-Trust Approach to OT segmentation
- Apply zero-trust principles to privilege decisions and elevation
- Explain Course Overview fundamentals
- Design a scalable privilege management architecture with policy and enforcement, including VLAN architecture for.
- Apply zero-trust principles to privilege decisions and elevation, including Least privilege.
- Execute hands-on tasks for testing & validation — covering Penetration testing.
- Execute hands-on tasks for operations → level 3.5
- Execute hands-on tasks for ot-specific constraints — covering Physical process (Level 0).
- Execute hands-on tasks for site operations (level 3) — covering Flat network topologies.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for verify explicitly — covering Authenticate every request.
- Implement least-privilege enforcement across endpoints and roles, including Just-in-time access grants.
- Execute hands-on tasks for assume breach — covering Minimize blast radius.
| Module 01 | Zero-Trust Approach to |
| Module 02 | Course Overview |
| Module 03 | Segmentation Design |
| Module 04 | Zero Trust Principles |
| Module 05 | Testing & Validation |
| Module 06 | Operations → Level 3.5 |
| Module 07 | OT-Specific Constraints |
| Module 08 | Site operations (Level 3) |
| Module 09 | Zero Trust Architecture Principles |
| Module 10 | Verify Explicitly |
| Module 11 | Least Privilege Access |
| Module 12 | Assume Breach |
| Module 13 | NIST SP 800-207 ZTA Reference Model |
| Module 14 | (User/Device) → |
All hands-on labs run on Rocheston Rose X OS. Students practice zero-trust approach to ot segmentation by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Apply zero-trust principles to privilege decisions and elevation
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Design a scalable privilege management architecture with policy and enforcement
- Lab 4: Apply zero-trust principles to privilege decisions and elevation
- Lab 5: Execute hands-on tasks for testing & validation
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Zero-Trust Approach to OT segmentation, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI